enforcing TLS certificates for replication

[Ian Batten]

With my private network hat on, I have a requirement to secure  
replication.  I have one machine in a data centre which runs 2.3.13 on  
Solaris 10.  I've recently brought up an Open Solaris machine at home,  
similarly running 2.3.13, with a static IP number and an appropriate  
hole in the firewall to run replication.  Which is all good, but I'm  
not at all sure how good my ISP is at preventing Bad People from mis- 
using IP numbers, so I'd like to require the sync_server to offer a  
certificate to prove its good will to the sync_client.  I assume I can  
do it, but what are the options?

ian