Allow users to configure ClientAuthType for the Client s2n_tls endpoint

[toidiu]

Problem:

Currently s2n-quic exposes two functions (one for client and one for server) to configure mTLS on a s2n-tls connection:

• client/with_client_identity
• server/with_client_authentication

These both set the auth_type for mTLS to ClientAuthType::Required. Take a look at the section below for server/client behavior depending on the auth_type.

s2n-tls connection behavior based on auth type

A s2n connection will enforce handshake authentication differently based on the auth type set.

• server:

  • None -> doesnt request cert
  • Required -> requests cert, client must provide a valid cert
  • Optional -> requests cert, client doesnt have to provide a cert but if it does then it must be valid

• client:

  • None -> doesnt send cert
  • Required -> expect TLS_CERT_REQ msg and sends cert
  • Optional -> change behavior depending on if it recieves TLS_CERT_REQ from server. Will send cert if it recieves TLS_CERT_REQ

Solution:

• Expose two new APIs which allow customers to set custom ClientAuthType for client and server.
• Since we need to maintain the existing behavior of server/with_client_authentication and client/with_client_identity, the new APIs should work regardless of when they are called (before or after these functions). This probably means we need to track some additional state on the builder.

[architec]

Hi @toidiu, I can work on this issue. Can you please assign it to me?