bumptech
Add an option to also pass the PEM certificate presented by the client
In some scenarios, for example a SIP or XMPP server, it's interesting that such a server gets the certificate provided by the client (if it provides a TLS client certificate during the TLS handshake). Such a mechanism is usually used to trust and authorize the connection by validating the given certificate.
But when using Stud this is not possible since Stud ignores the client certificate. Of course I don't ask for Stud to validate the client certificate and pass the resulted validation information in some way. That should be the task of the backend server.
What I ask is for a new option (i.e.: --write-pem), so Stud writes to the backend the PEM certifcate(s) presented by the client. It would require some kind of parsing format, something like:
--------- TCP data sent by Stud to the backend when --write-proxy and --write-pem are enabled ------------- PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\n PEM_BYTES\r\n Here the PEM certificate(s) given by the client
Here the real data sent by the client
In this way the backend server can get, not just the source IP:port of the client, but also the public certificate presented by the client during the TLS handshake.
