Feature Request: eager-tls connection for MITM proxy requests #771
Description
The idea is to provide an example and make it easier to do the following scenario when building a MITM proxy with rama:
Client Proxy Server
-----------------------------------------------------------------------------------
| | |
1. proxy L4/HTTP connect ---> | |
| | <--------------------> 2. L4 + TLS handshakes
| | |
| <--- 3. TLS handshake (cert+tls cfg based on egress) |
| | |
| <---------------------- 4+. L7 MITM ------------------------> |
Utilities required:
A. Create Certificate based on Existing Certificate
Not sure where this is best created @soundofspace ? Rama-crypto? Or better rama-tls-boring (+ rama-tls-rustls?).
I would think this is not tls backend specific and perhaps we can already start ensuring all certificate stuff can be done from
within a single implementaton given we anyway go towards encoded PEM/DER for usage.
That said I've been thinking that it is a bit silly that we do that as it means that each time we handshake we need to
decode PEM/DER.... Which is a bit silly. That said I do recall that not all these types were cloneable and so perhaps
the intermediate form helps with this.
B. 2-step egress connector
Not sure if we really need to do something here other than just showing how you might want to create a TLS connector,
to establish connections and only once you receive a connection use that connection directly with an HTTP (backend) client
consuming the existing connection. I suppose that would be for non-pooled connections as pooled connections already have HTTP
and for those you would just need to ensure that the required info is available in the (pooled) extensions of that HTTPS connection.
Again not sure how much actual feature work is required here, or if it's more a matter of showcasing this in an example.
C. MITM Eager-Egress MITM Proxy Example
Add an example showcasing the scenario above and ensuring we test it carefully.