Stud client mode

[EmericBr]

Add ssl client mode for bench or test purpose.

One commit modify FSM in normal (server) mode to prevent connection to backend in case of handshake failure.

What do you think about ?

[jamwt]

Huh.. so idea is you act as a forward proxy for an http client talking in the clear? Interesting...

[jamwt]

(s/http client/any client really)

[ibc]

I would be very interested in "reverse" Stud, this is:

• Stud receives a TCP connection with a leading line indicating the TLS destination address (ipv4/ipv6:IP:port).
• Stud makes a new TLS connection to that address (or reuses an existing connection if already exists).
• Stud must be able to present a TLS client certificate.
• Once the TLS connection is done, Stud sends the TLS certificate chain (in PEM format) got from the server to the TCP client (using some new protocol), so the TCP client can validate it and react.

Perhaps too complex for the original purpose of Stud :)

[EmericBr]

In your shema client certificate presented by stud is configured on stud or passed to stud by the client in "specific" certificate?

The last point need advanced dev and hard to do on my free time.

[EmericBr]

Is it for an HTTP service ? i think it is more clean to store destination ip and returned PEM certificate into an http headers.

[ibc]

My vision is that Stud is configured with the TLS client certificate, remote certificate validation options and so.

In my case it's not for HTTP.