Add support for mTLS

[mg-dd]

This PR fixes two issues:

#194
#234

The background is that the TLS connection established by the proxy agents do not add the required parameters for mTLS / self-signed CAs. This PR adds a way to provide these parameters. The general approach was taken from the feedback from this PR: https://github.com/TooTallNate/proxy-agents/pull/195/files

ptal @TooTallNate

[changeset-bot]

🦋 Changeset detected

Latest commit: 041a7c5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
https-proxy-agent	Minor
socks-proxy-agent	Minor
agent-base	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
proxy-agents	✅ Ready (Inspect)	Visit Preview	Sep 4, 2023 9:13am

[TooTallNate]

Great looking PR! Thank you so much. I have some feedback, but once that's addressed I'll be happy to merge this.

[TooTallNate]

Seems weird to me that socket is optional. Also, let's make it the first parameter:

Suggested change

	servername: string | undefined,
	opts: tls.ConnectionOptions,
	socket?: net.Socket,
	socket: net.Socket,
	servername: string | undefined,
	opts: tls.ConnectionOptions,

[mg-dd]

The reason it was optional was that pac-proxy-agent calls tls.connect without providing a socket. I've made your suggested changes and reverted the changes to pac-proxy-agent for now. Let me know how you would like to proceed in that regard.

[TooTallNate]

I see. How about if we do something like this in pac-proxy-agent?

	socket = net.connect(opts);
	
	if (secureEndpoint) {
		const servername = opts.servername || opts.host;
		socket = this.upgradeSocketToTls(
			socket,
			servername,
			opts
		);
	}

[tmisirpash]

@mg-dd Did this piece of feedback get addressed? I don't see any change in pac-proxy-agent so it looks like this still needs to be done?

[patrickheeney]

@mg-dd Great PR! I need something similar, do you need any help pushing this over the finish line?

[mg-dd]

@TooTallNate this is ready for another look. The only open question is how you would like to handle the TLS connection in pac-proxy-agent.

[brunobastosg]

Hi, any news on this? I also need this feature.

[amirbilu]

Any news on this?

[cptRaclette]

@TooTallNate: Would love to see this feature in the proxy agents. Is there anything left to do?

[ErwanRaulo]

HI, any update about this PR ? 💯

[marcchambon]

Thank you soo much for maintaining this awesome project !
Any news ?

[sibelius]

can we move forward on this?

what is missing?

[pebie]

Thank you for this PR !
@TooTallNate Any news about moving forward ?

🙏 🙏

[sibelius]

we are using a patch of this pull request in production and it is working well

[NasGldn]

Hello, is there news about this ? We need it ! :) @TooTallNate

[szubster]

Any plans to get it merged?

[marcotranchino]

This would be really helpful.

[FewKinG]

I am working in a scenario where we have to do mTLS through an outgoing (corporate) tunneling proxy.
This is kind of an exotic setup, I know, but freaking no proxy/agent implementation I can find (and that seems to be reasonably maintained) properly supports this.

This library with this PR is exactly what I need and it works! I applied the changes from this PR locally to test and verify. For now I will therefore use my custom copy with this patch to make it work. It seems like the author has addressed the issues with pac-proxy-agent at least in some way, could you please have another look, I would really love to use the "official" version of this as soon as this is merged.

Thank you!