feat(transport): add mTLS for Kafka

[lspgn]

Adds TLS configuration for client certificate.
Closes #363

[coredump17]

hi @lspgn, can we have an option to add server CA to trust also. getting error="kafka: client has run out of available brokers to talk to: tls: failed to verify certificate: x509: certificate signed by unknown authority for kafka transport" when trying to test.

[lspgn]

Try now

[coredump17]

@lspgn
level=ERROR msg="error transporter" error="error reading server CA: read truststore.crt: file already closed for kafka transport"

[lspgn]

Ah sorry, misplaced a statement and didn't have the proper test bed. Could you retry now?

[coredump17]

Hi @lspgn, thanks for your help on this. I am failing to load a CA cert. I have tried a few different ones, in PEM format but keep getting this error: =ERROR msg="error transporter" error="error parsing server CA: x509: malformed certificate for kafka transport". This truststore works fine with pmacct so believe the file is good.

[lspgn]

Will have a look. Might be due to the PEM encoding. Would you be able to try directly in a DER binary format?

[lspgn]

This should be fixed. It was indeed missing pem decoding.

Made a test TLS server for me to test:

socat OPENSSL-LISTEN:9093,cert=cert.crt,key=privkey.pem,verify=0,fork STDIO

[coredump17]

Will have a look. Might be due to the PEM encoding. Would you be able to try directly in a DER binary format?

yes, DER works ;).

[coredump17]

i can confirm PEM now works with your new amendment. thanks a lot!