Feature Request: Add Server-Side Client Certificate Authentication (mTLS) Support

[hauges]

Description

Kwik currently supports TLS 1.3 for QUIC connections but does not appear to offer server-side client certificate verification (mTLS).

Proposed Enhancement

Add the ability for the QUIC server to request and verify a client certificate during the TLS 1.3 handshake.

References

https://www.rfc-editor.org/rfc/rfc8446#section-4.3.2
https://www.rfc-editor.org/rfc/rfc8446#section-4.4.2

[ptrd]

First, you are right: Kwik server does not yet support client authentication.
Also, I agree adding this would be a good idea.
However, it will be quite some work to include this properly and securely (making a happy path POC won't take too long I guess, but only then the real work starts) and i'm not sure when I can find time to implement this.

Cheers,
Peter