*: added client-{client,key}-file parameters for supporting separate client and server certs when communicating between peers

In some environments, the CA is not able to sign certificates with both
'client auth' and 'server auth' extended usage parameters and so an operator
needs to be able to set a seperate client certificate to use when making
requests which is different to the certificate used for accepting requests.
This applies to both proxy and etcd member mode and is available as both a CLI
 flag and config file field for peer TLS.

Signed-off-by: Ben Meier <ben.meier@oracle.com>

server/embed/config.go

@@ -368,11 +368,13 @@ type configJSON struct {
 }
 
 type securityConfig struct {
-	CertFile      string `json:"cert-file"`
-	KeyFile       string `json:"key-file"`
-	CertAuth      bool   `json:"client-cert-auth"`
-	TrustedCAFile string `json:"trusted-ca-file"`
-	AutoTLS       bool   `json:"auto-tls"`
+	CertFile       string `json:"cert-file"`
+	KeyFile        string `json:"key-file"`
+	ClientCertFile string `json:"client-cert-file"`
+	ClientKeyFile  string `json:"client-key-file"`
+	CertAuth       bool   `json:"client-cert-auth"`
+	TrustedCAFile  string `json:"trusted-ca-file"`
+	AutoTLS        bool   `json:"auto-tls"`
 }
 
 // NewConfig creates a new Config populated with default values.
@@ -523,6 +525,8 @@ func (cfg *configYAML) configFromFile(path string) error {
 	copySecurityDetails := func(tls *transport.TLSInfo, ysc *securityConfig) {
 		tls.CertFile = ysc.CertFile
 		tls.KeyFile = ysc.KeyFile
+		tls.ClientCertFile = ysc.ClientCertFile
+		tls.ClientKeyFile = ysc.ClientKeyFile
 		tls.ClientCertAuth = ysc.CertAuth
 		tls.TrustedCAFile = ysc.TrustedCAFile
 	}