http-binary-cache-store: Add 'ssl-cert' and 'ssl-key' settings

Those are set via the store's URI, e.g.:

    https://substituter.invalid?ssl-cert=/path/to/cert.pem&ssl-key=/path/to/key.pem

Author: ztzg

src/libstore/http-binary-cache-store.cc

@@ -152,11 +152,28 @@ class HttpBinaryCacheStore :
 
     FileTransferRequest makeRequest(const std::string & path)
     {
-        return FileTransferRequest(
-            hasPrefix(path, "https://") || hasPrefix(path, "http://") || hasPrefix(path, "file://")
+        bool absolute = hasPrefix(path, "https://") || hasPrefix(path, "http://") || hasPrefix(path, "file://");
+
+        FileTransferRequest request(
+            absolute
             ? path
             : config->cacheUri + "/" + path);
 
+        if (!absolute) {
+            Path sslCert = config->sslCert.get();
+            if (!sslCert.empty()) {
+                debug("configuring SSL client certificate '%s' for '%s'", sslCert, request.uri);
+                request.sslCert = sslCert;
+            }
+
+            Path sslKey = config->sslKey.get();
+            if (!sslKey.empty()) {
+                debug("configuring SSL client certificate key '%s' for '%s'", sslKey, request.uri);
+                request.sslKey = sslKey;
+            }
+        }
+
+        return request;
     }
 
     void getFile(const std::string & path, Sink & sink) override

src/libstore/include/nix/store/http-binary-cache-store.hh

@@ -13,6 +13,12 @@ struct HttpBinaryCacheStoreConfig : std::enable_shared_from_this<HttpBinaryCache
 
     Path cacheUri;
 
+    const Setting<std::string> sslCert{
+        this, "", "ssl-cert", "An optional SSL client certificate in PEM format; see CURLOPT_SSLCERT."};
+
+    const Setting<std::string> sslKey{
+        this, "", "ssl-key", "The SSL client certificate key in PEM format; see CURLOPT_SSLKEY."};
+
     static const std::string name()
     {
         return "HTTP Binary Cache Store";