Implements missing HTTPS proxy functionality

[seans3]

What type of PR is this? (check all applicable)

• Feature

Description

• Implements missing HTTPS Proxy functionality.
• Adds client/proxy/server unit tests.

Related Tickets & Documents

• Closes [feature] Support for proxying websocket through https proxy #739
• Closes Is https not supported?  #794

Added/updated tests?

• Yes

Run verifications and test

• Previous Unit Test Coverage: 83.6%
• Current Unit Test Coverage: 84.2%

$ go test -race -cover
PASS
coverage: 84.2% of statements
ok  	github.com/gorilla/websocket	4.103s

[seans3]

/cc @adrianosela

[seans3]

/assign @liggitt
/assign @aojea

[adrianosela]

Thanks for this @seans3 🚀

[aojea]

IIUIC the same certificate is used for both the proxy and the backend, don't we need to handle the case when both are different? what happens if the proxy requires a different certificate than the backend?

EDIT

I see, the TLSConfig can be used for that, also @seans3 sent me this https://github.com/adrianosela/https-proxy/tree/main?tab=readme-ov-file#https-proxy

[seans3]

IIUIC the same certificate is used for both the proxy and the backend, don't we need to handle the case when both are different? what happens if the proxy requires a different certificate than the backend?

The client is responsible for configuring the root CA certificates. The client TLS config contains a cert pool, which can contain multiple root CA certificates. So for TLS to the proxy and the upstream, the TLS config root CA cert pool must contain CA's which have signed both the proxy and the upstream.

[134130]

This PR also closes #950

[AlexVulaj]

Thanks for the PR @seans3 , this looks good to me!

[seans3]

@AlexVulaj Thanks for the prompt review. Would it be appropriate to cut the next v1.5.4 release? Again, thanks :)

[liggitt]

probably want to merge the follow-up #982 to deflake the unit test before cutting a tag