add support for client certs

crates/trigger-http/Cargo.toml

@@ -20,7 +20,9 @@ http-body-util = { workspace = true }
 indexmap = "1"
 outbound-http = { path = "../outbound-http" }
 percent-encoding = "2"
-rustls-pemfile = "0.3.0"
+rustls = { version = "0.22.0" }
+rustls-pemfile = "2.1.2"
+rustls-pki-types = "1.7"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 spin-app = { path = "../app" }
@@ -33,13 +35,14 @@ spin-world = { path = "../world" }
 terminal = { path = "../terminal" }
 tls-listener = { version = "0.10.0", features = ["rustls"] }
 tokio = { version = "1.23", features = ["full"] }
-tokio-rustls = { version = "0.23.2" }
+tokio-rustls = { version = "0.25.0" }
 url = "2.4.1"
 tracing = { workspace = true }
 wasmtime = { workspace = true }
 wasmtime-wasi = { workspace = true }
 wasmtime-wasi-http = { workspace = true }
 wasi-common-preview1 = { workspace = true }
+webpki-roots = { version = "0.26.0" }
 
 [dev-dependencies]
 criterion = { version = "0.3.5", features = ["async_tokio"] }

crates/trigger-http/src/handler.rs

@@ -48,6 +48,14 @@ impl HttpExecutor for HttpHandlerExecutor {
 
         set_http_origin_from_request(&mut store, engine.clone(), self, &req);
 
+        // set the client tls options for the current component_id.
+        // The OutboundWasiHttpHandler in this file is only used
+        // when making http-request from a http-trigger component.
+        // The outbound http requests from other triggers such as Redis
+        // uses OutboundWasiHttpHandler defined in spin_core crate.
+        store.as_mut().data_mut().as_mut().client_tls_opts =
+            engine.get_client_tls_opts(component_id);
+
         let resp = match ty {
             HandlerType::Spin => {
                 Self::execute_spin(store, instance, base, route_match, req, client_addr)