Add TLS infos to ClientAuth interface

It makes it possible to implement a Auth that uses client TLS certificates
to identify them.

server/auth.go

@@ -2,6 +2,10 @@
 
 package server
 
+import (
+	"crypto/tls"
+)
+
 // Auth is an interface for implementing authentication
 type Auth interface {
 	// Check if a client is authorized to connect
@@ -12,6 +16,8 @@ type Auth interface {
 type ClientAuth interface {
 	// Get options associated with a client
 	GetOpts() *clientOpts
+	// If TLS is enabled, TLS ConnectionState, nil otherwise
+	GetTLSConnectionState() *tls.ConnectionState
 	// Optionally map a user after auth.
 	RegisterUser(*User)
 }

server/client.go

@@ -4,6 +4,7 @@ package server
 
 import (
 	"bufio"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"math/rand"
@@ -146,6 +147,15 @@ func (c *client) GetOpts() *clientOpts {
 	return &c.opts
 }
 
+func (c *client) GetTLSConnectionState() *tls.ConnectionState {
+	tc, ok := c.nc.(*tls.Conn)
+	if !ok {
+		return nil
+	}
+	state := tc.ConnectionState()
+	return &state
+}
+
 type subscription struct {
 	client  *client
 	subject []byte