Improve Client TLS Turn-Server Example, Update Usage Docs

[adrianosela]

Description

• Improves the client-tls-certificates example in examples/turn-server/tls-auth (removes the static username and password map, because it should rely on the certificate being trusted for authn).
• Updates link in the README which pointed to outdated usage of AuthHandler (prior to b019c69)
• Adds mTLS usage info to README

[adrianosela]

Small one for you @Sean-Der @rg0now. Planning on spending some time the coming weekend on a full end-to-end demo of a turn client and server where the client presents certs signed by a single trusted self-signed CA.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.74%. Comparing base (61a9a79) to head (31390fb).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #520      +/-   ##
==========================================
- Coverage   80.90%   80.74%   -0.17%     
==========================================
  Files          46       46              
  Lines        3017     3017              
==========================================
- Hits         2441     2436       -5     
- Misses        364      368       +4     
- Partials      212      213       +1     

Flag	Coverage Δ
go	80.74% <ø> (-0.17%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Sean-Der]

LGTM @adrianosela nice work! Mind just adding // nolint and then we can merge :)

[rg0now]

Ack on my part, thanks!

Just for the info: is this part of some sort of official/semi-official zero-trust TURN extension that I have missed? How do you plan to use this from clients? Should WebRTC clients/browsers just work given the right client TLS cert?

[adrianosela]

Ack on my part, thanks!

Just for the info: is this part of some sort of official/semi-official zero-trust TURN extension that I have missed? How do you plan to use this from clients? Should WebRTC clients/browsers just work given the right client TLS cert?

@rg0now

No. When I proposed adding client TLS auth support I was looking for an open source traffic relay I could use for a VPN-like product I work on, completely outside of the context of WebRTC. Among other limitations, username and password auth was a no-go for us.

In the end I ended up rolling a fully custom relay/protocol for WireGuard (UDP) over WebSockets. Its closed source unfortunately, so I can't share it.

[adrianosela]

LGTM @adrianosela nice work! Mind just adding // nolint and then we can merge :)

@Sean-Der

All done, rebased too.

[Sean-Der]

@adrianosela Would it be ok if I added you to the Pion org?

No real commitment/responsibility. Your code + design skills are top notch and would be helpful to have you involved :)

[Sean-Der]

It would just let you review/merge PRs and I could use the help!

[adrianosela]

Hey @Sean-Der, that sounds great. I've been using pion libraries for a long time and would be happy to help where I can.