HTTP/2 connections ignore proxy TLS config

[andsens]

Especially relevant for mTLS connections.
In

goproxy/https.go

Line 349 in 29d1550

tr := H2Transport{reader, rawClientTls, tlsConfig.Clone(), host}

That tlsConfig.Clone() is wrong. It's the server TLS config, instead it should be whatever the user has configured on the proxy context:

diff --git a/https.go b/https.go
index bcf72932..0761cabb 100644
--- a/https.go
+++ b/https.go
@@ -346,7 +346,7 @@ func (proxy *ProxyHttpServer) handleHttps(w http.ResponseWriter, r *http.Request
 								ctx.Warnf("HTTP2 connection failed: disallowed")
 								return false
 							}
-							tr := H2Transport{reader, rawClientTls, tlsConfig.Clone(), host}
+							tr := H2Transport{reader, rawClientTls, ctx.Proxy.Tr.TLSClientConfig.Clone(), host}
 							if _, err := tr.RoundTrip(req); err != nil {
 								ctx.Warnf("HTTP2 connection failed: %v", err)
 							} else {

Though I don't believe that it's a perfect fix, that whole config can be nil, right? I'm unsure what the correct fallback would be.