tls_require_and_verify_client_cert should not require CA loaded into OS CA store

[paulcarlton]

Setting the option tls_require_and_verify_client_cert to true requires that the client cert you are using is signed by a CA present in the OS CA store. This seems unnecessary to me, I'd rather not have to update the OS CA store and would prefer to be able to use a certificate signed by the CA concatenated to the vault server certificate file. Would it be possible to implement this behaviour, possibly controlled by another configuration setting in the same listener section of the config file?

[jgalas-jc]

The parameter in configuration file (like tls_ca_file or tls_ca_path) would be nice.

[jefferai]

I'm adding this to the 0.7.4 milestone but it may slip; we'll try to get it in by 0.8. If an interested party wanted to work on this it'd be pretty simple.