Telegraf: Add support for client certificate validation to x509_cert input plugin

Feature Request (possibly Bug Report)

Add support for client certificate validation to x509_cert input plugin

Current behavior:

For a certificate with only TLS Web Client Authentication key usage and no TLS Web Server Authentication, the plugin outputs verification=invalid and verification_error="x509: certificate specifies an incompatible key usage.

For the same certificate, with the following extensions, openssl verify outputs OK

        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                4F:97:3B:EE:D4:1A:F5:34:3E:3D:9B:E0:8E:D0:22:61:6B:CC:5E:E0
            X509v3 Authority Key Identifier:
                keyid:3C:88:FB:67:50:81:F4:6A:FD:71:31:0A:98:42:B2:68:90:EE:B3:04

            X509v3 Subject Alternative Name:
                DNS:some.client.server.name.com

Desired behavior:

Valid TLS Web Client Authentication certificates without TLS Web Server Authentication should be identified as valid.

Use case:

My Telegraf agents output to Kafka using TLS client certificates for authentication. I'd like to monitor the client certificates and alert when they near expiration. It works in the current version of Telegraf (1.14), but includes a message that they're invalid, when they are not.

For reference, these certificates were generated by CFSSL with the following _usage_

      "client": {
        "usages": [
          "signing",
          "key encipherment",
          "client auth"
        ],