[TlsInterception] Bypass interception for upstreams we are unable to intercept

[abhinavsingh]

Several clients throw TLSV1_ALERT_UNKNOWN_CA alert. Example:

• cloudresourcemanager.googleapis.com

Several clients throw ssl.SSLEOFError EOF occurred in violation of protocol (_ssl.c:997) alert. Example:

• gateway.icloud.com
• gs-loc.apple.com
• p25-content.icloud.com
• p57-content.icloud.com

Proxy should be able to auto-detect (which it already does when handling exceptions) such scenarios and bypass interception for such upstream endpoints.

[abhinavsingh]

We must also inspect the diff between upstream vs generated certificate. We must try to copy as much information as possible in generated certificates. E.g. list of all common names.