Optionally verifying the ClientHello sent on wire

[gaukas]

Implement an optional feature which, when enabled, will:

• Capture the bytes of ClientHello sent on wire
• Compare it with the desired ClientHelloMessage
• Throw error and tear down connection if didn't match

This may help us in preventing unintended behaviors of malfunctioning extensions in uTLS.

---

Original Post: net4people/bbs#139 (comment) by @klzgrad

[klzgrad]

This is meant to prevent accidental leakage of unmodified Go fingerprints as reported in net4people/bbs#139. The check must be as close to the wire as possible and can check for known wrong fingerprints e.g. default Go fingerprints.

But the action should be determined after reproducing the original bug. If the bug turns out to be caused by incorrect configuration or bugs within uTLS, the check can catch it. If the problematic code path is caused by external factors that make uTLS entirely unused then I don't think this would help.