use correct boring methods for client mTLS

rama-tls/src/boring/client/connector_data.rs

@@ -113,9 +113,21 @@ impl ConnectConfigurationInput {
             cfg_builder
                 .set_private_key(auth.private_key.as_ref())
                 .context("build (boring) ssl connector: set private key")?;
-            for cert in &auth.cert_chain {
+            if auth.cert_chain.is_empty() {
+                return Err(OpaqueError::from_display(
+                    "build (boring) ssl connector: cert chain is empty",
+                ));
+            }
+            cfg_builder
+                .set_certificate(
+                    auth.cert_chain
+                        .first()
+                        .context("build (boring) ssl connector: get primary client cert")?,
+                )
+                .context("build (boring) ssl connector: add primary client cert")?;
+            for cert in &auth.cert_chain[1..] {
                 cfg_builder
-                    .add_client_ca(cert)
+                    .add_extra_chain_cert(cert.clone())
                     .context("build (boring) ssl connector: set client cert")?;
             }
         }

rama-tls/src/boring/server/service.rs

@@ -152,7 +152,7 @@ where
             trace!("tls boring server service: set alpn protos callback");
             acceptor_builder.set_alpn_select_callback(
                 move |_: &mut SslRef, client_alpns: &[u8]| {
-                    let mut reader = std::io::Cursor::new(&client_alpns[..]);
+                    let mut reader = std::io::Cursor::new(client_alpns);
                     loop {
                         let n = reader.position() as usize;
                         match ApplicationProtocol::decode_wire_format(&mut reader) {