Enable the extraction of the client’s TLS certificate (specifically the Common Name (CN) or Subject Alternative Name (SAN)) at the rmqtt-net (network/socket) layer, and use this information to initialize the MQTT context (v3 or v5) with a known username. This is particularly important for certificate-based authentication and identity mapping, especially since the current ConnectInfo and Session structs in the plugin API do not expose TLS context or certificate details or I might be missing something.

I think this enables plugins and authentication logic to reliably use certificate-derived identities.

It would be great to hear if there is a work-around in that case.