Currently, we pass in the transientSSLParams for x509 when calling connect(). This allows us to connect and authenticate successfully, but at this time we are not able to reauthenticate after automatic DBClient reconnects here. We already have provisions for doing something similar with keyauth here, so hopefully we can leverage some of that functionality.
Ideally, this should all be handled internally in DBClient itself. We need information from the recipient service to reauthenticate, but perhaps that can be done cleanly via storing a lambda.