libnetapi: Adapt to OpenSSL 1.1 API changes.

Surprisingly easy: X509 was made opaque, and SSL_CTX_set_ecdh_auto
was removed (it is now the default internally.)

BHttpRequest: add SSL certificate exception management.

When an HTTPS request uses an SSL certificate that OpenSSL considers
untrusted, and the user decides to continue anyway, add the certificate
to an exception list. Match certificates against this list and don't ask
the user again if they are already there.

Fixes #12004. Thanks to markh for the initial patch and peeking into the
WebKit code!

BCertificate: build fix.

BCertificate: fixup the API

* Add an operator== and a copy constructor
* Make the getters const so they are easier to use

Add more features in BCertificate class

* Make it possible to extract more useful data from the certificate
* Also get the OpenSSL error message when a certificate can't be
validated. Send it to the verification failure callback so it can be
shown to the user.

BCertificate: fix parsing of date and name.

More noSSL build fixes.

Fix time_t/bigtime_t mixup.

Thanks stippi for noticing!

More style fixes.

Style fixes, build fix with OpenSSL disabled.

SecureSocket: add some certificate support

* Instead of creating an OpenSSL context ofor each socket, use a global
one and initialize it lazily when the first SecureSocket is created
* Load the certificates from our certificate list so SSL certificates
sent by servers can be validated.
* Add a callback for signalling that certificate validation failed, the
default implementation proceeds with the connection anyway (to keep the
old behavior).
* Introduce BCertificate class, that provides some information about a
certificate. Currently it's only used by the callback mentionned above,
but it will be possible to get the leaf certificate for the connection
after it's established.

Review of the API and implementation is welcome, before I start making
use of this in HttpRequest and WebKit to allow the user to accept new
certificates.

Add more features in BCertificate class

* Make it possible to extract more useful data from the certificate
* Also get the OpenSSL error message when a certificate can't be
validated. Send it to the verification failure callback so it can be
shown to the user.

BCertificate: fix parsing of date and name.

More noSSL build fixes.

Fix time_t/bigtime_t mixup.

Thanks stippi for noticing!

More style fixes.

Style fixes, build fix with OpenSSL disabled.

SecureSocket: add some certificate support

* Instead of creating an OpenSSL context ofor each socket, use a global
one and initialize it lazily when the first SecureSocket is created
* Load the certificates from our certificate list so SSL certificates
sent by servers can be validated.
* Add a callback for signalling that certificate validation failed, the
default implementation proceeds with the connection anyway (to keep the
old behavior).
* Introduce BCertificate class, that provides some information about a
certificate. Currently it's only used by the callback mentionned above,
but it will be possible to get the leaf certificate for the connection
after it's established.

Review of the API and implementation is welcome, before I start making
use of this in HttpRequest and WebKit to allow the user to accept new
certificates.