Since we support certificate chain, doing it in eap_tls_common.c becomes too complicated. To make things simpler, push the logic to tls_openssl.c and use keystore namespace instead.
We have to use PEM format for blob data and modify the ca_cert handling to support certificate chain for CA certificates. Since the original code can not support the CA chain from blob.
Since there could be some human readble help text in the PEM header, we need to refine our type checking to make it correct since tls_openssl can accept blob with DER format only. + The keystore blobs will be cleaned up for each tls connection.
Reimplement the retrievel of the cert/key data from keystore and use "blob://" to indicate the data is a blob, this will save us to touch the certificate handling part in tls_openssl.c. However, since the original cert handling is not complete for dealing with blob data. We have to convert the blob data to DER format if it is a PEM one.