tls: fix certificate matching when reusing connections

The SSL_CTX pointers may not be equal for the same SSL pointer (connection)
after the rework that changed the storage of the context to be
per-process. The tls_domain saved in the SSL extra storage will now be
used for matching the certificates instead.

(cherry picked from commit 5821702)

modules/proto_tls/proto_tls.c

@@ -455,7 +455,7 @@ static int proto_tls_send(struct socket_info* send_sock,
 		port=su_getport(to);
 		dom = (cert_check_on_conn_reusage==0)?
 			NULL : tls_mgm_api.find_client_domain( &ip, port);
-		n = tcp_conn_get(id, &ip, port, PROTO_TLS, dom?dom->ctx:NULL, &c, &fd);
+		n = tcp_conn_get(id, &ip, port, PROTO_TLS, dom, &c, &fd);
 		if (dom)
 			tls_mgm_api.release_domain(dom);
 	}else if (id){

modules/proto_wss/proto_wss.c

@@ -380,7 +380,7 @@ static int proto_wss_send(struct socket_info* send_sock,
 		port=su_getport(to);
 		dom = (cert_check_on_conn_reusage==0)?
 			NULL : tls_mgm_api.find_client_domain( &ip, port);
-		n = tcp_conn_get(id, &ip, port, PROTO_WSS, dom?dom->ctx:NULL, &c, &fd);
+		n = tcp_conn_get(id, &ip, port, PROTO_WSS, dom, &c, &fd);
 		if (dom)
 			tls_mgm_api.release_domain(dom);
 	}else if (id){

modules/tls_mgm/tls_conn_ops.h

@@ -296,7 +296,7 @@ static int tls_read(struct tcp_connection * c,struct tcp_req *r)
 static int tls_conn_extra_match(struct tcp_connection *c, void *id)
 {
 	if ( (c->flags&F_CONN_ACCEPTED) ||
-	(SSL_get_SSL_CTX((SSL*)c->extra_data) == id) )
+	(SSL_get_ex_data(c->extra_data, SSL_EX_DOM_IDX) == id) )
 		return 1; /*true*/
 
 	return 0; /*false*/