Split SslContextFactory into Client and Server

[sbordet]

Following discussion on #3454 (comment), the proposal is to add 2 subclasses of SslContextFactory, namely SslContextFactory.Client and SslContextFactory.Server and each subclass overrides both the default configuration and the warning it emits.

Currently there is only one set of defaults, and it's not possible to configure them in a way that work well for both client and server.

For example, the default is endpointIdentificationAlgorithm="HTTPS" which is good for the client. However, when using client certificate authentication on the server, this default setting is not good and needs to be changed to null, but null emits a warning at server startup which is not ideal and may confuse people.

@gregw thoughts?

[joakime]

almost think having a mode (CLIENT | SERVER) on SslContextFactory makes more sense.
the rest of the configuration is fine, its just the combination of client certificates being used when connecting to a server that messes things up with regards to endpointIdentificationAlgorithm.

or what about a SslContextFactory clientSsl = scf.toClient() and SslContextFactory serverSsl = scf.toServer() that handles the client vs server specifics, but still allows for single configuration location for common things like the keystore/truststore setup?

[joakime]

Meh, mode and toClient/toServer wouldn't help address the warnings tho.

[sbordet]

@joakime exactly, hence the idea of subclassing to make the behavior overridable.

[gregw]

What behaviour for current users that are using the class directly?

[sbordet]

@gregw the current behavior.

[joakime]

Opened PR #3480

[joakime]

Merged, closing issue.