TLS/SSL certificate verification

[hugbug]

NZBGet supports TLS/SSL for communication with news and web servers. Connections are encrypted but the implementation lacks an important step - server certificate verification. As a result the security is reduced, in particular undetectable Man-in-the-Middle attacks (MitM) are possible.

Further details can be found in discussion #332.

To improve security NZBGet should implement server certificate verification, including hostname validation.

NZBGet can be compiled with either OpenSSL or GnuTLS. Since these two libraries have different API the certificate verification in NZBGet requires two implementations.

Tasks:

• general certificate verification when compiling with OpenSSL;
• hostname verification when compiling with OpenSSL;
• general certificate verification when compiling with GnuTLS;
• hostname verification when compiling with GnuTLS;
• integrate root certificate store file into Windows installer;
• integrate root certificate store file into OSX installer;
• integrate root certificate store file into Linux/FreeBSD installer;
• optional: automatic refresh of root certificate store file during setup build;
• write wiki page about how to deal with verification errors.