Allow for using the raw OpenSSL verify callback

[Lukasa]

PyOpenSSL has the ability to set the verify callback, but it tries to be all 'helpful' and 'user friendly' and all that hippy crap, so it hides the terrible OpenSSL nonsense from me.

Sadly, for urllib3/urllib3#607 I need access to the X509_STORE_CTX that PyOpenSSL is hiding. This patch allows me to set a different verify callback that does that.

This is only a proposed API, I'm not wedded to it at all, so feedback on the API and naming is totally welcomed.

[coveralls]

Coverage increased (+0.01%) to 95.32% when pulling bd58db9 on Lukasa:cert_verify into e9ae673 on pyca:master.

[hynek]

I recall running into the problems from this “helpfulness” too once. But why explicit? Sounds more like “raw” or something? (please don’t fix yet ;))

[Lukasa]

👍 Explicit is definitely a bad name, but I honestly couldn't think of a better one. Raw might work, but I'll happily take suggestions.

[hynek]

I think this would be a good thing to add in general. So unless @alex or @reaperhulk see anything questionable, I’d say to go forward, rename it to raw and make sure it shows up in the docs + changelog.

[Lukasa]

@hynek I think I've updated this to do what you wanted, let me know if you want further changes. =)

[coveralls]

Coverage decreased (-0.08%) to 95.04% when pulling 673803e on Lukasa:cert_verify into e9ae673 on pyca:master.

[hynek]

Sorry lost track of this. Would you mind bringing it up to shape or do you now care anymore?

[reaperhulk]

Going to go ahead and close this due to inactivity. We can always reopen later.