Make it possible to set SSL verify mode

[stanhu]

If no SSL certificates are provided, many Redis clients default to
disabling SSL peer verification. Previously it was a bit cumbersome to
configure this because the client would either have to reimplement
redisCreateSSLContext() or reach into the internals to set the
OpenSSL verify mode.

We can improve the SSL API by introducing a
redisCreateSSLContextWithOptions() call that takes into structured
parameters for SSL initialization. This structure contains a verify
mode that is used to set the OpenSSL verify mode.

Relates to #646

[michael-grunder]

I'm not opposed to this in principle, as it does provide quite a bit of convenience.

Presently there's quite a bit of boilerplate involved when you're just testing a TLS connection and you don't want/have peer verification.

That said, if we do add a simple options struct, perhaps we should also incorporate other simple options, such as one that would call SSL_CTX_set_default_verify_paths?

@yossigo let me know if you have any thoughts.

[yossigo]

@michael-grunder I'm not against that either, but slightly concerned about not ending up wrapping too much of OpenSSL. Ideally, we should be able to draw a line and define what capabilities we provide for convenience and what is out of scope and requires users to handle their OpenSSL context.

[stanhu]

Another alternative would be to access the SSL_CTX pointer by exporting the redisSSLContext structure.

[yossigo]

@stanhu There's already redisInitiateSSL() for those folks who are willing to use OpenSSL directly, what would be the benefit of also exposing SSL_CTX from redisSSLContext?

[stanhu]

@yossigo redisCreateSSLContext() does a fair amount of work to set up the SSL paths. Callers would essentially have to duplicate that code if they want to use redisInitializeSSL().

[michael-grunder]

If you don't mind making the aesthetic change, I will get this merged and we can determine later if we want to extend the options at all.