SSL client certificate support

[dnadlinger]

I needed support for SSL client certificates in my server application, so here is an initial patch. The host name/IP address verification/documentation issue is not tackled by this patch yet, as I don't really need it in my application.

[s-ludwig]

I'll add the full verification bit by bit. It's possible that the verifyPeer property will be replaced in the process by some kind of user callback (at least that was my initial idea, but I don't yet have a full overview of the problem domain).

[dnadlinger]

@s-ludwig: Yep. A snippet from the related code in Thrift: https://gist.github.com/klickverbot/8544161 (this is run after the handshake has been completed, so I think the first few calls should never fail, but better be safe…). The access manger allows the user to customize the verification behavior. However, the interface only exposes the host name; for vibe.d, you might want to offer more options.

[dnadlinger]

@s-ludwig: (Also note that SSL_CTX_set_verify optionally takes a callback parameter which can be used to directly hook the customized verification process into the SSL handshake procedure. The interface is rather clunky though, so Thrift just runs the checks after the connection has been established, which might not be optimal.)

[s-ludwig]

Just to remember: I've started a branch a while ago, which should be more or less done apart from the API: https://github.com/rejectedsoftware/vibe.d/commits/sslverify

I've postponed the host name verification until after the initial handshake for now, because getting the immediate certificate seems to be a bit awkward from within the validation callback and would need some careful verification.