The mbedTLS / OpenSSL wrapper spins for the duration of the
handshake, which is a slow 31ms on my x86_64 box (by comparison
it's ~1ms on actual OpenSSL on the same box).
This doesn't change the 31ms but it stops us spinning during the
accept and has us retry on POLLIN instead like OpenSSL.
Note this also fixes the endemic mismatches in returncode
between mbedTLS and OpenSSL semantics...
This adds the necessary OpenSSL Apis to the mbedTLS openssl wrapper
to allow ALPN negotiation OpenSSL-style.
The OpenSSL upgrade list format is supported and converted to mbedtls
format at runtime.
This defines the OpenSSL X509_CHECK_FLAG_...s and the set/clear
accessors. Since none of them are supported, the set / clear
accessor always does nothing and returns error.
This adds the standard OpenSSL api to get a pointer to the SSL struct's
X509_VERIFY_PARAM. We need this for the OpenSSL api to set the peer
hostname introduced in the next patch.
