Added SSL to capture (enabled with -DWITHSSL)
To tip (or tiptunnel on a normal acl,) capture behaves the same. However, if a client connects and presents "USESSL" as the first six characters of their connection key, both sides initiate SSL negotiation. The server then attempts to get the key again. The second one is used for the check. SSL initialization is done on the first attempt by a client to connect via SSL. Capture assumes $(prefix)/etc/capture/cert.pem contains its certificate unless the '-c <certfile>' option is used.. if the certificate is not found or invalid, that connection fails, but normal connections will still succeed (and it will try to find the file again, next time an SSL connection is attempted.) On the client side, tiptunnel only uses ssl if there is a "ssl-server-cert:" property in the acl file. This is the SHA hash of the certificate that the capture server is expected to have (in hex.) If the certificate presented by the server does not hash to the same value, the connection is dropped.
Showing with 172 additions and 14 deletions