Make SSL/TLS certificate checking actually work.
We weren't loading the default certificate store, so there were no trusted certificates to validate hosts with, and all checks would fail (unless explicitly disabled with OP_SSL_SKIP_CERTIFICATE_CHECK(0)). This adds that call, and also adds hostname verification (which OpenSSL does not do for us, because they are morons). I've done my best to get the latter right by reading the RFCs, but this stuff is complex, it's easy to make mistakes, and I only have a limited ability to test it, so caveat emptor.
Showing with 269 additions and 7 deletions