Here is the full pull request for the openssl backend feature. Here's an overview of other changes I've made:
I moved some of the functionality in mbedtls.cc that could be provided by the c-api abstraction to its own source file: crypto.cc
I changed the bctbx_ssl_get_dtls_srtp_key_material api to take the ssl context as an argument instead of the ssl config, which makes more sense and fits the openssl implementation.
I changed the bctbx_ssl_config_set_ciphersuites to take a bctbx_list_t instead of a null terminated int buffer which is more safe since the old interface did not enforce the api's requirement that the cipher suite list must be a valid pointer for the life time of the config object.
I added a new api for setting key exchange algorithms: bctbx_ssl_config_set_groups and implemented the openssl backend for this.