sofia-sip/tport.h:
* tport_delivered_from_subjects() returns type (su_strlst_t const *)
* Export tport_subject_search()

sofia-sip/tport_tag.h + tport_tag.c:
* Remove TPTAG_TLS_VERIFY_PEER()
  - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
  - Binary Compatibility is preserved.
* Add TPTAG_TLS_VERIFY_POLICY()
  - tport can verify incoming and/or outgoing connections, using:
    1) Certificate Signatures only - or -
    2) Certificate Signatures and Certificate Subjects
* Add TPTAG_TLS_VERIFY_DEPTH()
  - Restrict certificate chain verification to a set length.
* Add TPTAG_TLS_VERIFY_DATE()
  - Disable notBefore/notAfter checking (application: embedded devices)
* Add TPTAG_TLS_VERIFY_SUBJECTS()
  - Incoming connections must present client certificates with subjects
    that match an item in this list.
  - Intended Use: Proxy Authentication
* Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
  - Commented out for future use.
  - Intended Use: SIP User Identities in Server Certificates.
* Add appropriate doxygen documentation.

tport.c
* Add tport_subject_search()
  - Subject can be a hostname, IP Address, or a URI.
  - Valid subject examples include:
      example.com
      alice@example.com
      sip:alice@example.com
      sips:alice@example.com
* tport_by_addrinfo() matches tpn_canon against the subject list
    of reusable TLS connections.

tport_tls.h:
* Add tls_init_secondary()
* Remove tls_init_slave() & tls_init_client()

tport_tls.c:
* tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
* tls_post_connection_check() verifies certificate subjects.
* tls_init_secondary()
  - Replaces tls_init_slave(), tls_init_client(), and tls_clone().

tport_type_tls.c:
* Removed erroneous reference to tport_tls_deliver()
* Fix a memory leak caused by duplicate calls to tls_clone().
* Populate the (tport_t *)->tp_subjects field with peer certificate data for
  new secondary connections.

darcs-hash:20090115155045-2152f-aaec406d8e5dbf146949d4d3cbc9f56e201cba46.gz