Add encrypted server SNI support

- New "SNI_server_certs" context option maps host names to
  appropriate certs should client handshakes advertise the
  SNI extension:

    $ctx = stream_context_create(["ssl" => [
        "local_cert" => "/path/to/cert.pem",
        "SNI_server_certs" => [
            "domain1.com" => "/path/to/domain1.pem",
            "*.domain2.com" => "/path/to/domain2.pem",
            "domain3.com" => "/path/to/domain3.pem"
        ]
    ]]);

- Prefixing a "*." will utilize the matching cert if a client
  requests the primary host name or any subdomain thereof. So
  in the above example our "domain2.pem" will be used for both
  requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
  streams.
- SNI support is enabled by default as of 5.6 for both servers
  and clients. Servers must specify the "SNI_server_certs" array
  to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
  "SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
  negotiate the TLS handshake with many clients, servers MUST
  still specify a "local_cert" ctx option or run the risk of
  connection failures from clients that do not support the SNI
  extension.

0 files changed, 0 insertions, 0 deletions