Offer programatic configuration of certificate verification for SslSockets

[ASzc]

This is a related but separate discussion from #446.

In my ceylon.net.http.client rewrite, I want to offer something similar to the verify parameter from Python requests. This means adding functionality around SslSocket so that it can support at least three certificate verification modes:

• enabled (use regular JVM certificate store)
• disabled (treat all certificates as valid)
• enabled with an alternative set of trusted certificates

The alternative set of certificates must be easily defined programmatically, and ideally loadable from standard PEM format (files or strings). Unfortunately the Java SDK doesn't offer anything but "enabled" out of the box. I'm not a fan of the extended API it offers, but it may be workable.

I think enabled/disabled can certainly be achieved with a custom TrustManager. A TrustManager may be also able to do some tricks to avoid requiring a custom KeyStore, but the documentation isn't clear. Otherwise, an alternative KeyStore can probably be constructed.

More advanced functionality (like adding or removing from the trusted set of JVM certificates for a particular SslSocket) would be nice but isn't essential.

I will start working on this after #446.

[gavinking]

/me nods sagely and pretends he understands what any of the above means. ;-)