Support Subject Alternative Name verification in TLS Plugin.

The TLS code understands three different things it can verify: the subject, the
issuer, and the root.  The existing code assumes that any attribute we can
verify against one of these is also verifyable against the others.

For Subject Alternative Name, this might not be true.  There exists both
Subject Alternative Name and Issuer Alternative Name.  This code change allows
one to write "I.subjectAltName=Foo", and we'll verifiy a Subject Alt Name
against the Issuer, which wouldn't be right.  Issuer Alternative Name isn't a
requested feature (yet?), so I'm punting on this problem.

FDBLibTLS/FDBLibTLSVerify.cpp

@@ -136,7 +136,7 @@ static std::pair<std::string, std::string> splitPair(std::string const& input, c
 static int abbrevToNID(std::string const& sn) {
 	int nid = NID_undef;
 
-	if (sn == "C" || sn == "CN" || sn == "L" || sn == "ST" || sn == "O" || sn == "OU" || sn == "UID" || sn == "DC")
+	if (sn == "C" || sn == "CN" || sn == "L" || sn == "ST" || sn == "O" || sn == "OU" || sn == "UID" || sn == "DC" || sn == "subjectAltName")
 		nid = OBJ_sn2nid(sn.c_str());
 	if (nid == NID_undef)
 		throw std::runtime_error("abbrevToNID");

FDBLibTLS/Makefile

@@ -5,7 +5,7 @@ CFLAGS ?= -O2 -g
 
 CXXFLAGS ?= -std=c++0x
 
-CFLAGS += -I/usr/local/include
+CFLAGS += -I/usr/local/include -I../fdbrpc
 LDFLAGS += -L/usr/local/lib
 
 LIBS += -ltls -lssl -lcrypto

FDBLibTLS/verify-test.cpp

@@ -208,6 +208,7 @@ int main(int argc, char **argv)
 		FDBLibTLSVerifyTest("CN=\\61\\62\\63", true, true, {{NID_commonName, "abc"}}, {}, {}),
 		FDBLibTLSVerifyTest("CN=a\\62c", true, true, {{NID_commonName, "abc"}}, {}, {}),
 		FDBLibTLSVerifyTest("CN=a\\01c", true, true, {{NID_commonName, "a\001c"}}, {}, {}),
+		FDBLibTLSVerifyTest("S.subjectAltName=XYZCorp", true, true, {{NID_subject_alt_name, "XYZCorp"}}, {}, {}),
 
 		// Invalid cases.
 		FDBLibTLSVerifyTest("Check.Invalid=0"),