TLS amusement

[haussli]

As discussed on our last call, this PR is a consolidation of PR #30's remaining to-do items.

Following RFC7589, we still must address Sections: 4 Certificate Validation 5 Server Identity 6 Client Identity

We will still largely follow rfc5425 for the content of these, as:

• must support certificate authentication, with CA validation or certificate match (eg: self-signed), by both client and server
• identity - must define which fields/attributes must be filled to fulfill identity authentication Netconf TLS rfc7589 identity sections 5 & 6 might be a good model for T+

[haussli]

We discussed certificate validation with fingerprints; we will change the FP requirement to MUST -> SHOULD .

[haussli]

Addressed on tls branches and merged at 29ec578e6eb.