TLSClient: add hostname verifcation

The CN or subjectAltNames of the TLS certification is now matched with
the hostname connected to.

taskd.trust is now a tristate value (allow all, ignore hostname,
strict) to optionally disable the new hostname verification.

src/commands/CmdSync.cpp

@@ -29,7 +29,6 @@
 #include <inttypes.h>
 #include <signal.h>
 #include <Context.h>
-#include <TLSClient.h>
 #include <Color.h>
 #include <text.h>
 #include <util.h>
@@ -87,14 +86,18 @@ int CmdSync::execute (std::string& output)
   if (credentials.size () != 3)
     throw std::string (STRING_CMD_SYNC_BAD_CRED);
 
-  bool trust = context.config.getBoolean ("taskd.trust");
+  enum TLSClient::trust_level trust = TLSClient::strict;
+  if (context.config.get ("taskd.trust") == "allow all")
+    trust = TLSClient::allow_all;
+  else if (context.config.get ("taskd.trust") == "ignore hostname")
+    trust = TLSClient::ignore_hostname;
 
   // CA must exist, if provided.
   File ca (context.config.get ("taskd.ca"));
   if (ca._data != "" && ! ca.exists ())
     throw std::string (STRING_CMD_SYNC_BAD_CA);
 
-  if (trust && ca._data != "")
+  if (trust == TLSClient::allow_all && ca._data != "")
     throw std::string (STRING_CMD_SYNC_TRUST_CA);
 
   File certificate (context.config.get ("taskd.certificate"));
@@ -319,7 +322,7 @@ bool CmdSync::send (
   const std::string& ca,
   const std::string& certificate,
   const std::string& key,
-  bool trust,
+  const enum TLSClient::trust_level trust,
   const Msg& request,
   Msg& response)
 {