* [jruby] refactor - only keep peer cert around
* [jruby] make miss an error not to be caught!
* [test] follow-up proper testing of GH-2849
* [jruby] support truststore = :default
* [jruby] sync dsl/context-builder with new props
* [jruby] support a truststore option
which might be a completely different file than keystore ...
due backwards compatibility we assume `truststore = keystore`
(`truststore_pass = keystore_pass`)
* [jruby] actually use truststore on initialize
* [jruby] add keystore_type and truststore_type
* [jruby] dry and simplify native bits
* [jruby] setup SSLError in native (like C part)
* [jruby] map to SSLError from native exception
* [jruby] provide peercert even if hand-shake fails
Adds support for `verify_mode` to configure client authentication when running under JRuby.
Things to note:
- Assumes the CA used to verify client certs is in the same java
keystore file that is used when setting up the HTTPS TLS listener. We
could split this out, but not sure if it's necessary.
- Friendly/helpful error messages explaining why the verification failed
are not present in the same way they are in the CRuby/OpenSSL code
path. I'm not sure how to make them available.
- I did not include any code to create the `keystore.jks` file in the
`examples/puma/client-certs` directory because I didn't see any
existing code to create the `examples/puma/keystore.jks` file. The
commands to create this keystore would be:
```
cd examples/puma/client-certs
openssl pkcs12 -chain -CAfile ./ca.crt -export -password pass:blahblah -inkey server.key -in server.crt -name server -out server.p12
keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass blahblah -destkeystore keystore.jks -deststoretype JKS -storepass blahblah
keytool -importcert -alias ca -noprompt -trustcacerts -file ca.crt -keystore keystore.jks -storepass blahblah
```
