sslproxy_cert_adapt squid.conf option

sslproxy_cert_adapt squid.conf option

This patch add the sslproxy_cert_adapt option to squid.conf which gives to
squid administrators the required functionality to "fix" a known broken
certificate using acls.
Currently only the "Not After", "Not Before" and "Common Name" fields of a
certificate can be modified/fixed.

The sslproxy_cert_adapt option has the form:
   sslproxy_cert_adapt <adaptation algorithm> acl ...
where <adaptation algorithm> is one of the setValidAfter, setValidBefore and
setCommonName.

    setValidAfter: sets the "Not After" property to the signing cert's
                   "Not After" property.
    setValidBefore: sets the "Not Before" property to the signing cert's
                   "Not After" property.
    setCommonName: sets certificate Subject.CN property to the host name
                   from specified as a CN parameter (setCommonName{CN}) or,
                   if no explicit CN parameter was specified, extracted from
                   the CONNECT request

When the acl(s) match, the corresponding adaptation algorithm is applied to
the fake/generated certificate. Otherwise, the default mimicking action takes
place.