Add preliminary server-side support for negotiable crypto parameters

Add preliminary server-side support for negotiable crypto parameters

Add preliminary support for Negotiable Crypto Parameters 'level 2'
(IV_NCP=2), as proposed by James Yonan on the openvpn-devel mailinglist:
http://comments.gmane.org/gmane.network.openvpn.devel/9385

This patch makes a server push a 'cipher XXX' directive to the client,
if the client advertises "IV_NCP=2", where XXX is the cipher set in the
server config file.

This enables clients that have support for IV_NCP to connect to a
server, even when the client does not have the correct cipher specified
in it's config file.

Since pushing the cipher directive is quite similar to pushing peer-id,
I moved peer-id pushing to the same prepare_push_reply() function I
created for pushing cipher.  Adding these directives as regular push
options allows us to use the existing 'push-continuation'
infrastructure.  Note that we should not reduce safe_cap in
send_push_reply, because it was never increased to account for peer-id.

This is a preliminary patch, which will be followed by more patches to
add client support, and configurability.

v2:
 * Reword doxygen of push_options_fmt()
 * No longer push IV_NCP as a server

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <CAA1Abx+gSgFH3=+xO6QN4NDAYwf8jctYhe8VyRxD8e1L=D6LWg@mail.gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11170
Signed-off-by: Gert Doering <gert@greenie.muc.de>