Stop using a global anti-replay context and enable creating a context directly.
This increases the overhead of managing anti-replay for applications marginally,
but allows much greater flexibility in use of anti-replay mechanisms. In
particular, it enables the testing of 0-RTT in a threaded environment.
The comments in sslexp should be clear enough in explaining how this works.
Basically, this is a new reference-counted object that can be created and
tracked by applications.
The only thing that I can see might be a problem with the API is that I haven't
exposed a function to add a reference for use by applications. My thinking is
that reference counting is an internal thing; it seems like applications won't
need to worry about that.
selfserv is updated to create a context and attach it to sockets. This shows
that the overhead is minor.
The gtests have been tweaked to create a context during setup. The context is
owned by the overall test framework and is passed to server instances after the
sockets are initialized.
- ESNI keys are copied from the model socket when calling SSL_ReConfigFD().
- Some better tracing in the anti-replay functions.
Neither of these seemed worth the overhead of a bug to fix.