SSL client cert patch submitted

I just submitted a patch to support SSL client certificates.
With this patch the Port structure is extended to include a
new field, 'peer', that contains the client certificate if 
offered.

This patch also cleans up the SSL code.  Most of this should
be invisible to users, with the exception of a new requirement
that private keys be regular files without world- or group-access,
a standard requirement for private keys.  The patch should also
be much more secure with the addition of support for empheral DH
keys.

To use it, you must create a new client cert, e.g., with
 openssl req -new -x509 -newkey rsa:1024 -keyout key.pem \   -nodes -out cert.pem -days 365 
 chmod go-rwx key.pem

then specify the location of these files with two environment
variables:
 set PGCLIENTCERT=cert.pem; export PGCLIENTCERT set PGCLIENTKEY=key.pem; export PGCLIENTKEY

(or maybe libpq should just look in $HOME/.postgresql/..., similar
to how ssh(1) works.)  The postmaster log should show something like
 DEBUG: SSL connection from /DC=com/DC=example/CN=BearGiles/Email=bgiles@example.com with cipher EDH-RSA-DES-CBC3-SHA

(after restarting postmaster, obviously).

The patch description contains a brief discussion of other
issues (TLSv1, renegotiation, mapping client certs to users).

Bear