TLS servers without all of them needing to separately load the ssl certificate.

It's destroyed in free_scfg(), and the config *must* be prepped both to
destroy the certificate and to load it.  This is because the "no cert"
value is -1, not 0, so the prepped flag is all we really have to indicate
if it's zero because it's a valid certificate or zero because no certificate
has been loaded.

Reduce certificate checking... the default level will not validate the
certificate used by acme-staging-v02.api.letsencrypt.org.  Presumably, that
means other Google API stuff won't work either.

HANDLE_PENDING() contains a return, so it's theoretically possible that the
memory allocated by the previous JSVALUE/STRING_TO_... allocation could
be leaked. So now we pass an optional pointer to HANDLE_PENDING() which will
call free() on it if it's not NULL, and then sets it to NULL for good measure.

js_socket_sendsocket() when the socket has been disconnected.
I found a terminal user session on a disconnected socket, in an infinite loop
in js_socket_recv(), had performed an https request from AnsiView->http.js.

1) Only call crpytFlushData() if there *is* data.
2) Only call cryptFlushData() once per call to do_CryptFlush()
3) If cryptPushData() does a short write, flush immediately, regardless of
   the preferences
4) Pass the whole private data pointer to do_CryptFlush() so it can only
   call cryptFlushData() if there's unflushed data
5) Extend the private data structure to track unflushed data

function where the error is being reported from. So the WHERE macro now
contains the __FUNCTION__ "macro" and the various js*.c files that use the
WHERE macro to report errors had to be updated too.
Also, the 'access' argument is now being passed as a signed long rather than
unsigned long. Status/return values are often passed in here (e.g. from smblib)
and may be negative. This argument was being displayed with %ld but wasn't
being passed in as a signed value, so on 64-bit long systems, negative numbers
were just printed as large (4M+) numbers.
Also, no need to call getfname() in errormsg() since this is embedded in the
WHERE macro (since 2009).

calling Socket.bind() with an undefined hostname parameter would result in a
getaddrinfo() failure, e.g. on Windows, WSAHOST_NOT_FOUND 11001
The ircd.js passes the value of server.interface_ip_address to socket.bind()
and when run from jsexec, this property is not defined. So you couldn't run the
ircd from jsexec or you'd get "!Error 0 binding socket to TCP port xxx".
Also now setting the socket last_error value upon getaddrinfo() failure so
if there is a failure, the error message won't include the erroneous "Error 0".

underlying send() function is free to send a subset of the bytes, and
occasionally does (especially on non-blocking sockets).  The return value
was true if all bytes were sent or false if not all bytes were sent.

The new behaviour is to return the number of bytes sent or null on failure.

This is mostly compatible with existing code which appears to universally use
if (!sock.send(str))

Cases where it's not compatible are when a zero-length string is sent.  The
handling of errors is slightly different now too... previously, if you
retransmitted on failure, the stream would "stutter" now it will have
"holes".

the constructor things.  This allows TLS-enabled services to work correctly,
and removes an ugly hack from the web server.

There's still an odd issue with the NNTP service when using TLS though.

correctly.

var s= new Socket(true, descriptor);

This creates a new socket object from a socket descriptor.

Mutex protect certificate loading/creation.

- the socket could be (and sometimes is) already disconnected.

the are likely to only impact the current connection, not overall system
operation.

This means moving ssl.o into libsbbs.so and out of libwebsrvr.so.
I'll fix Windows in a minute (?).

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

or 'longs'. Amazing that no one noticed.

This should really get a new file with happy wrappers at some point - I'm not
sure where lprintf() will go if it happens from main() right now etc.

Fix Warnings by logging cryptFlushData() errors.

size_t type where ssize_t was formerly used.  Is the correct size and type
and should work on Windows where the Microsoft compiler and the API are
missing the ssize_t type.

Also, remove illegal assignments to casts.