created so graciously by Deuce, or as I like to call him: Mr. Crypto.

mail.sid corruption approximately around midnight (when delmail()) is
called as part of the "DAILY:" mail maintenance, I'm suspicious of this
function and while I haven't found any bugs, I did find (and now fixed)
lack of error checking in calls to smb_fsetlength() and smb_fwrite().

status.total_msgs value: if they don't match, don't add header & index
to the message base, it's apparently corrupted and we're only going to
make things worse as smb_putmsgidx() will fail (after we've stored the hdr)
with an "invalid index offset" error.

If caller doesn't zero-initialize smb_t, then the 'lock' member could've
been non-zero (garbage) and some functions would then not lock the SMB
header, used for protecting against corruption from multiple process or thread
modification of the same base.

for new TLS-related settings:
SubmissionsPort -> TLSSubmissionPort
POP3SPort -> TLSPOP3Port
USE_TLS_SUBMISSIONS_PORT -> TLS_SUBMISSION
USE_POP3S_PORT -> TLS_POP3
There was actuall a typo in the "USE_POP3S_PORT" string anyway. <shrug>

so that the smb_unlock() in main() doesn't fail and display the harmless
error:
Error -207 (smb_unlock 2 'No such file or directory' removing mail.lock)
unlocking mail

section:

POP3SPort=995
SubmissionsPort=465

And two new mail options:
USE_SUBMISSIONS_PORT
USE_POP3SS_PORT

These are the last of the two option bits for the mail server.

Support STARTTLS in SMTP and STLS in POP3.  This includes the sendmail
thread.  Clients can now be configured to use STARTTLS with Synchronet
mail services, and Synchronet will attempt to deliver securely when
possible (though it will fall back to plain text delivery when necessary.)

This touches a *lot* of mail server stuff, so some instability is not
unlikely.

Of course, RFC8314 (Jan, 2018) officially recommends implicit TLS on the TLS
ports now, so support for that should be next.

TLS servers without all of them needing to separately load the ssl certificate.

It's destroyed in free_scfg(), and the config *must* be prepped both to
destroy the certificate and to load it.  This is because the "no cert"
value is -1, not 0, so the prepped flag is all we really have to indicate
if it's zero because it's a valid certificate or zero because no certificate
has been loaded.

saving changes.

Nov-28-2017 (don't save .ini files with every change of log-levels), it was
quite easy for the visible log level controls and the actual log level (in the
startup structures) to get out-of-sync.

I'm pondering saving the selected log-level when recycling or something else,
but for now at least the visible controls match the real log level.

(e.g. when downloading syncterm-src.tgz)

recursive make of scfg, uedit, and umonitor.

Also, free() temp variables for RSA keys.

of the passed filei, fixing a long-standing issue with a couple of menu
commands (e.g. "MAININFO") in the WWIV (and possibly other) command shells.
Thank Nelgin. Are we keeping count yet?

creates/deletes the file: ctrl/sysavail.chat

so they can be more easily used by external utils (e.g. umonitor).

This allows disabling authentication after a higher level specifies an
AccessRequirements value, eliminating the last reason to keep access.ars
around.

Also, allow signing unrecognized attributes.

These changes allow getting a Let's Encrypt certificate covering multiple
domain names.

attribute_get/set[_string|_time]? interface.  This is way easier than a
bunch of tiny getter/setter functions, and most of these certificate
extensions aren't actually going to be used anyway.

Also, surface the attribte cursor constants for more advanced certificate
parsing/creation.

time.