Compile-tested, use at your own risk.

Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.

This is in furtherance of commits 9799bea4 and 1f384464 and addresses
any potential vulnerability to LogJam <https://weakdh.org/>

I really shouldn't copy and paste code.

* src/packet.c: Remove a dead store
* src/res.c: Remove a dead store
* src/sslproc.c: Remove a dead store
* src/sslproc.c: Don't call the same accessor twice

These silence some fairly harmless compiler warnings

Use accessor function for certificate fingerprint, allow fingerprint generation for chained unknown roots

This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.

Update ciphersuite string to prohibit RC4

This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465>

Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.

cap: chase ircv3.2 interpretation of sticky/ack-required caps (basically dropping support other than serverside enforcement of stickyness)

change request @ ircv3/ircv3-specifications#122

Change example.conf to ircd.conf.example

find_named_client() was called without a prototype and therefore the
pointer could be truncated.

sendto_local_clients_with_capability() sends to a subset of the list of
local clients and cannot visit the same client multiple times like
sendto_channel_flags() and sendto_common_channels_local() can.

sasl: making the sasl capability actually sticky seems incompatible with broken implementations, so we make it just a formality instead.