Currently dogfooding this patch at gemini.sgregoratto.me. To test, run the following command and look for the "OCSP response" header: openssl s_client -connect "gemini.sgregoratto.me:1965" -status

the error path needs an initialized bufferevent too, otherwise it'll crash when trying to write the response. This moves the initialisation early, right after the tls_handshake. Another option would be to initialise it in do_accept, but that may be too early.

ECONNABORTED is returned if a connections gets aborted after being queued before the accept(2). I had some cases of accept: Software caused connection abort on FreeBSD, this should avoid that.