load_ca: get a buffer instead of a fd We dup(1) the ca fd and send it to various processes, so they fail loading it. Instead, use load_file to get a buffer with the file content and pass that to load_ca which then loads via BIO.

simplify config_send_kp: use config_send_file

remove proc_ispeer() unused, and was dropped by other copies of proc.c; reduces the diff with httpd' proc.c.

disable the privsep crypto engine on !OpenBSD it fails bandly at runtime on various linux distros and on freebsd. Until a fix is found, disable it so I can move forward.

remove has_siginfo and wrap siginfo behind #ifdef SIGINFO. avoids some warnings in !BSD.

add -Wpointer-sign to the mix It's not present in -W -Wall -Wextra on OpenBSD but it is enabled on other systems.

fixes for -Wpointer-sign

cast uint64_t to unsigned long long

work around different signature for ecdsae_compute_key

add a privsep crypto engine Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).

drop useless debug statement

move setproctitle/privsep_process earlier We don't always do privilege dropping (as we may start as unprivileged user), so set these two beforehand so when we skip privdrop we don't miss to set privsep_process and set the process' title.

rework load_file to use pread() avoids issues since the same file is sent to multiple processes after being dup()'ed. Since these files are meant to be regular files, I don't expect short reads.

adjust how locations are received

simplify ocsp sending using config_send_file while here add an explicit flush to avoid a fd rampage.