copyright years++

remove unused global flag

don't match host if connecting from the wrong socket limit how one given virtual host can be reached based on its `listen on' lists

load the certs per listening address

send host addresses to the server process

implement `listen on' Listening by default on all the addresses is so bad I don't know why I haven't changed this before. Anyway. Add a `listen on $hostname port $port' syntax to the config file and deprecate the old "port" and "ipv6" global setting. Still try to honour them when no "listen on" directive is used for backward compatibily, but this will go away in the next next version hopefully. At the moment the `listen on' in server context don't filter the host, i.e. one can still reach a host from a address not specified in the corresponding `liste on', this will be added later.

rename client->addr to raddr (remote address) and keep original length

disable the privsep crypto engine on !OpenBSD it fails bandly at runtime on various linux distros and on freebsd. Until a fix is found, disable it so I can move forward.

remove has_siginfo and wrap siginfo behind #ifdef SIGINFO. avoids some warnings in !BSD.

fixes for -Wpointer-sign

add a privsep crypto engine Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).

drop useless debug statement

don't have the config being a global

move hosts into the config struct

move fastcgi from global var to the config struct while here also make them a list rather than a fixed-size array.