tests: handle getaddrinfo reporting "No address associated with hostname"
This has been seen on some Fedora 23 systems.
httpconnection: remove obsolete comment about open()
When httpsendfile was moved from url.py into httpconnection.py in
e7525a555a64 (url: use new http support if requested by the user,
2011-05-06), the comment about not being able to just call open()
became obsolete.
sslutil: allow multiple fingerprints per host
Certificate pinning via [hostfingerprints] is a useful security
feature. Currently, we only support one fingerprint per hostname.
This is simple but it fails in the real world:
* Switching certificates breaks clients until they change the
pinned certificate fingerprint. This incurs client downtime
and can require massive amounts of coordination to perform
certificate changes.
* Some servers operate with multiple certificates on the same
hostname.
This patch adds support for defining multiple certificate
fingerprints per host. This overcomes the deficiencies listed
above. I anticipate the primary use case of this feature will
be to define both the old and new certificate so a certificate
transition can occur with minimal interruption, so this scenario
has been called out in the help documentation.