Bug #606181 - Accepting bad SSL certificate applies to any hostname
Change the Camel certdb to look up certificates by expected hostname.
This way, accepting a bad certificate for one mail server does not give
it a free pass to impersonate the user's other mail servers. Storing a
second bad certificate for the same server will replace the first, but
that should be OK (Mozilla PSM works the same way).
The camel-cert.db format is unchanged except that it can now contain
multiple entries for the same certificate with different hostnames, and
if it contains multiple certificates for the same hostname, all but the
last will be dropped (becoming permanent the next time the certdb is
saved).
Users who were taking advantage of evolution-data-server's previous,
vulnerable behavior of accepting a certificate for a hostname other than
the originally user-approved one will get bad certificate dialogs and
will need to re-approve the certificate for the desired hostname(s).
Note: Case insensitive compare of host names added by mcrha.