The inline ifdefs are escalating a bit quicker then I anticipated, even though there is a stream abstraction.

In an effort to avoid crazyness we should introduce mongoc_ssl_config_t that contains the current mongoc_ssl_opts_t, and essentials such as crypto engine and tls library type, and probably a callback table (mongoc_ssl_implementation_t?) for some of the functions (like which subject_extract to call).

The config could also possibly contain the cached X.509 data having read them in once, so protect us from re-reading the file (possibly removed in between!).

Original suggestion from Jesse:
I propose we create an ssl_config_t, which includes the ssl_opts_t, plus a pointer to an ssl_implementation_t that's a higher-level SSL and crypto abstraction, plus any cached values parsed from files. The pool or the client has an ssl_config_t. So, mongoc_ssl_extra_subject (config, filename) gets the config-specific implementation and calls that.