SSLAPI: auth_cert() can now be const

auth_cert() can now be const because OpenSSL rebuild_authcert()
is never called unless authcert has already been allocated,
making

  authcert.reset(new AuthCert());

redundant.  Once the above statement is removed,
rebuild_authcert() becomes const.

Signed-off-by: James Yonan <james@openvpn.net>

openvpn/mbedtls/ssl/sslctx.hpp

@@ -722,7 +722,7 @@ namespace openvpn {
 	return false; // fixme -- not implemented
       }
 
-      virtual const AuthCert::Ptr& auth_cert() override
+      virtual const AuthCert::Ptr& auth_cert() const override
       {
 	return authcert;
       }

openvpn/openssl/ssl/sslctx.hpp

@@ -643,7 +643,7 @@ namespace openvpn {
 	return !SSL_session_reused(ssl);
       }
 
-      virtual const AuthCert::Ptr& auth_cert()
+      virtual const AuthCert::Ptr& auth_cert() const
       {
 	// Reused sessions don't call the cert verify callbacks,
 	// so we must use an alternative method to build authcert.
@@ -778,9 +778,8 @@ namespace openvpn {
 	SSL_set_ex_data(ssl, context_data_index, (void *)ctx);
       }
 
-      void rebuild_authcert()
+      void rebuild_authcert() const
       {
-	authcert.reset(new AuthCert());
 	::X509 *cert = SSL_get_peer_certificate(ssl);
 	if (cert)
 	  {

openvpn/ssl/sslapi.hpp

@@ -71,7 +71,7 @@ namespace openvpn {
     virtual BufferPtr read_ciphertext() = 0;
     virtual std::string ssl_handshake_details() const = 0;
     virtual bool did_full_handshake() = 0;
-    virtual const AuthCert::Ptr& auth_cert() = 0;
+    virtual const AuthCert::Ptr& auth_cert() const = 0;
     virtual void mark_no_cache() = 0; // prevent caching of client-side session (only meaningful when client_session_tickets is enabled)
     uint32_t get_tls_warnings() const
     {