Allow s2s connections to accept client certificates that have only server purpose

Due to Google Chrome certification requirements we can expect
that in near future there will be no certificate authority
that will issue certifcates that have both server and client auth
purposes.

This change makes s2s listeners ignore cert purposes, and should
allow servers that have those new certificate to use it, to
authenticate new s2s connections.

This fixes issue #4392

mix.exs

@@ -120,7 +120,7 @@ defmodule Ejabberd.MixProject do
      {:dialyxir, "~> 1.2", only: [:test], runtime: false},
      {:eimp, "~> 1.0"},
      {:ex_doc, "~> 0.31", only: [:edoc], runtime: false},
-     {:fast_tls, "~> 1.1.22"},
+     {:fast_tls, git: "https://github.com/processone/fast_tls.git", ref: "f1e55d6d6bdf109ebc48dda880d028c95f349c3b", override: true},
      {:fast_xml, git: "https://github.com/processone/fast_xml", ref: "72e1c1b2eef84804399095704f2d729d5df8f02e", override: true},
      {:fast_yaml, "~> 1.0"},
      {:idna, "~> 6.0"},

rebar.config

@@ -44,7 +44,7 @@
          {esip, "~> 1.0.57", {git, "https://github.com/processone/esip", {tag, "1.0.57"}}}},
         {if_var_true, zlib,
          {ezlib, "~> 1.0.13", {git, "https://github.com/processone/ezlib", {tag, "1.0.13"}}}},
-        {fast_tls, "~> 1.1.22", {git, "https://github.com/processone/fast_tls", {tag, "1.1.22"}}},
+        {fast_tls, "~> 1.1.22", {git, "https://github.com/processone/fast_tls", "f1e55d6d6bdf109ebc48dda880d028c95f349c3b"}},
         {fast_xml, "~> 1.1.55", {git, "https://github.com/processone/fast_xml", "72e1c1b2eef84804399095704f2d729d5df8f02e"}},
         {fast_yaml, "~> 1.0.37", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.37"}}},
         {idna, "~> 6.0", {git, "https://github.com/benoitc/erlang-idna", {tag, "6.0.0"}}},

rebar.lock

@@ -6,7 +6,10 @@
  {<<"eredis">>,{pkg,<<"eredis">>,<<"1.7.1">>},0},
  {<<"esip">>,{pkg,<<"esip">>,<<"1.0.57">>},0},
  {<<"ezlib">>,{pkg,<<"ezlib">>,<<"1.0.13">>},0},
- {<<"fast_tls">>,{pkg,<<"fast_tls">>,<<"1.1.22">>},0},
+ {<<"fast_tls">>,
+  {git,"https://github.com/processone/fast_tls",
+       {ref,"f1e55d6d6bdf109ebc48dda880d028c95f349c3b"}},
+  0},
  {<<"fast_xml">>,
   {git,"https://github.com/processone/fast_xml",
        {ref,"72e1c1b2eef84804399095704f2d729d5df8f02e"}},
@@ -44,7 +47,6 @@
  {<<"eredis">>, <<"39E31AA02ADCD651C657F39AAFD4D31A9B2F63C6C700DC9CECE98D4BC3C897AB">>},
  {<<"esip">>, <<"4B14E4832D08B9FFC10D855B5D10B3083232B1D53DEB4C046679496CE85569C4">>},
  {<<"ezlib">>, <<"3C7F62862850A241159C10B218ECF580BCE54D0890601B65144DACC2633BE2B0">>},
- {<<"fast_tls">>, <<"44356B256AFAD4399C2FC5059A3066669DAFD8BD4E4E796C9C1CF8910DDD265E">>},
  {<<"fast_yaml">>, <<"F71D472FBF787CCD161B914D1EB486116A0F4F2E835337A378FBD31B59D2E74B">>},
  {<<"idna">>, <<"8A63070E9F7D0C62EB9D9FCB360A7DE382448200FBBD1B106CC96D3D8099DF8D">>},
  {<<"jiffy">>, <<"A9B6C9A7EC268E7CF493D028F0A4C9144F59CCB878B1AFE42841597800840A1B">>},
@@ -69,7 +71,6 @@
  {<<"eredis">>, <<"7C2B54C566FED55FEEF3341CA79B0100A6348FD3F162184B7ED5118D258C3CC1">>},
  {<<"esip">>, <<"19C357E1817B1E04792EF359BF900400F3E6D0E5ADE929FD72F88EA9B44AF2ED">>},
  {<<"ezlib">>, <<"9EE62AB3F8ED55A0FD11A9569FCB8E458683F95575417272192B069F092ABFBB">>},
- {<<"fast_tls">>, <<"E65779AEFB7AB15C4755230FEF8077E687D20CC5A3984A5974F9F657E8E2485B">>},
  {<<"fast_yaml">>, <<"8DE868721BF7E2172414F7D3148EDE0F3C922B496455CD625DD5C4429515A769">>},
  {<<"idna">>, <<"92376EB7894412ED19AC475E4A86F7B413C1B9FBB5BD16DCCD57934157944CEA">>},
  {<<"jiffy">>, <<"BB61BC42A720BBD33CB09A410E48BB79A61012C74CB8B3E75F26D988485CF381">>},

src/ejabberd_s2s_in.erl

@@ -138,7 +138,7 @@ process_closed(#{server := LServer} = State, Reason) ->
 %%% xmpp_stream_in callbacks
 %%%===================================================================
 tls_options(#{tls_options := TLSOpts, lserver := LServer, server_host := ServerHost}) ->
-    ejabberd_s2s:tls_options(LServer, ServerHost, TLSOpts).
+    [override_cert_purpose | ejabberd_s2s:tls_options(LServer, ServerHost, TLSOpts)].
 
 tls_required(#{server_host := ServerHost}) ->
     ejabberd_s2s:tls_required(ServerHost).