To propagate the original ALPN extension we needed to make changes at
four points:

1. On original ClientHello. Here we piggyback on the early peak into the
ClientHello message to extract SNI and also extract the full ALPN
extension. We are not being too smart about it; if it is not fully
available, we just skip it (thus falling back to the original
behaviour). We store this in the ctx.

2. On "fake" ClientHello to the original destination, we set the ALPN we
extracted during (1) above (available in the ctx).

3. On "fake" ServerHello from the original destination, we extract the
ALPN that the real server accepted. We store this in the ctx, same
location as (1) above (so original list is gone, but we don't need it
anymore).

4. On original connection establishment, we add a new callback (as the
"fake" server) to choose protocol from the ALPN list provided by the
original ClientHello (1). Here we just set whatever the real server
chose in (3).

We rely on libssl 1.0.2 for ALPN functions and callbacks. OPENSSL
version checks added to toggle ALPN support.

Change-Id: Iee7f240d98ae0d1af52e09ae1010242b9d4b9217

Existing tests in the ssl_tls_client_hello_parse suite were modified to
use the new interface of ssl_tls_clienthello_parse().

Additional test was added to specifically exercise extraction of ALPN
from a ClientHello message.

Change-Id: Id7bfb3701f8db9b2b9bfb9fdbff3d217fe9dd4d6

In http/https proxyspec modes sslsplit parses HTTP and performs certain
modifications (mostly in the HTTP headers). This parsing fails for
HTTP/2 (as expected).

Only perform ALPN forwarding for ssl proxyspec, where raw data is just
proxied across the two connections without any modifications.

Change-Id: I40ed058ffbf273d98bd8214ae654a8202dc5c5a8