Cache peer CA names on client side after handshake

[WillChilds-Klein]

Notes

OpenSSL docs for SSL_get_client_CA_list stipulate:

In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any.

AWS-LC’s SSL_get_client_CA_list behavior differs from OpenSSL’s behavior on the client side in that AWS-LC keeps its client CA list on the ssl->s3->hs struct that gets reset upon handshake completion whereas OpenSSL keeps its list on sc->s3.tmp which appears to retain state after the handshake completes.

This PR moves cached_x509_ca_names from the handshake (ssl->hs) struct to the ssl->s3 struct to persist them after the handshake completes and ssl->hs is reset.

Testing

• unit test
• pyopenssl CI job passes

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 94.73684% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.36%. Comparing base (80189ff) to head (291926d).
⚠️ Report is 54 commits behind head on main.

Files with missing lines	Patch %	Lines
ssl/ssl_x509.cc	84.61%	2 Missing ⚠️
ssl/ssl_cert.cc	66.66%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2994   +/-   ##
=======================================
  Coverage   78.35%   78.36%           
=======================================
  Files         689      689           
  Lines      121026   121069   +43     
  Branches    16966    16968    +2     
=======================================
+ Hits        94833    94872   +39     
- Misses      25296    25302    +6     
+ Partials      897      895    -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.