* separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
