This is for peers which don't want to use a local certificate. Used by AMP because AMP's internal language is all about certificates and this duck-types in the appropriate place; this API isn't really stable though, so it's not exposed anywhere public.
For clients, it will use ephemeral DH keys, or whatever the default is for certificate-less clients in OpenSSL. For servers, it will generate a temporary self-signed certificate with garbage values in the DN and use that.
|Create a _NoCertificate which either is or isn't for the client side of the connection.
Create a _NoCertificate which either is or isn't for the client side of the connection.
|True if we are a client and should truly have no certificate and be anonymous, False if we are a server and actually have to generate a temporary certificate.