SSLUtil should perform hostname verification

[varrunr]

In com.emc.vipr.client.impl.SSLUtil, trustAllHostnames() should not be allowed. NullHostNameVerifier is an example of bad SSL implementation. See http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html for more information.

[chrisdail]

ViPR installs with self-signed certificates so there is no concept of trust in a default install. These certificates contain the IP address and not the hostname. So it is not possible to validate the hostname unless you are connecting via the IP address. This is provided as a convenience for default installations that did not sign certificates for use in the system with the proper hostname.

I will look to remove the hostname trustall as a default setting for the 2.1 release.