I just committed an initial pass to trunk. Since we are just working out tests here, it will be easier to collaborate this way - patch is getting unwieldy.
The latest has SSL working for almost all tests randomly, if possible. Some tests are excluded for various reasons. It's a huge expansion in our coverage though.
Currently, we don't use the client auth setting. Perhaps that can be improved by someone that understands it better than I. I'd have to dig first.
Steve Davids, I'll leave this open in the case you have any further patches in you. Likewise, let me know if everything looks okay to you.