Reset count to 0 even if it was low
Otherwise we'll just go straight to sending the error next time instead
of waiting for two.
Raise the timeout again, it is affecting some people
Hack to not say success if we never said fail
In the network case we allow one retry.
Only alert of network errors the second time
To help with hosts that have flaky networks
Support ALPN for direct TLS
Need to do handshake for direct TLS case
Don't crash if there is no cert chain
Improve suggestion display
If SRV matches known good value, as good as DNSSEC
Usage 1 is fine
It asserts the exact cert same as 3, just also says PKIX should pass
too.
Always include unchecked
So they can be shown as suggestions
Monitor direct tls as well
This was never meant to be commented out
Double the timeout, sometimes Tor is slow
AnyChecked should use Checked not Ok
If any DANE record present, failure is a failure