[Cryptography] network encryption/authentication without certificate PKI

[Devin Reade]

Technology survey time ...

I'm looking at a distributed system where all nodes are under the
administrative control of one organization, and the node count is
sufficiently small that using PSK for authentication would not be
an administrative burden.  What *would* be an administrative burden
is the maintenance of a CA and the consequent certificates.  I'm
interested in what options exist that would allow a PSK type of
setup (or one with similarly low maintenance overhead after initial
setup) and that offer both TCP session encryption and authentication.

I see that RFC 5054 describes TLS with SRP instead of certificates
and conceptually at least that sounds ideal.  However, I see that
libressl has ripped out support for SRP from their code base which
makes me think that either there are known vulnerabilities with the
protocol or that it was generally never used.

What options exist for this type of model while minimizing the
roll-your-own aspect? (Or alternately, are there reasons why this model
should not be considered?)

The target language is C/C++.  I'm interested in application-to-application
authentication rather than host-to-host like IPSec.

Thanks,
Devin