Store errors that result from leaf certificate verification.

Store errors that result from leaf certificate verification.

In the case that a verification callback is installed that tells the
verifier to continue when a certificate is invalid (e.g. expired),
any error resulting from the leaf certificate verification is not stored
and made available post verification, resulting in an incorrect error being
returned.

Also perform leaf certificate verification prior to adding the chain, which
avoids a potential memory leak (as noted by tb@).

Issue reported by Ilya Shipitsin, who encountered haproxy regress failures.

ok tb@