Merge r265702, r290136, r264800 from trunk:

* modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors
returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect
malformed or misconfigured CRLs.  Clear error stack beforehand to
ensure reported errors are relevant.

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Fix gcc
4.x different-pointer-signedness warning.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".  (CVE CAN-2005-2700)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@290159 13f79535-47bb-0310-9956-ffa450edef68