add support for client certificate callbak, fix memory leak

	{

	char *arg = **pargs, *argn = (*pargs)[1];

	SSL_EXCERT *exc = *pexc;

	if (!exc && !ssl_excert_prepend(&exc))

	if (!exc)

		{

		if (ssl_excert_prepend(&exc))

			*pexc = exc;

		else

			{

			BIO_printf(err, "Error initialising xcert\n");

			*badarg = 1;

			goto err;

			}

		}

	if (strcmp(arg, "-xcert") == 0)

		{

		if (!argn)

int MAIN(int argc, char **argv)

	{

	unsigned int off=0, clr=0;

	int cert_flags=0;

	SSL *con=NULL;

#ifndef OPENSSL_NO_KRB5

	KSSL_CTX *kctx;

	int srp_lateuser = 0;

	SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};

#endif

	SSL_EXCERT *exc = NULL;

	meth=SSLv23_client_method();

			}

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if (args_excert(&argv, &argc, &badarg, bio_err, &exc))

			{

			if (badarg)

				goto bad;

			continue;

			}

		else if	(strcmp(*argv,"-prexit") == 0)

			prexit=1;

		else if	(strcmp(*argv,"-crlf") == 0)

			keymatexportlen=atoi(*(++argv));

			if (keymatexportlen == 0) goto bad;

			}

		else if (strcmp(*argv, "-cert_strict") == 0)

			cert_flags |= SSL_CERT_FLAG_TLS_STRICT;

                else

			{

			BIO_printf(bio_err,"unknown option %s\n",*argv);

			}

		}

	if (!load_excert(&exc, bio_err))

		goto end;

	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL

		&& !RAND_status())

		{

	if (clr)

		SSL_CTX_clear_options(ctx, clr);

	if (cert_flags) SSL_CTX_set_cert_flags(ctx, cert_flags);

	if (exc) ssl_ctx_set_excert(ctx, exc);

	/* DTLS: partial reads end up discarding unread UDP bytes :-( 

	 * Setting read ahead solves this problem.

	 */

		EVP_PKEY_free(key);

	if (pass)

		OPENSSL_free(pass);

	ssl_excert_free(exc);

	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }

	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }

	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }