(maint) Only append to peer_certs if verify succeeded
Previously, we assumed that verify_callback was only called once for each
cert in the chain, with preverify_ok set to true or false depending on
whether the cert is verified.
However, openssl call invoke the verify_callback for a number of other
reasons, e.g. CRL not yet valid. In that case, the error is not with
the current_cert, but with the current_crl.
This commit moves the logic for appending the current_cert to the
@peer_certs array only in the case that preverify_ok is true. Does not
cause problems, because we only looked at @peer_certs array if every
cert in the chain was successfully verified.
This commit makes it easier to handle other types of verify errors.