client: Fix CA and CRL update when a CA is expired.
Otherwise, the expired CA causes an error when it is being loaded, before the time comparison. Also, CRL signed by that CA also causes an error (as its signature cannot be checked). Catch these errors so the corresponding unusable PEMs are discarded.
Showing with 44 additions and 15 deletions