coap_mbedtls.c: Make TLS error recovery more rigorous

[mrdeep1]

Support self-signed certificates that have expired.

Correct variable ret initialization in coap_tls_read().

Catch some additional MbedTLS SSL error codes in do_mbedtls_handshake().

[obgm]

Two minor things:

• Indentation seems a bit uneven,
• do we want to log if an expired self-signed certificate has been accepted?

[mrdeep1]

I think that I have caught the indentations that you are referring to - code pushed.
With the fix otherwise, it still reports (from cert_verify_callback_mbedtls())

Jan 14 18:45:14.061 INFO    127.0.0.1:32837 <-> 127.0.0.1:5684 TLS : The certificate has expired: overridden: 'registrar.stok.nl' depth 0
Jan 14 18:45:14.061 INFO    127.0.0.1:32837 <-> 127.0.0.1:5684 TLS : Self-signed: overridden: 'registrar.stok.nl' depth 0

whereas before this PR is applied

Jan 14 18:47:16.115 INFO    127.0.0.1:32838 <-> 127.0.0.1:5684 TLS : The certificate has expired: overridden: 'registrar.stok.nl' depth 0
Jan 14 18:47:16.115 INFO CN 'registrar.stok.nl' presented by server (Certificate)
Jan 14 18:47:16.115 WARN    127.0.0.1:32838 <-> 127.0.0.1:5684 TLS : The certificate is not correctly signed by the trusted CA: issue 0x8: 'registrar.stok.nl' depth 0

Before, if we were handling MBEDTLS_X509_BADCERT_NOT_TRUSTED (coap_mbedtls.c:377), we could not check if it was a self-signed certificate if there was an expiry error.