The existing code only allows you to provide a set of trusted
CA certificates as an openssl 'CApath'-type directory. Fedora,
RHEL (and derived distros) and probably other distros provide
a system-wide database of trusted CA certs in various bundle
formats, but not as a CApath-type directory. This checks whether
check_store is a file or directory and loads it appropriately,
when initializing an SSL connection.
Note that there is code elsewhere which assumes the trust store
will be a file, but that code is hit only in CHECK_BASIC mode.
This change applies only to CHECK_CA mode.
89295ca4b2