mbedtls: correctly check return value in pkcs11_certificate_dn()

mbedtls: correctly check return value in pkcs11_certificate_dn()

mbedtls_x509_dn_gets() would not always return -1 error, which could cause
us to incorrectly continue after the function call failed.  To fix this,
just call our own x509_get_subject(), which does all the neccesary error
checking correctly.

pkcs11_certificate_dn() is only called by show_pkcs11_ids(), to list the
certificates on the pkcs11 token.  Therefor, this mistake did not have a
security impact.

This issue was found by Quarkslab during the OSTIF-founded security audit
(issue 5.3).

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1494317563-6303-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14591.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit 423bb16e8a8fe22a907f469074a25533208fa0bc)