BUG/MEDIUM: ssl: chain must be initialized with sk_X509_new_null()

BUG/MEDIUM: ssl: chain must be initialized with sk_X509_new_null()

Even when there isn't a chain, it must be initialized to a empty X509
structure with sk_X509_new_null().

This patch fixes a segfault which appears with older versions of the SSL
libs (openssl 0.9.8, libressl 2.8.3...) because X509_chain_up_ref() does
not check the pointer.

This bug was introduced by b90d2cb ("MINOR: ssl: resolve issuers chain
later").

Should fix issue #516.