SSL_get_error function requires calling ERR_clear_error queue
before executing function which error code is to be determined.
Otherwise spurious error codes may be returned even for successful
operations.

http://www.openssl.org/docs/ssl/SSL_get_error.html

When we run using "--tls" (default) we create the SSL context with a
TLSv1_*_method(), however, this _only_ supports TLS 1.0 connections. In
contrast, when we run with "--ssl" we use a SSLv23_*_method() which
allows all supported protocols. We block SSL 2.0 by passing in the
SSL_OP_NO_SSLv2 flag in SSL_CTX_set_options. This results in the
somewhat counterintuitive situation where the supported protocols are:

* --tls: TLS 1.0
* --ssl: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2

This patch fixes the handling of "--tls" so that it supports TLS 1.x
while ensuring SSL 3.0 is blocked (SSL 2.0 is always blocked).

This all assumes an OpenSSL library capable of supports newer TLS
versions, otherwise, the above change will have no effect on stud's
behaviour (ie. --ssl supports SSL 3.0/TLS 1.0, --tls supports TLS 1.0).

Fix possible buffer overflow

When we run using "--tls" (default) we create the SSL context with a
TLSv1_*_method(), however, this _only_ supports TLS 1.0 connections. In
contrast, when we run with "--ssl" we use a SSLv23_*_method() which
allows all supported protocols. We block SSL 2.0 by passing in the
SSL_OP_NO_SSLv2 flag in SSL_CTX_set_options. This results in the
somewhat counterintuitive situation where the supported protocols are:

* --tls: TLS 1.0
* --ssl: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2

This patch fixes the handling of "--tls" so that it supports TLS 1.x
while ensuring SSL 3.0 is blocked (SSL 2.0 is always blocked).

This all assumes an OpenSSL library capable of supports newer TLS
versions, otherwise, the above change will have no effect on stud's
behaviour (ie. --ssl supports SSL 3.0/TLS 1.0, --tls supports TLS 1.0).

Merge remote-tracking branch 'source/pr/138'

Merge remote-tracking branch 'source/pr/100'