We don't handle certificate errors during SSL renegotiation.
In the common case, the server sends the same certificate during
renegotiation. Since the certificate has been verified, we can
assume the certificate is good or has been accepted by the user.
If the server sends a different certificate that has an error,
we need to return an error code that won't trigger our
certificate error handling code, which doesn't handle this case
correctly. Add the ERR_CERT_ERROR_IN_SSL_RENEGOTIATION error
for this purpose.