Don't mix up pre- and post-handshake verification of clients.

When verifying clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain. Reported by Ralf Paffrath.

Reported and analysed by Ralf Paffrath.

Addresses issue RADSECPROXY-43.