In lib/hx509/cert.c, fix cases where errors are returned as certs.

In both hx509_cert_init() and hx509_cert_init_data(), there is an
output parameter for the error code but there are cases where the
error is used as a return value instead of the specified hx509_cert.
We fix these issues.  We also check if error is non-NULL and only
set the error in this case, allowing the functions to be called
with error == NULL without segfault.

lib/hx509/cert.c

@@ -232,8 +232,11 @@ hx509_cert_init(hx509_context context, const Certificate *c, heim_error_t *error
     int ret;
 
     cert = malloc(sizeof(*cert));
-    if (cert == NULL)
-	return heim_error_create_enomem();
+    if (cert == NULL) {
+	if (error)
+	    *error = heim_error_create_enomem();
+	return NULL;
+    }
     cert->ref = 1;
     cert->friendlyname = NULL;
     cert->attrs.len = 0;
@@ -246,7 +249,9 @@ hx509_cert_init(hx509_context context, const Certificate *c, heim_error_t *error
     cert->data = calloc(1, sizeof(*(cert->data)));
     if (cert->data == NULL) {
 	free(cert);
-	return heim_error_create_enomem();
+	if (error)
+	    *error = heim_error_create_enomem();
+	return NULL;
     }
     ret = copy_Certificate(c, cert->data);
     if (ret) {
@@ -289,13 +294,16 @@ hx509_cert_init_data(hx509_context context,
 
     ret = decode_Certificate(ptr, len, &t, &size);
     if (ret) {
+	if (error)
 	    *error = heim_error_create(ret, "Failed to decode certificate");
 	return NULL;
     }
     if (size != len) {
 	free_Certificate(&t);
-	return heim_error_create(HX509_EXTRA_DATA_AFTER_STRUCTURE,
+	if (error)
+	    *error = heim_error_create(HX509_EXTRA_DATA_AFTER_STRUCTURE,
 				       "Extra data after certificate");
+	return NULL;
     }
 
     cert = hx509_cert_init(context, &t, error);