an attempt at plugging some holes reported by leak(1).
for me this does not break anything,
and my 802.1x ttls-pap thingy now runs
without leaks, as far as leak(1) tells me.

there may be more leaks-- I did not exercise the code of
x509.c:/^verify_signature
beyond the "expected 1" message.


Axel.