fix for the HCertificateRequest in tlshand.c:/^msgRecv

 - use the right sizes for length fields
 - add additional check before the get16 at tlshand.c:1150
 - add   p += nn; n -= nn;
   which were missing after   makebytes at tlshand.c:1145

the latter fixes the problem I had with the test
at tlshand.c:1153 where the (n != nn) part succeeded
while we would want it (would expect it) to fail.

I've not yet tested this on the real system but
 - it feels and looks convincingly ok,
 - it explains the values of n and nn that I saw,
   and, better than that,
 - it checks out with the data I gathered earlier
   while debugging this (unfortunately I have only
   a single sample -- the one from our campus net)

as before, please doublecheck; I'm feeling good about this.

Axel.