tls: handle empty cert in checkServerIndentity
This resolves joyent/node#9272. tlsSocket.getPeerCertificate
will
return an empty object when the peer does not provide a certificate,
but, prior to this, when the certificate is empty, checkServerIdentity
would throw because the subject
wasn't present on the cert.
checkServerIdentity
must return an error, not throw one, so this
returns an error when the cert is empty instead of throwing
a TypeError
.