Fix potential memory leak.

This can't happen because we don't implement RSA_PSK, but we probably should
check here.

Probably |sess_cert| shouldn't be attached to SSL_SESSION anyway; it's only
relevant when initializing the session and if it's accessed afterwards, it'll
be shared and cause problems.

Change-Id: Id868e523195f33c22e057f9b89dc02fe68e9b554
Reviewed-on: https://boringssl-review.googlesource.com/1153
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

@@ -1335,7 +1335,11 @@ int ssl3_get_key_exchange(SSL *s)
 		   later.*/
 		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)
 			{
-			s->session->sess_cert=ssl_sess_cert_new();
+			/* PSK ciphersuites that also send a
+			 * Certificate would have already initialized
+			 * |sess_cert|. */
+			if (s->session->sess_cert == NULL)
+				s->session->sess_cert = ssl_sess_cert_new();
 			if (s->session->psk_identity_hint)
 				{
 				OPENSSL_free(s->session->psk_identity_hint);