openssl: Accept CRLs issued by non-CA certificates with cRLSign keyUsage flag

The x509 plugin accepted CRL signers since forever, to be precise, since
dffb176f2b ("CRLSign keyUsage or CA basicConstraint are sufficient
for CRL validation")).

References #3529.

src/libstrongswan/plugins/openssl/openssl_crl.c

@@ -303,7 +303,7 @@ METHOD(certificate_t, issued_by, bool,
 		return FALSE;
 	}
 	x509 = (x509_t*)issuer;
-	if (!(x509->get_flags(x509) & X509_CA))
+	if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN)))
 	{
 		return FALSE;
 	}