Better comments for #15308 and a small vulnerability possible

[Mark Doliner]

Hi Tomasz. Thanks for improving this code, and sorry for not looking
at it or responding until now.

I'm not very familiar with our ssl or certificate validation code and
I didn't quite follow all this. I see that you committed the patch in
revision 72bdcc0f7267. So does that mean that we think
purple_certificate_find_verifier() never fails? But you didn't get rid
of the else clause in ssl_nss_handshake_cb()... is that because you
think there are times when gsc->verifier can be NULL?