crypto: add cert check to CNNIC Whitelist

When client connect to the server with certification issued by either
CNNNIC Root CA or CNNNIC EV Root CA, check hash of server
certification in the list of CNNICHashWhitelist.inc. If it's not,
CERT_REVOKED error returns.

See for details in
https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/

Author: Shigeki Ohtsu