CLEANUP: ssl: make ssl_sock_load_ckchs() return a set of ERR_*

ssl_sock_load_ckchs() used to return 0 or >0 to indicate success or
failure even though this was not documented. Make it return a set of
ERR_* instead so that its callers can transparently report its status.
Given that its callers only used to know about ERR_ALERT | ERR_FATAL,
this is the only code returned for now. And a comment was added.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ed1f5ba..10dee6f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3672,6 +3672,7 @@
 	return NULL;
 }
 
+/* Returns a set of ERR_* flags possibly with an error in <err>. */
 static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
                                struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
                                char **sni_filter, int fcount, char **err)
@@ -3685,13 +3686,12 @@
 		ckch_inst = ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, err);
 
 	if (!ckch_inst)
-		return 1;
+		return ERR_ALERT | ERR_FATAL;
 
 	ssl_sock_load_cert_sni(ckch_inst, bind_conf);
 
 	/* succeed, add the instance to the ckch_store's list of instance */
 	LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
-
 	return 0;
 }
 
@@ -3713,10 +3713,7 @@
 #endif
 	if ((ckchs = ckchs_lookup(path))) {
 		/* we found the ckchs in the tree, we can use it directly */
-		if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-			return ERR_ALERT | ERR_FATAL;
-		else
-			return 0;
+		return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 	}
 
 	if (stat(path, &buf) == 0) {
@@ -3726,10 +3723,7 @@
 			if (!ckchs)
 				return ERR_ALERT | ERR_FATAL;
 
-			if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-				return ERR_ALERT | ERR_FATAL;
-			else
-				return 0;
+			return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 		}
 
 		/* strip trailing slashes, including first one */
@@ -3794,8 +3788,8 @@
 							ckchs =  ckchs_load_cert_file(fp, 1,  err);
 						if (!ckchs)
 							cfgerr |= ERR_ALERT | ERR_FATAL;
-						else if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-							cfgerr |= ERR_ALERT | ERR_FATAL;
+						else
+							cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 						/* Successfully processed the bundle */
 						goto ignore_entry;
 					}
@@ -3807,8 +3801,7 @@
 				if (!ckchs)
 					cfgerr |= ERR_ALERT | ERR_FATAL;
 				else
-					if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-						cfgerr |= ERR_ALERT | ERR_FATAL;
+					cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 
 ignore_entry:
 				free(de);
@@ -3823,8 +3816,7 @@
 	if (!ckchs)
 		return ERR_ALERT | ERR_FATAL;
 
-	if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-		cfgerr |= ERR_ALERT | ERR_FATAL;
+	cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 
 	return cfgerr;
 }
@@ -4018,10 +4010,10 @@
 				ckchs = ckchs_load_cert_file(crt_path, 1,  err);
 		}
 
-		if (!ckchs ||
-		    ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err) > 0) {
+		if (!ckchs)
 			cfgerr |= ERR_ALERT | ERR_FATAL;
-		}
+		else
+			cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
 
 		if (cfgerr) {
 			memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);