CVE-2024-0853: OCSP verification bypass with TLS session reuse

## Summary: In version 8.5.0, cURL has inadvertently established a pathway for accepting revoked certificates. As a result of [this correction](https://github.com/curl/curl/pull/12418/commits/7cf0391bbc3b5b2e4402ce675124cd73dbe0187e), during TLS session reuse, OCSP stapling verification will be skipped. However, the TLS session will be preserved regardless of OCSP verification results. As a result, even for revoked certificates, verification is skipped during TLS session reuse. ## Steps To Reproduce: 1.Identify sites with revoked certificates. 2. `curl (1.URL) (1.URL)--cert-status` I have prepared an environment for testing. Please use as necessary. https://ocsptest.ddns.net/ `curl https://ocsptest.ddns.net/ https://ocsptest.ddns.net/ --cert-status` This website returns only the string "test." * I have used [this](https://curl.se/windows/dl-8.5.0_3/curl-8.5.0_3-win64-mingw.zip) for testing. * To avoid complications with timing dependencies in verification, I have configured the web server to use TLS 1.2. In the case of TLS 1.3, the timing of session preservation is delayed, which appeared to prevent session reuse with the above command line. Here are the execution results. ``` C:\curl-8.5.0_3-win64-mingw\bin>curl https://ocsptest.ddns.net/ https://ocsptest.ddns.net/ --cert-status curl: (91) SSL certificate revocation reason: (UNKNOWN) (-1) test ``` The first request becomes error, but the second one unjustly passes through the normal case. ## Impact Bypassing OCSP verification.