Schannel plugin incorrectly verifies the NetscapeCertType extension

Using a Qt client app to call a local python SSL server that uses a leaf certificate which is part of a local certificate chain (the leaf certificate uses an intermediate certificate, and the intermediate certificate uses a self-signed root certificate), leads to a failed SSL handshake and an Invalid Purpose SSL error.

Initial debugging revealed that the Netscape extension was causing problems. In qtls_schannel.cpp, the "netscapeWrongCertType" function was returning true, failing the SSL handshake. Commenting out this check resolved the handshake issue, confirming it was the sole cause.

After further investigation, it was found that the Netscape certificate type (OID 2.16.840.1.113730.1.1) is being misinterpreted since the entire byte array (03020640) is being compared, instead of just the last byte (40) which represents the SSL server. (NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE as defined by SChannel).

Though even after this was fixed, the Netscape errors persisted. The leaf certificate passed the context verification, but the intermediate and root CAs failed. Qt was incorrectly applying the SSL Server check (0x40) to CA certificates, which should have 0x04 (NETSCAPE_SSL_CA_CERT_TYPE as defined by SChannel). The code was modified to skip the SSL server check for CA certificates.

The attached patch, qtls_schannel.diff, contains proposed changes which resolve the issues.

Steps to reproduce:
1. Run the "install-certsWindows.bat" script to install the root and intermediate certificates
2. Run the "verify-cert-win.bat" script to verify the leaf certificate
3. Run the "flask_server.py" script to start the local server
4. Build and run the "TestSSLogging_1" client app