openssl cms error does not raise an exception or log the problem

Desc
-------
This was discovered while trying to run reddwarf locally on a mac pointed to a remote devstack instance.
The root of the problem is that Mac OS X comes installed with openssl but it does not have cms enabled.
It was not clear where the problem came from due to the "Revoked Token" error that was thrown.

Offending code
----------------------
keystoneclient/common/cms.py

...

def cms_verify(formatted, signing_cert_file_name, ca_file_name):
    """
        verifies the signature of the contents IAW CMS syntax
    """
    _ensure_subprocess()
    process = subprocess.Popen(["openssl", "cms", "-verify",
                                "-certfile", signing_cert_file_name,
                                "-CAfile", ca_file_name,
                                "-inform", "PEM",
                                "-nosmimecap", "-nodetach",
                                "-nocerts", "-noattr"],
                               stdin=subprocess.PIPE,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
    output, err = process.communicate(formatted)
    retcode = process.poll()
    if retcode:
        LOG.error('Verify error: %s' % err)
        raise subprocess.CalledProcessError(retcode, "openssl", output=err)
    return output

...

When 'cms' is not enabled an err is returned from the 'process.communicate(formatted)' call.
The code above only checks for the retcode which is 0 and empty string is returned as output.
This eventually leads to an InValid Token exception.

Proposed fix:
------------------
Log the err so that it's more clear what the actual problem is.
Perhaps on debug or info level.

It appears that the returned value for error can be a successful validation.