I would like to note, I'm confident in the encoding of this patch, because I didn't do it manually.
The sourcecode of that static list was automatically produced from the DER encoded certificates, and the code it produced for the test certificate at https://kuix.de:9449/ correctly caused it to be blocked. I think it's reasonable to conclude the code works for all certs correctly (after code review).
I would like to note, I'm confident in the encoding of this patch, because I didn't do it manually.
The sourcecode of that static list was automatically produced from the DER encoded certificates, and the code it produced for the test certificate at https:/ /kuix.de: 9449/ correctly caused it to be blocked. I think it's reasonable to conclude the code works for all certs correctly (after code review).