Hello Dan and Matthew, thanks for working on this. I gave the debdiffs a look, skimmed through openssl changes, and don't see any reason to not do this. There *are* larger changes to that function in https://github.com/openssl/openssl/commit/1e41dadfa7b9f792ed0f4714a3d3d36f070cf30e -- but it's a fairly invasive change, and I'm not recommending or suggesting we take it instead. It'd be nice though if someone could double-check the certs in question against a build that uses this newer commit and make sure that we're not backporting a very short-lived functional change.
Hello Dan and Matthew, thanks for working on this. I gave the debdiffs a look, skimmed through openssl changes, and don't see any reason to not do this. There *are* larger changes to that function in https:/ /github. com/openssl/ openssl/ commit/ 1e41dadfa7b9f79 2ed0f4714a3d3d3 6f070cf30e -- but it's a fairly invasive change, and I'm not recommending or suggesting we take it instead. It'd be nice though if someone could double-check the certs in question against a build that uses this newer commit and make sure that we're not backporting a very short-lived functional change.
Thanks