[tptacek]

Why not? Caching certificate chains makes sense. Bad hash functions are the norm in systems code, not the exception.

[b2600]

I guess I'm reading these two examples as: 1. an extra goto and 2. a strategy dealing with creating an ssl store that uses a 32(!) bit key. I'm not implying malice but they seem fundamentally different type of errors.