|
|
|
|
|
|
by aragilar
395 days ago
|
|
|
https://research.swtch.com/openssl provides more context: openssl was asked about the change, and seemingly approved it (whether everyone understood what was being approved is a different question). It's not clear why openssl never adopted the patch (was everyone else just lucky?), but I wonder what the reaction would have been if the patch had been applied (or the lines hidden away by a build switch). |
|
|
OpenSSL already had an option to safely disable the bad behavior, -DPURIFY.