Comment 8 for bug 925657

Ok, I added a couple of checks like you suggested. I modified the methods such that they return the length as obtained from ASN1_STRING_length, and this length is used instead of strlen(). Comparison is now done by first comparing if lengths are equal, and then using memcmp() between the two strings. If embedded nulls are present, comparison should fail.

Can you check and see if anything else is missing?