bad patch for openssl

[Ted Unangst]

I notice the posted patch includes a change to tasn_dec.c that doesn't work.

-       if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
-               return *pval;
+       if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+               ptmpval = *pval;
+       if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {

This will, among other things, prevent nginx 1.6 from loading keys.

The diff was included in the preannouncement material, but is not part of the
any of the final openssl releases.