This change import's upstream's beeb0fa7 and fixes a UAF in X509. Thankfully, this shouldn't impact Chromium, which doesn't use OpenSSL for certificate verification. BUG=489764 Change-Id: I0ce2ec05083f7c588ba5504bb12151437dec593e Reviewed-on: https://boringssl-review.googlesource.com/4810 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15