This is a possible fix Ralf S. Engelschall <rse+openpkg-security@openpkg.org>
has made myself for the X.509 issue of mod_tls.c

Index: contrib/mod_tls.c
--- contrib/mod_tls.c.orig      2005-11-08 18:59:49 +0100
+++ contrib/mod_tls.c   2006-11-15 17:54:43 +0100
@@ -2421,6 +2421,8 @@
      datalen = BIO_get_mem_data(mem, &data);

   if (data) {
+    if (datalen > sizeof(buf)-1)
+        datalen = sizeof(buf)-1;
     memset(&buf, '\0', sizeof(buf));
     memcpy(buf, data, datalen);
     buf[datalen] = '\0';