yes we could fix dehydrated. but we can _not_ control how everyone out there is calling openssl. so we really should fix this bug within openssl.