> this second feature (disallowing explicit curve params) was ineffective

Not quite. It would override the previous check about being signed by a valid CA.

I imagine the implementation was something like this:

    is_valid = true;
    is_valid &= signed_by_valid_ca(cert);
    if (check_x509_strict) {
        is_valid = !has_explicitly_encoded_curve_params(cert);
    }
    is_valid &= some_other_test(cert);
    is_valid &= yet_another_test(cert);

And it should have been:

        is_valid &= !has_explicitly_encoded_curve_params(cert);