Package: 1138356
Followup-For: Bug #1138356
X-Debbugs-Cc: [email protected]

This patch fixes the build failure with OpenSSL 4.0.


-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), 
(100, 'noble-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Description: Fix build failure with OpenSSL 4.0
 X509_get_subject_name() now returns a const X509_NAME* in OpenSSL 4.0.
 Build a fresh X509_NAME with X509_NAME_new(), populate it, then set it
 explicitly via X509_set_subject_name() and X509_set_issuer_name() before
 freeing it.
Author: Ravi Kant Sharma <[email protected]>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/znc/+bug/2154904
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138356
Forwarded: https://github.com/znc/znc/pull/2024
Last-Update: 2026-06-15
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -128,7 +128,8 @@
     sEmailAddr += "@";
     sEmailAddr += sHostName;
 
-    X509_NAME* pName = X509_get_subject_name(pCert.get());
+    X509_NAME* pName = X509_NAME_new();
+    if (!pName) return;
     X509_NAME_add_entry_by_txt(pName, "OU", MBSTRING_ASC,
                                (unsigned char*)pLogName, -1, -1, 0);
     X509_NAME_add_entry_by_txt(pName, "CN", MBSTRING_ASC,
@@ -136,7 +137,9 @@
     X509_NAME_add_entry_by_txt(pName, "emailAddress", MBSTRING_ASC,
                                (unsigned char*)sEmailAddr.c_str(), -1, -1, 0);
 
+    X509_set_subject_name(pCert.get(), pName);
     X509_set_issuer_name(pCert.get(), pName);
+    X509_NAME_free(pName);
 
     if (!X509_sign(pCert.get(), pKey.get(), EVP_sha256())) return;
 
--- a/src/SSLVerifyHost.cpp
+++ b/src/SSLVerifyHost.cpp
@@ -306,8 +306,8 @@
 static HostnameValidationResult matches_common_name(const char* hostname,
                                                     const X509* server_cert) {
     int common_name_loc = -1;
-    X509_NAME_ENTRY* common_name_entry = nullptr;
-    ASN1_STRING* common_name_asn1 = nullptr;
+    const X509_NAME_ENTRY* common_name_entry = nullptr;
+    const ASN1_STRING* common_name_asn1 = nullptr;
     CONST_ASN1_STRING_DATA char* common_name_str = nullptr;
 
     // Find the position of the CN field in the Subject field of the 
certificate

Reply via email to