Package: 1138356 Followup-For: Bug #1138356 X-Debbugs-Cc: [email protected]
This patch fixes the build failure with OpenSSL 4.0. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Description: Fix build failure with OpenSSL 4.0 X509_get_subject_name() now returns a const X509_NAME* in OpenSSL 4.0. Build a fresh X509_NAME with X509_NAME_new(), populate it, then set it explicitly via X509_set_subject_name() and X509_set_issuer_name() before freeing it. Author: Ravi Kant Sharma <[email protected]> Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/znc/+bug/2154904 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138356 Forwarded: https://github.com/znc/znc/pull/2024 Last-Update: 2026-06-15 --- a/src/Utils.cpp +++ b/src/Utils.cpp @@ -128,7 +128,8 @@ sEmailAddr += "@"; sEmailAddr += sHostName; - X509_NAME* pName = X509_get_subject_name(pCert.get()); + X509_NAME* pName = X509_NAME_new(); + if (!pName) return; X509_NAME_add_entry_by_txt(pName, "OU", MBSTRING_ASC, (unsigned char*)pLogName, -1, -1, 0); X509_NAME_add_entry_by_txt(pName, "CN", MBSTRING_ASC, @@ -136,7 +137,9 @@ X509_NAME_add_entry_by_txt(pName, "emailAddress", MBSTRING_ASC, (unsigned char*)sEmailAddr.c_str(), -1, -1, 0); + X509_set_subject_name(pCert.get(), pName); X509_set_issuer_name(pCert.get(), pName); + X509_NAME_free(pName); if (!X509_sign(pCert.get(), pKey.get(), EVP_sha256())) return; --- a/src/SSLVerifyHost.cpp +++ b/src/SSLVerifyHost.cpp @@ -306,8 +306,8 @@ static HostnameValidationResult matches_common_name(const char* hostname, const X509* server_cert) { int common_name_loc = -1; - X509_NAME_ENTRY* common_name_entry = nullptr; - ASN1_STRING* common_name_asn1 = nullptr; + const X509_NAME_ENTRY* common_name_entry = nullptr; + const ASN1_STRING* common_name_asn1 = nullptr; CONST_ASN1_STRING_DATA char* common_name_str = nullptr; // Find the position of the CN field in the Subject field of the certificate

