Package: 1138410
Version: 1.14.2-6
Followup-For: Bug #1138410
X-Debbugs-Cc: [email protected]
Control: tags -1 patch

Please find attached a patch that fixes the OpenSSL 4.0 build failure.
The patch is taken from upstream commit
413d2b9b53c312014a29f1f7951e903ab1d2a54a.


-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), 
(100, 'noble-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Origin: upstream, 
https://github.com/pocoproject/poco/commit/413d2b9b53c312014a29f1f7951e903ab1d2a54a
Forwarded: not-needed
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154955
Bug-Debian: https://bugs.debian.org/1138410

>From 413d2b9b53c312014a29f1f7951e903ab1d2a54a Mon Sep 17 00:00:00 2001
From: seektechnz <[email protected]>
Date: Thu, 12 Mar 2026 07:40:26 +1300
Subject: [PATCH] Constify X509* usage where needed and use ASN1_STRING
 accessors (#5239)

---
 Crypto/src/PKCS12Container.cpp |  2 +-
 Crypto/src/X509Certificate.cpp | 20 +++++++++++---------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/Crypto/src/PKCS12Container.cpp b/Crypto/src/PKCS12Container.cpp
index b1f797b353..9504944df7 100644
--- a/Crypto/src/PKCS12Container.cpp
+++ b/Crypto/src/PKCS12Container.cpp
@@ -128,7 +128,7 @@ std::string PKCS12Container::extractFriendlyName(X509* 
pCert)
        if(pCert)
        {
                int length = 0;
-               char* pBuffer = reinterpret_cast<char*>(X509_alias_get0(pCert, 
&length));
+               auto pBuffer = reinterpret_cast<const 
char*>(X509_alias_get0(pCert, &length));
                if (pBuffer)
                {
                        friendlyName.append(pBuffer, length);
diff --git a/Crypto/src/X509Certificate.cpp b/Crypto/src/X509Certificate.cpp
index 50fb97221a..6864a2d83b 100644
--- a/Crypto/src/X509Certificate.cpp
+++ b/Crypto/src/X509Certificate.cpp
@@ -209,7 +209,7 @@ void X509Certificate::save(const std::string& path) const
 }
 
 
-std::string _X509_NAME_oneline_utf8(X509_NAME *name)
+std::string _X509_NAME_oneline_utf8(const X509_NAME *name)
 {
        BIO * bio_out = BIO_new(BIO_s_mem());
        X509_NAME_print_ex(bio_out, name, 0, (ASN1_STRFLGS_RFC2253 | 
XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS) & 
~ASN1_STRFLGS_ESC_MSB);
@@ -247,7 +247,7 @@ std::string X509Certificate::commonName() const
 
 std::string X509Certificate::issuerName(NID nid) const
 {
-       if (X509_NAME* issuer = X509_get_issuer_name(_pCert))
+       if (auto issuer = X509_get_issuer_name(_pCert))
        {
                char buffer[NAME_BUFFER_SIZE];
                if (X509_NAME_get_text_by_NID(issuer, nid, buffer, 
sizeof(buffer)) >= 0)
@@ -259,7 +259,7 @@ std::string X509Certificate::issuerName(NID nid) const
 
 std::string X509Certificate::subjectName(NID nid) const
 {
-       if (X509_NAME* subj = X509_get_subject_name(_pCert))
+       if (auto subj = X509_get_subject_name(_pCert))
        {
                char buffer[NAME_BUFFER_SIZE];
                if (X509_NAME_get_text_by_NID(subj, nid, buffer, 
sizeof(buffer)) >= 0)
@@ -297,13 +297,14 @@ void X509Certificate::extractNames(std::string& cmnName, 
std::set<std::string>&
 Poco::DateTime X509Certificate::validFrom() const
 {
        const ASN1_TIME* certTime = X509_get0_notBefore(_pCert);
-       std::string dateTime(reinterpret_cast<char*>(certTime->data));
+       auto certTimeType = ASN1_STRING_type(certTime);
+       std::string dateTime(reinterpret_cast<const 
char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime));
        int tzd;
-       if (certTime->type == V_ASN1_UTCTIME)
+       if (certTimeType == V_ASN1_UTCTIME)
        {
                return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
        }
-       else if (certTime->type == V_ASN1_GENERALIZEDTIME)
+       else if (certTimeType == V_ASN1_GENERALIZEDTIME)
        {
                return DateTimeParser::parse("%Y%m%d%H%M%S", dateTime, tzd);
        }
@@ -317,13 +318,14 @@ Poco::DateTime X509Certificate::validFrom() const
 Poco::DateTime X509Certificate::expiresOn() const
 {
        const ASN1_TIME* certTime = X509_get0_notAfter(_pCert);
-       std::string dateTime(reinterpret_cast<char*>(certTime->data));
+       auto certTimeType = ASN1_STRING_type(certTime);
+       std::string dateTime(reinterpret_cast<const 
char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime));
        int tzd;
-       if (certTime->type == V_ASN1_UTCTIME)
+       if (certTimeType == V_ASN1_UTCTIME)
        {
                return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
        }
-       else if (certTime->type == V_ASN1_GENERALIZEDTIME)
+       else if (certTimeType == V_ASN1_GENERALIZEDTIME)
        {
                return DateTimeParser::parse("%Y%m%d%H%M%S", dateTime, tzd);
        }

Reply via email to