Package: 1138410 Version: 1.14.2-6 Followup-For: Bug #1138410 X-Debbugs-Cc: [email protected] Control: tags -1 patch
Please find attached a patch that fixes the OpenSSL 4.0 build failure. The patch is taken from upstream commit 413d2b9b53c312014a29f1f7951e903ab1d2a54a. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Origin: upstream, https://github.com/pocoproject/poco/commit/413d2b9b53c312014a29f1f7951e903ab1d2a54a Forwarded: not-needed Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154955 Bug-Debian: https://bugs.debian.org/1138410 >From 413d2b9b53c312014a29f1f7951e903ab1d2a54a Mon Sep 17 00:00:00 2001 From: seektechnz <[email protected]> Date: Thu, 12 Mar 2026 07:40:26 +1300 Subject: [PATCH] Constify X509* usage where needed and use ASN1_STRING accessors (#5239) --- Crypto/src/PKCS12Container.cpp | 2 +- Crypto/src/X509Certificate.cpp | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/Crypto/src/PKCS12Container.cpp b/Crypto/src/PKCS12Container.cpp index b1f797b353..9504944df7 100644 --- a/Crypto/src/PKCS12Container.cpp +++ b/Crypto/src/PKCS12Container.cpp @@ -128,7 +128,7 @@ std::string PKCS12Container::extractFriendlyName(X509* pCert) if(pCert) { int length = 0; - char* pBuffer = reinterpret_cast<char*>(X509_alias_get0(pCert, &length)); + auto pBuffer = reinterpret_cast<const char*>(X509_alias_get0(pCert, &length)); if (pBuffer) { friendlyName.append(pBuffer, length); diff --git a/Crypto/src/X509Certificate.cpp b/Crypto/src/X509Certificate.cpp index 50fb97221a..6864a2d83b 100644 --- a/Crypto/src/X509Certificate.cpp +++ b/Crypto/src/X509Certificate.cpp @@ -209,7 +209,7 @@ void X509Certificate::save(const std::string& path) const } -std::string _X509_NAME_oneline_utf8(X509_NAME *name) +std::string _X509_NAME_oneline_utf8(const X509_NAME *name) { BIO * bio_out = BIO_new(BIO_s_mem()); X509_NAME_print_ex(bio_out, name, 0, (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS) & ~ASN1_STRFLGS_ESC_MSB); @@ -247,7 +247,7 @@ std::string X509Certificate::commonName() const std::string X509Certificate::issuerName(NID nid) const { - if (X509_NAME* issuer = X509_get_issuer_name(_pCert)) + if (auto issuer = X509_get_issuer_name(_pCert)) { char buffer[NAME_BUFFER_SIZE]; if (X509_NAME_get_text_by_NID(issuer, nid, buffer, sizeof(buffer)) >= 0) @@ -259,7 +259,7 @@ std::string X509Certificate::issuerName(NID nid) const std::string X509Certificate::subjectName(NID nid) const { - if (X509_NAME* subj = X509_get_subject_name(_pCert)) + if (auto subj = X509_get_subject_name(_pCert)) { char buffer[NAME_BUFFER_SIZE]; if (X509_NAME_get_text_by_NID(subj, nid, buffer, sizeof(buffer)) >= 0) @@ -297,13 +297,14 @@ void X509Certificate::extractNames(std::string& cmnName, std::set<std::string>& Poco::DateTime X509Certificate::validFrom() const { const ASN1_TIME* certTime = X509_get0_notBefore(_pCert); - std::string dateTime(reinterpret_cast<char*>(certTime->data)); + auto certTimeType = ASN1_STRING_type(certTime); + std::string dateTime(reinterpret_cast<const char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime)); int tzd; - if (certTime->type == V_ASN1_UTCTIME) + if (certTimeType == V_ASN1_UTCTIME) { return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd); } - else if (certTime->type == V_ASN1_GENERALIZEDTIME) + else if (certTimeType == V_ASN1_GENERALIZEDTIME) { return DateTimeParser::parse("%Y%m%d%H%M%S", dateTime, tzd); } @@ -317,13 +318,14 @@ Poco::DateTime X509Certificate::validFrom() const Poco::DateTime X509Certificate::expiresOn() const { const ASN1_TIME* certTime = X509_get0_notAfter(_pCert); - std::string dateTime(reinterpret_cast<char*>(certTime->data)); + auto certTimeType = ASN1_STRING_type(certTime); + std::string dateTime(reinterpret_cast<const char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime)); int tzd; - if (certTime->type == V_ASN1_UTCTIME) + if (certTimeType == V_ASN1_UTCTIME) { return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd); } - else if (certTime->type == V_ASN1_GENERALIZEDTIME) + else if (certTimeType == V_ASN1_GENERALIZEDTIME) { return DateTimeParser::parse("%Y%m%d%H%M%S", dateTime, tzd); }

