Dear virtuoso-opensource maintainers,

I have developed a patch that allows virtuoso-opensource to build with both
OpenSSL 3.x and OpenSSL 4.0 [1].

The FTBFS was caused by two main issues:
- the code directly accessed internal fields that have been made opaque in
OpenSSL 4.0. The patch updates these to use the appropriate accessors.
- several OpenSSL functions now return const pointers. The patch updates
the relevant call sites to match their

I have attached the patch to this message. Please let me know if you need
anything else.

Best wishes,
Ruan

[1]:
https://launchpad.net/~ruancomelli/+archive/ubuntu/fix-lp2155011/+sourcepub/18550551/+listing-archive-extra
Description: Fix for OpenSSL 4 compatibility
 OpenSSL 4 made the ASN1_STRING structure opaque, so direct member
 access (os->data, os->length, bs->type) is no longer possible.
 This patch replaces such accesses with the provided accessor macros
 (ASN1_STRING_get0_data, ASN1_STRING_length, ASN1_STRING_type) and
 constifies X509_EXTENSION pointers returned by X509_get_ext() to
 match the new const-correct signatures.
Author: Ruan Comelli <[email protected]>
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2155011
Bug-Debian: https://bugs.debian.org/1138460
Bug: https://github.com/openlink/virtuoso-opensource/issues/1433
Last-Update: 2026-07-01
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/libsrc/Wi/bif_crypto.c
+++ b/libsrc/Wi/bif_crypto.c
@@ -370,12 +370,12 @@
 
 	      opp = op;
 	      os = d2i_ASN1_OCTET_STRING (NULL, (const unsigned char **)&opp, len + hl);
-	      if (os != NULL && os->length > 0)
+	      if (os != NULL && ASN1_STRING_length (os) > 0)
 		{
-		  opp = os->data;
+		  opp = ASN1_STRING_get0_data (os);
 		  /* testing whether the octet string is
 		   * printable */
-		  for (i = 0; i < os->length; i++)
+		  for (i = 0; i < ASN1_STRING_length (os); i++)
 		    {
 		      if (((opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~'))
 			{
@@ -388,7 +388,7 @@
 		    {
 		      /*if (BIO_write(bp,":",1) <= 0)
 		         goto end; */
-		      if (BIO_write (bp, (const char *) opp, os->length) <= 0)
+		      if (BIO_write (bp, (const char *) opp, ASN1_STRING_length (os)) <= 0)
 			goto end;
 		    }
 		  else if (!dump)
@@ -397,7 +397,7 @@
 		    {
 		      /*if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
 		         goto end; */
-		      for (i = 0; i < os->length; i++)
+		      for (i = 0; i < ASN1_STRING_length (os); i++)
 			{
 			  if (BIO_printf (bp, "%02X", opp[i]) <= 0)
 			    goto end;
@@ -412,7 +412,7 @@
 			     goto end; */
 			  ;
 			}
-		      if (BIO_dump_indent (bp, (const char *) opp, ((dump == -1 || dump > os->length) ? os->length : dump), dump_indent) <= 0)
+		      if (BIO_dump_indent (bp, (const char *) opp, ((dump == -1 || dump > ASN1_STRING_length (os)) ? ASN1_STRING_length (os) : dump), dump_indent) <= 0)
 			goto end;
 		      nl = 1;
 		    }
@@ -433,15 +433,15 @@
 	      if (bs != NULL)
 		{
 		  /*if (BIO_write(bp,":",1) <= 0) goto end; */
-		  if (bs->type == V_ASN1_NEG_INTEGER)
+		  if (ASN1_STRING_type (bs) == V_ASN1_NEG_INTEGER)
 		    if (BIO_write (bp, "-", 1) <= 0)
 		      goto end;
-		  for (i = 0; i < bs->length; i++)
+		  for (i = 0; i < ASN1_STRING_length (bs); i++)
 		    {
-		      if (BIO_printf (bp, "%02X", bs->data[i]) <= 0)
+		      if (BIO_printf (bp, "%02X", ASN1_STRING_get0_data (bs)[i]) <= 0)
 			goto end;
 		    }
-		  if (bs->length == 0)
+		  if (ASN1_STRING_length (bs) == 0)
 		    {
 		      if (BIO_write (bp, "00", 2) <= 0)
 			goto end;
@@ -464,15 +464,15 @@
 	      if (bs != NULL)
 		{
 		  /*if (BIO_write(bp,":",1) <= 0) goto end; */
-		  if (bs->type == V_ASN1_NEG_ENUMERATED)
+		  if (ASN1_STRING_type (bs) == V_ASN1_NEG_ENUMERATED)
 		    if (BIO_write (bp, "-", 1) <= 0)
 		      goto end;
-		  for (i = 0; i < bs->length; i++)
+		  for (i = 0; i < ASN1_STRING_length (bs); i++)
 		    {
-		      if (BIO_printf (bp, "%02X", bs->data[i]) <= 0)
+		      if (BIO_printf (bp, "%02X", ASN1_STRING_get0_data (bs)[i]) <= 0)
 			goto end;
 		    }
-		  if (bs->length == 0)
+		  if (ASN1_STRING_length (bs) == 0)
 		    {
 		      if (BIO_write (bp, "00", 2) <= 0)
 			goto end;
@@ -1742,8 +1742,8 @@
 
         i2t_ASN1_OBJECT(buf,sizeof (buf), sigalg->algorithm);
 
-	n = sig->length;
-	s = sig->data;
+	n = ASN1_STRING_length (sig);
+	s = ASN1_STRING_get0_data (sig);
 	val = dk_alloc_box ((n * 2) + 1, DV_SHORT_STRING);
 	for (i = 0; i < n; i ++)
 	  {
--- a/libsrc/Wi/xmlenc.c
+++ b/libsrc/Wi/xmlenc.c
@@ -6306,7 +6306,7 @@
 caddr_t xenc_x509_get_key_identifier (X509 * cert)
 {
   ASN1_OCTET_STRING *ikeyid = NULL;
-  X509_EXTENSION *ext;
+  const X509_EXTENSION *ext;
   int i;
   caddr_t ret;
   if (!cert)
@@ -6343,8 +6343,8 @@
       return ret;
     }
 
-  ret = dk_alloc_box (ikeyid->length, DV_BIN);
-  memcpy (ret, ikeyid->data, ikeyid->length);
+  ret = dk_alloc_box (ASN1_STRING_length (ikeyid), DV_BIN);
+  memcpy (ret, ASN1_STRING_get0_data (ikeyid), ASN1_STRING_length (ikeyid));
   ASN1_OCTET_STRING_free(ikeyid);
   return ret;
 }
@@ -6387,7 +6387,7 @@
   xenc_key_t * k = xenc_get_key_by_name (name, 1);
   X509 * cert;
   ASN1_OCTET_STRING *ikeyid = NULL;
-  X509_EXTENSION *ext;
+  const X509_EXTENSION *ext;
   int i;
   caddr_t ret;
   if (!k || !k->xek_x509)
@@ -6403,8 +6403,8 @@
       sqlr_new_error ("42000", "XENC24", "could not get subject key identifier for %s certificate", name);
     }
 
-  ret = dk_alloc_box (ikeyid->length, DV_BIN);
-  memcpy (ret, ikeyid->data, ikeyid->length);
+  ret = dk_alloc_box (ASN1_STRING_length (ikeyid), DV_BIN);
+  memcpy (ret, ASN1_STRING_get0_data (ikeyid), ASN1_STRING_length (ikeyid));
   ASN1_OCTET_STRING_free(ikeyid);
   return ret;
 }

Reply via email to