Dear virtuoso-opensource maintainers, I have developed a patch that allows virtuoso-opensource to build with both OpenSSL 3.x and OpenSSL 4.0 [1].
The FTBFS was caused by two main issues: - the code directly accessed internal fields that have been made opaque in OpenSSL 4.0. The patch updates these to use the appropriate accessors. - several OpenSSL functions now return const pointers. The patch updates the relevant call sites to match their I have attached the patch to this message. Please let me know if you need anything else. Best wishes, Ruan [1]: https://launchpad.net/~ruancomelli/+archive/ubuntu/fix-lp2155011/+sourcepub/18550551/+listing-archive-extra
Description: Fix for OpenSSL 4 compatibility OpenSSL 4 made the ASN1_STRING structure opaque, so direct member access (os->data, os->length, bs->type) is no longer possible. This patch replaces such accesses with the provided accessor macros (ASN1_STRING_get0_data, ASN1_STRING_length, ASN1_STRING_type) and constifies X509_EXTENSION pointers returned by X509_get_ext() to match the new const-correct signatures. Author: Ruan Comelli <[email protected]> Bug-Ubuntu: https://bugs.launchpad.net/bugs/2155011 Bug-Debian: https://bugs.debian.org/1138460 Bug: https://github.com/openlink/virtuoso-opensource/issues/1433 Last-Update: 2026-07-01 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/libsrc/Wi/bif_crypto.c +++ b/libsrc/Wi/bif_crypto.c @@ -370,12 +370,12 @@ opp = op; os = d2i_ASN1_OCTET_STRING (NULL, (const unsigned char **)&opp, len + hl); - if (os != NULL && os->length > 0) + if (os != NULL && ASN1_STRING_length (os) > 0) { - opp = os->data; + opp = ASN1_STRING_get0_data (os); /* testing whether the octet string is * printable */ - for (i = 0; i < os->length; i++) + for (i = 0; i < ASN1_STRING_length (os); i++) { if (((opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { @@ -388,7 +388,7 @@ { /*if (BIO_write(bp,":",1) <= 0) goto end; */ - if (BIO_write (bp, (const char *) opp, os->length) <= 0) + if (BIO_write (bp, (const char *) opp, ASN1_STRING_length (os)) <= 0) goto end; } else if (!dump) @@ -397,7 +397,7 @@ { /*if (BIO_write(bp,"[HEX DUMP]:",11) <= 0) goto end; */ - for (i = 0; i < os->length; i++) + for (i = 0; i < ASN1_STRING_length (os); i++) { if (BIO_printf (bp, "%02X", opp[i]) <= 0) goto end; @@ -412,7 +412,7 @@ goto end; */ ; } - if (BIO_dump_indent (bp, (const char *) opp, ((dump == -1 || dump > os->length) ? os->length : dump), dump_indent) <= 0) + if (BIO_dump_indent (bp, (const char *) opp, ((dump == -1 || dump > ASN1_STRING_length (os)) ? ASN1_STRING_length (os) : dump), dump_indent) <= 0) goto end; nl = 1; } @@ -433,15 +433,15 @@ if (bs != NULL) { /*if (BIO_write(bp,":",1) <= 0) goto end; */ - if (bs->type == V_ASN1_NEG_INTEGER) + if (ASN1_STRING_type (bs) == V_ASN1_NEG_INTEGER) if (BIO_write (bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) + for (i = 0; i < ASN1_STRING_length (bs); i++) { - if (BIO_printf (bp, "%02X", bs->data[i]) <= 0) + if (BIO_printf (bp, "%02X", ASN1_STRING_get0_data (bs)[i]) <= 0) goto end; } - if (bs->length == 0) + if (ASN1_STRING_length (bs) == 0) { if (BIO_write (bp, "00", 2) <= 0) goto end; @@ -464,15 +464,15 @@ if (bs != NULL) { /*if (BIO_write(bp,":",1) <= 0) goto end; */ - if (bs->type == V_ASN1_NEG_ENUMERATED) + if (ASN1_STRING_type (bs) == V_ASN1_NEG_ENUMERATED) if (BIO_write (bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) + for (i = 0; i < ASN1_STRING_length (bs); i++) { - if (BIO_printf (bp, "%02X", bs->data[i]) <= 0) + if (BIO_printf (bp, "%02X", ASN1_STRING_get0_data (bs)[i]) <= 0) goto end; } - if (bs->length == 0) + if (ASN1_STRING_length (bs) == 0) { if (BIO_write (bp, "00", 2) <= 0) goto end; @@ -1742,8 +1742,8 @@ i2t_ASN1_OBJECT(buf,sizeof (buf), sigalg->algorithm); - n = sig->length; - s = sig->data; + n = ASN1_STRING_length (sig); + s = ASN1_STRING_get0_data (sig); val = dk_alloc_box ((n * 2) + 1, DV_SHORT_STRING); for (i = 0; i < n; i ++) { --- a/libsrc/Wi/xmlenc.c +++ b/libsrc/Wi/xmlenc.c @@ -6306,7 +6306,7 @@ caddr_t xenc_x509_get_key_identifier (X509 * cert) { ASN1_OCTET_STRING *ikeyid = NULL; - X509_EXTENSION *ext; + const X509_EXTENSION *ext; int i; caddr_t ret; if (!cert) @@ -6343,8 +6343,8 @@ return ret; } - ret = dk_alloc_box (ikeyid->length, DV_BIN); - memcpy (ret, ikeyid->data, ikeyid->length); + ret = dk_alloc_box (ASN1_STRING_length (ikeyid), DV_BIN); + memcpy (ret, ASN1_STRING_get0_data (ikeyid), ASN1_STRING_length (ikeyid)); ASN1_OCTET_STRING_free(ikeyid); return ret; } @@ -6387,7 +6387,7 @@ xenc_key_t * k = xenc_get_key_by_name (name, 1); X509 * cert; ASN1_OCTET_STRING *ikeyid = NULL; - X509_EXTENSION *ext; + const X509_EXTENSION *ext; int i; caddr_t ret; if (!k || !k->xek_x509) @@ -6403,8 +6403,8 @@ sqlr_new_error ("42000", "XENC24", "could not get subject key identifier for %s certificate", name); } - ret = dk_alloc_box (ikeyid->length, DV_BIN); - memcpy (ret, ikeyid->data, ikeyid->length); + ret = dk_alloc_box (ASN1_STRING_length (ikeyid), DV_BIN); + memcpy (ret, ASN1_STRING_get0_data (ikeyid), ASN1_STRING_length (ikeyid)); ASN1_OCTET_STRING_free(ikeyid); return ret; }

