Package: getdns
Followup-For: Bug #1138405
X-Debbugs-Cc: [email protected]
Control: tags -1 patch ftbfs

Dear Maintainer,

The patch fixes the build issue.

-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), 
(100, 'noble-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Description: Fix OpenSSL 4.0 compatibility
 Replace direct ASN1_BIT_STRING member access with ASN1_STRING_get0_data()
 and ASN1_STRING_length() accessors. Use const for X509 accessor return
 values.
Author: Ravi Kant Sharma <[email protected]>
Forwarded: https://github.com/getdnsapi/getdns/pull/551
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154951
Bug-Debian: https://bugs.debian.org/1138405
Last-Update: 2026-07-06

Index: getdns/src/ssl_dane/danessl.c
===================================================================
--- getdns.orig/src/ssl_dane/danessl.c  2026-07-06 13:06:08.180052843 +0200
+++ getdns/src/ssl_dane/danessl.c       2026-07-06 13:06:22.591129526 +0200
@@ -388,7 +388,7 @@
     return 0;
 }
 
-static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
+static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, const X509_NAME 
*subj)
 {
     X509_NAME *name = akid_issuer_name(akid);
 
@@ -443,7 +443,7 @@
     int ret = 1;
     X509 *cert = 0;
     AUTHORITY_KEYID *akid;
-    X509_NAME *name = X509_get_issuer_name(subject);
+    const X509_NAME *name = X509_get_issuer_name(subject);
     EVP_PKEY *newkey = key ? key : X509_get_pubkey(subject);
 
 #define WRAP_MID 0             /* Ensure intermediate. */
@@ -781,9 +781,9 @@
 
 static char *parse_subject_name(X509 *cert)
 {
-    X509_NAME *name = X509_get_subject_name(cert);
-    X509_NAME_ENTRY *entry;
-    ASN1_STRING *entry_str;
+    const X509_NAME *name = X509_get_subject_name(cert);
+    const X509_NAME_ENTRY *entry;
+    const ASN1_STRING *entry_str;
     unsigned char *namebuf;
     int nid = NID_commonName;
     int len;
Index: getdns/src/tls/anchor-internal.c
===================================================================
--- getdns.orig/src/tls/anchor-internal.c       2026-07-06 13:06:08.180052843 
+0200
+++ getdns/src/tls/anchor-internal.c    2026-07-06 13:06:08.174052812 +0200
@@ -60,10 +60,12 @@
        ASN1_BIT_STRING* s;
 
        if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) {
-               if(s->length > 0) {
-                       val = s->data[0];
-                       if(s->length > 1)
-                               val |= s->data[1] << 8;
+               const unsigned char *data = ASN1_STRING_get0_data(s);
+               int len = ASN1_STRING_length(s);
+               if(len > 0) {
+                       val = data[0];
+                       if(len > 1)
+                               val |= data[1] << 8;
                }
                ASN1_BIT_STRING_free(s);
        }

Reply via email to