tags 1138374 + patch
thanks

Hello,

I've opened a Merge Request on Salsa that fixes this issue [1]. I've
also attached the same patch to this mail.

[1]: https://salsa.debian.org/debian/freeradius/-/merge_requests/16

Cheers,
-- 
Guilherme Puida Moreira
From: Antonio Torres <[email protected]>
Date: Tue, 5 May 2026 14:42:27 +0200
Subject: Use ASN1_STRING functions for OpenSSL 4.0 compat

Use ASN1_STRING accessor functions instead of direct field access
for ASN1_IA5STRING, ASN1_INTEGER, and ASN1_TIME structures.

This fixes compatibility with OpenSSL 4.0.

Signed-off-by: Antonio Torres <[email protected]>
Origin: upstream, https://github.com/FreeRADIUS/freeradius-server/commit/6658c9e375637ce0bd14bed733270d863224431e
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138374
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2154922
---
 src/main/tls.c | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/main/tls.c b/src/main/tls.c
index ac85e88..23bd236 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -2537,7 +2537,7 @@ static int ocsp_parse_cert_url(X509 *cert, char **host_out, char **port_out,
 		if (OBJ_obj2nid(ad->method) != NID_ad_OCSP) continue;
 		if (ad->location->type != GEN_URI) continue;
 
-		if (OCSP_parse_url((char *) ad->location->d.ia5->data, host_out,
+		if (OCSP_parse_url((const char *) ASN1_STRING_get0_data(ad->location->d.ia5), host_out,
 				   port_out, path_out, is_https)) {
 			ret = 1;
 			break;
@@ -3019,12 +3019,14 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	 *	we're at the client or issuing certificate.
 	 */
 	if (certs &&
-	    (lookup <= 1) && sn && ((size_t) sn->length < (sizeof(buf) / 2))) {
+	    (lookup <= 1) && sn && ((size_t) ASN1_STRING_length(sn) < (sizeof(buf) / 2))) {
 		char *p = buf;
 		int i;
+		int sn_len = ASN1_STRING_length(sn);
+		const unsigned char *sn_data = ASN1_STRING_get0_data(sn);
 
-		for (i = 0; i < sn->length; i++) {
-			sprintf(p, "%02x", (unsigned int)sn->data[i]);
+		for (i = 0; i < sn_len; i++) {
+			sprintf(p, "%02x", (unsigned int)sn_data[i]);
 			p += 2;
 		}
 		vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SERIAL][lookup], buf, T_OP_SET);
@@ -3037,9 +3039,11 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	buf[0] = '\0';
 	asn_time = X509_get_notAfter(client_cert);
 	if (certs && (lookup <= 1) && asn_time &&
-	    (asn_time->length < (int) sizeof(buf))) {
-		memcpy(buf, (char*) asn_time->data, asn_time->length);
-		buf[asn_time->length] = '\0';
+	    (ASN1_STRING_length(asn_time) < (int) sizeof(buf))) {
+		int time_len = ASN1_STRING_length(asn_time);
+		const unsigned char *time_data = ASN1_STRING_get0_data(asn_time);
+		memcpy(buf, time_data, time_len);
+		buf[time_len] = '\0';
 		vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_EXPIRATION][lookup], buf, T_OP_SET);
 		rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
 	}
@@ -3050,9 +3054,11 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	buf[0] = '\0';
 	asn_time = X509_get_notBefore(client_cert);
 	if (certs && (lookup <= 1) && asn_time &&
-	    (asn_time->length < (int) sizeof(buf))) {
-		memcpy(buf, (char*) asn_time->data, asn_time->length);
-		buf[asn_time->length] = '\0';
+	    (ASN1_STRING_length(asn_time) < (int) sizeof(buf))) {
+		int time_len = ASN1_STRING_length(asn_time);
+		const unsigned char *time_data = ASN1_STRING_get0_data(asn_time);
+		memcpy(buf, time_data, time_len);
+		buf[time_len] = '\0';
 		vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_VALID_SINCE][lookup], buf, T_OP_SET);
 		rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
 	}

Reply via email to