upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: dev: Fix OpenSSL 4 compatibility issue when calling X509_get_subject_name()

Browse source 
Starting from OpenSSL 4 the the X509_get_subject_name() function
returns a 'const' pointer to a name instead of a regular pointer.
Duplicate the name before operating on it, then free it.

Closes #5807

Merge branch '5807-openssl-4-X509_get_subject_name-compat-fix' into 'main'

See merge request isc-projects/bind9!11676
This commit is contained in:
Arаm Sаrgsyаn 2026-03-16 10:01:32 +00:00
commit 247a2df572
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/isc/tls.c
View file

@ -227,7 +227,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
X509_set_pubkey(cert, pkey);
X509_NAME *name = X509_get_subject_name(cert);
X509_NAME *name = X509_NAME_dup(X509_get_subject_name(cert));
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(const unsigned char *)"AQ", -1, -1,
@ -242,6 +242,9 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
-1, -1, 0);
X509_set_issuer_name(cert, name);
X509_NAME_free(name);
X509_sign(cert, pkey, isc__crypto_md[ISC_MD_SHA256]);
rv = SSL_CTX_use_certificate(ctx, cert);
if (rv != 1) {