Package: libwebsockets Followup-For: Bug #1138473 X-Debbugs-Cc: [email protected] Control: tags -1 patch ftbfs
Dear Maintainer, This patch fixes the build issue. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
From 805928831adac04f4f8e8601d4621d72d8d04736 Mon Sep 17 00:00:00 2001 From: Rudi Heitbaum <[email protected]> Date: Sat, 21 Mar 2026 08:09:16 +0000 Subject: [PATCH] openssl: x509: allow build with OpenSSL 4.x Origin: upstream, https://github.com/warmcat/libwebsockets/commit/805928831adac04f4f8e8601d4621d72d8d04736 Bug-Ubuntu: https://bugs.launchpad.net/bugs/2155025 Bug-Debian: https://bugs.debian.org/1138473 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ASN1_STRING are now opaque types — the internal data and length fields are no longer directly accessible. Use the accessor API instead. Accessors have been available since OpenSSL 1.1.0 Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable. Add const qualifer to variables. Co-authored-by: Andy Green <[email protected]> Signed-off-by: Rudi Heitbaum <[email protected]> --- lib/tls/openssl/openssl-x509.c | 37 ++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 15 deletions(-) --- a/lib/tls/openssl/openssl-x509.c +++ b/lib/tls/openssl/openssl-x509.c @@ -1,7 +1,7 @@ /* * libwebsockets - small server side websockets and web server implementation * - * Copyright (C) 2010 - 2019 Andy Green <[email protected]> + * Copyright (C) 2010 - 2026 Andy Green <[email protected]> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to @@ -26,6 +26,12 @@ #include "private-lib-core.h" #include "private-lib-tls-openssl.h" +#if OPENSSL_VERSION_NUMBER >= 0x40000000L +#define CAST_X509_EXTENSION(x) (x) +#else +#define CAST_X509_EXTENSION(x) ((X509_EXTENSION *)(x)) +#endif + #if !defined(LWS_PLAT_OPTEE) static int dec(char c) @@ -39,7 +45,7 @@ { #if !defined(LWS_PLAT_OPTEE) - const char *p = (const char *)as->data; + const char *p = (const char *)ASN1_STRING_get0_data(as); struct tm t; /* [YY]YYMMDDHHMMSSZ */ @@ -84,12 +90,13 @@ #ifndef USE_WOLFSSL const unsigned char *dp; ASN1_OCTET_STRING *val; + const ASN1_OCTET_STRING *val2; AUTHORITY_KEYID *akid; - X509_EXTENSION *ext; + const X509_EXTENSION *ext; int tag, xclass, r = 1; long xlen, loc; #endif - X509_NAME *xn; + const X509_NAME *xn; #if !defined(LWS_PLAT_OPTEE) char *p; #endif @@ -210,15 +217,15 @@ if (!ext) return 1; #ifndef USE_WOLFSSL - akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext); + akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(CAST_X509_EXTENSION(ext)); #else akid = (AUTHORITY_KEYID *)wolfSSL_X509V3_EXT_d2i(ext); #endif if (!akid || !akid->keyid) return 1; val = akid->keyid; - dp = (const unsigned char *)val->data; - xlen = val->length; + dp = ASN1_STRING_get0_data(val); + xlen = ASN1_STRING_length(val); buf->ns.len = (int)xlen; if (len < (size_t)buf->ns.len) @@ -239,7 +246,7 @@ return 1; #ifndef USE_WOLFSSL - akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext); + akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(CAST_X509_EXTENSION(ext)); #else akid = (AUTHORITY_KEYID *)wolfSSL_X509V3_EXT_d2i(ext); #endif @@ -248,7 +255,7 @@ #if defined(LWS_HAVE_OPENSSL_STACK) { - const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext); + const X509V3_EXT_METHOD* method = X509V3_EXT_get(CAST_X509_EXTENSION(ext)); STACK_OF(CONF_VALUE) *cv; int j; @@ -290,7 +297,7 @@ ext = X509_get_ext(x509, (int)loc); if (!ext) return 1; - akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext); + akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(CAST_X509_EXTENSION(ext)); if (!akid || !akid->serial) return 1; @@ -317,17 +324,17 @@ if (!ext) return 1; - val = X509_EXTENSION_get_data(ext); - if (!val) + val2 = X509_EXTENSION_get_data(CAST_X509_EXTENSION(ext)); + if (!val2) return 1; #if defined(USE_WOLFSSL) return 1; #else - dp = (const unsigned char *)val->data; + dp = ASN1_STRING_get0_data(val2); if (ASN1_get_object(&dp, &xlen, - &tag, &xclass, val->length) & 0x80) + &tag, &xclass, ASN1_STRING_length(val2)) & 0x80) return -1; if (tag != V_ASN1_OCTET_STRING) { @@ -443,7 +450,7 @@ int ret; if (common_name) { - X509_NAME *xn = X509_get_subject_name(x509->cert); + const X509_NAME *xn = X509_get_subject_name(x509->cert); if (!xn) return -1; X509_NAME_oneline(xn, c, (int)sizeof(c) - 2);
