Commit ff1bb133157 for php.net
commit ff1bb13315740a80c8072acb91d82ee3aed86c9d
Author: Remi Collet <remi@remirepo.net>
Date: Thu Apr 30 15:52:19 2026 +0200
ASN1_STRING has been made opaque in OpenSSL 4
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
index 22205398491..5aa8d246177 100644
--- a/ext/openssl/openssl_backend_common.c
+++ b/ext/openssl/openssl_backend_common.c
@@ -108,7 +108,7 @@ void php_openssl_add_assoc_name_entry(zval * val, char * key, X509_NAME * name,
void php_openssl_add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str)
{
- add_assoc_stringl(val, key, (char *)str->data, str->length);
+ add_assoc_stringl(val, key, (const char *)ASN1_STRING_get0_data(str), ASN1_STRING_length(str));
}
time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr)
@@ -140,12 +140,12 @@ time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr)
}
if (timestr_len < 13) {
- php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);
+ php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", ASN1_STRING_get0_data(timestr));
return (time_t)-1;
}
if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && timestr_len < 15) {
- php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);
+ php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", ASN1_STRING_get0_data(timestr));
return (time_t)-1;
}
@@ -626,8 +626,8 @@ int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
}
extension_data = X509_EXTENSION_get_data(extension);
- p = extension_data->data;
- length = extension_data->length;
+ p = ASN1_STRING_get0_data(extension_data);
+ length = ASN1_STRING_length(extension_data);
if (method->it) {
names = (GENERAL_NAMES*) (ASN1_item_d2i(NULL, &p, length,
ASN1_ITEM_ptr(method->it)));
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index eea758da471..64f49ca4538 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -492,12 +492,12 @@ static bool php_openssl_matches_san_list(X509 *peer, const char *subject_name) /
}
OPENSSL_free(cert_name);
} else if (san->type == GEN_IPADD) {
- if (san->d.iPAddress->length == 4) {
+ if (ASN1_STRING_length(san->d.iPAddress) == 4) {
snprintf(ipbuffer, sizeof(ipbuffer), "%d.%d.%d.%d",
- san->d.iPAddress->data[0],
- san->d.iPAddress->data[1],
- san->d.iPAddress->data[2],
- san->d.iPAddress->data[3]
+ ASN1_STRING_get0_data(san->d.iPAddress)[0],
+ ASN1_STRING_get0_data(san->d.iPAddress)[1],
+ ASN1_STRING_get0_data(san->d.iPAddress)[2],
+ ASN1_STRING_get0_data(san->d.iPAddress)[3]
);
if (strcasecmp(subject_name, (const char*)ipbuffer) == 0) {
sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
@@ -506,9 +506,9 @@ static bool php_openssl_matches_san_list(X509 *peer, const char *subject_name) /
}
}
#ifdef HAVE_IPV6_SAN
- else if (san->d.ip->length == 16 && subject_name_is_ipv6) {
+ else if (ASN1_STRING_length(san->d.ip) == 16 && subject_name_is_ipv6) {
ipbuffer[0] = 0;
- EXPAND_IPV6_ADDRESS(ipbuffer, san->d.iPAddress->data);
+ EXPAND_IPV6_ADDRESS(ipbuffer, ASN1_STRING_get0_data(san->d.iPAddress));
if (strcasecmp((const char*)subject_name_ipv6_expanded, (const char*)ipbuffer) == 0) {
sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);