Commit 528e5f07c3 for strongswan.org
commit 528e5f07c3cdf830f575801298b14f633088932b
Author: Tobias Brunner <tobias@strongswan.org>
Date: Mon May 4 12:04:53 2026 +0200
openssl: Use functions for ASN.1 struct members hidden in OpenSSL 4
According to the docs, most ASN.1 types are just typedefs of ASN1_STRING.
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index e4ef09e831..67d3de00fd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -330,11 +330,11 @@ time_t openssl_asn1_to_time(const ASN1_TIME *time)
if (time)
{
chunk = openssl_asn1_str2chunk(time);
- switch (time->type)
+ switch (ASN1_STRING_type(time))
{
case V_ASN1_UTCTIME:
case V_ASN1_GENERALIZEDTIME:
- return asn1_to_time(&chunk, time->type);
+ return asn1_to_time(&chunk, ASN1_STRING_type(time));
default:
break;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 3cedab7ee1..06c8c20bfe 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -77,6 +77,7 @@ static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg
#define X509v3_addr_is_canonical v3_addr_is_canonical
#define X509_get0_notBefore X509_get_notBefore
#define X509_get0_notAfter X509_get_notAfter
+#define ASN1_STRING_get0_data ASN1_STRING_data
#endif
typedef struct private_openssl_x509_t private_openssl_x509_t;
@@ -725,12 +726,14 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
usage = X509V3_EXT_d2i(ext);
if (usage)
{
- if (usage->length > 0)
+ const u_char *data = ASN1_STRING_get0_data(usage);
+ int length = ASN1_STRING_length(usage);
+ if (length > 0)
{
- int flags = usage->data[0];
- if (usage->length > 1)
+ int flags = data[0];
+ if (length > 1)
{
- flags |= usage->data[1] << 8;
+ flags |= data[1] << 8;
}
if (flags & X509v3_KU_CRL_SIGN)
{