vtls: do not reach into ASN1_STRING

OpenSSL 4 has plans to make ASN1_STRING opaque, which will break the
build, so convert the code to use accessors. ASN1_STRING_length() and
ASN1_STRING_type() go way back to SSLeay and ASN1_STRING_get0_data() is
OpenSSL 1.1 API present in BoringSSL since foreer and also available
since LibreSSL 2.7, so this should not cause compat issues with any
libcrypto in a supported version of the fork family.

https://github.com/openssl/openssl/issues/29117

Closes #19831
This commit is contained in:
Theo Buehler 2025-12-04 14:43:18 +01:00 committed by Daniel Stenberg
parent 472bc90323
commit 608f5dd455
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2

View file

@ -412,6 +412,7 @@ static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)
for(i = 0; !result && (i < (int)numcerts); i++) {
ASN1_INTEGER *num;
const unsigned char *numdata;
X509 *x = sk_X509_value(sk, (ossl_valsize_t)i);
EVP_PKEY *pubkey = NULL;
int j;
@ -433,10 +434,11 @@ static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)
break;
num = X509_get_serialNumber(x);
if(num->type == V_ASN1_NEG_INTEGER)
if(ASN1_STRING_type(num) == V_ASN1_NEG_INTEGER)
BIO_puts(mem, "-");
for(j = 0; j < num->length; j++)
BIO_printf(mem, "%02x", num->data[j]);
numdata = ASN1_STRING_get0_data(num);
for(j = 0; j < ASN1_STRING_length(num); j++)
BIO_printf(mem, "%02x", numdata[j]);
result = push_certinfo(data, mem, "Serial Number", i);
if(result)
break;
@ -503,8 +505,9 @@ static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)
}
if(!result && psig) {
for(j = 0; j < psig->length; j++)
BIO_printf(mem, "%02x:", psig->data[j]);
const unsigned char *psigdata = ASN1_STRING_get0_data(psig);
for(j = 0; j < ASN1_STRING_length(psig); j++)
BIO_printf(mem, "%02x:", psigdata[j]);
result = push_certinfo(data, mem, "Signature", i);
}