OpenSSL 4 compatibility fix

Starting from OpenSSL 4 the the X509_get_subject_name() function
returns a 'const' pointer to a name instead of a regular pointer.
Duplicate the name before operating on it, then free it.

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 9f1aa63969e612a9f55414b520933fb7f0a9e56e..ff42be2428b6cda8e955e6f65d193710542a4770 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -227,7 +227,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 
                X509_set_pubkey(cert, pkey);
 
-               X509_NAME *name = X509_get_subject_name(cert);
+               X509_NAME *name = X509_NAME_dup(X509_get_subject_name(cert));
 
                X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
                                           (const unsigned char *)"AQ", -1, -1,
@@ -242,6 +242,9 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
                                           -1, -1, 0);
 
                X509_set_issuer_name(cert, name);
+
+               X509_NAME_free(name);
+
                X509_sign(cert, pkey, isc__crypto_md[ISC_MD_SHA256]);
                rv = SSL_CTX_use_certificate(ctx, cert);
                if (rv != 1) {