From: Aram Sargsyan <aram@isc.org>
Date: Thu, 12 Mar 2026 13:10:38 +0000 (+0000)
Subject: OpenSSL 4 compatibility fix
X-Git-Tag: v9.21.21~40^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=336c523b7980895c8f43cbb758dd21d2176650f8;p=thirdparty%2Fbind9.git

OpenSSL 4 compatibility fix

Starting from OpenSSL 4 the the X509_get_subject_name() function
returns a 'const' pointer to a name instead of a regular pointer.
Duplicate the name before operating on it, then free it.
---

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 9f1aa63969e..ff42be2428b 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -227,7 +227,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 
 		X509_set_pubkey(cert, pkey);
 
-		X509_NAME *name = X509_get_subject_name(cert);
+		X509_NAME *name = X509_NAME_dup(X509_get_subject_name(cert));
 
 		X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
 					   (const unsigned char *)"AQ", -1, -1,
@@ -242,6 +242,9 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 					   -1, -1, 0);
 
 		X509_set_issuer_name(cert, name);
+
+		X509_NAME_free(name);
+
 		X509_sign(cert, pkey, isc__crypto_md[ISC_MD_SHA256]);
 		rv = SSL_CTX_use_certificate(ctx, cert);
 		if (rv != 1) {