imap-send: use the OpenSSL API to access the subject alternative names

The OpenSSL 4.0 master branch has made the ASN1_STRING structure opaque,
forbidding access to its internal fields. Use the official accessor
functions instead. They have existed since OpenSSL v1.1.0.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/imap-send.c b/imap-send.c
index 26dda7f3287127fa86af147c17fb7855d390ad6b..1c934c24877e3fa8d13795294678a81654220f4c 100644 (file)
--- a/imap-send.c
+++ b/imap-send.c
@@ -244,10 +244,14 @@ static int verify_hostname(X509 *cert, const char *hostname)
        if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) {
                int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names);
                for (i = 0; !found && i < num_subj_alt_names; i++) {
+                       int ntype;
                        GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
-                       if (subj_alt_name->type == GEN_DNS &&
-                           strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
-                           host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data)))
+                       ASN1_STRING *subj_alt_str = GENERAL_NAME_get0_value(subj_alt_name, &ntype);
+
+                       if (ntype == GEN_DNS &&
+                           strlen((const char *)ASN1_STRING_get0_data(subj_alt_str)) ==
+                                   ASN1_STRING_length(subj_alt_str) &&
+                           host_matches(hostname, (const char *)ASN1_STRING_get0_data(subj_alt_str)))
                                found = 1;
                }
                sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free);