OpenSSL 4 compatibility fix

Starting from OpenSSL 4 the the X509_get_subject_name() function
returns a 'const' pointer to a name instead of a regular pointer.
Duplicate the name before operating on it, then free it.

(cherry picked from commit 336c523b7980895c8f43cbb758dd21d2176650f8)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 76f4466b5c7a0798fefff6fc2a0fc166025d4f13..3543207ba24579cbf3fe0ca579eb5c1f33f851dd 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -526,7 +526,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 
                X509_set_pubkey(cert, pkey);
 
-               X509_NAME *name = X509_get_subject_name(cert);
+               X509_NAME *name = X509_NAME_dup(X509_get_subject_name(cert));
 
                X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
                                           (const unsigned char *)"AQ", -1, -1,
@@ -541,6 +541,9 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
                                           -1, -1, 0);
 
                X509_set_issuer_name(cert, name);
+
+               X509_NAME_free(name);
+
                X509_sign(cert, pkey, EVP_sha256());
                rv = SSL_CTX_use_certificate(ctx, cert);
                if (rv != 1) {