Building mutt with OpenSSL >= 4.0 fails.

| mutt_ssl.c:986:33: error: incomplete definition of type 'ASN1_IA5STRING' (aka 
'struct asn1_string_st')
| /Users/dennis/sw/include/openssl/types.h:57:16: note: forward declaration of 
'struct asn1_string_st'
| mutt_ssl.c:987:53: error: incomplete definition of type 'ASN1_IA5STRING' (aka 
'struct asn1_string_st')
| /Users/dennis/sw/include/openssl/types.h:57:16: note: forward declaration of 
'struct asn1_string_st'
| mutt_ssl.c:987:92: error: incomplete definition of type 'ASN1_IA5STRING' (aka 
'struct asn1_string_st')
| /Users/dennis/sw/include/openssl/types.h:57:16: note: forward declaration of 
'struct asn1_string_st'
| mutt_ssl.c:989:72: error: incomplete definition of type 'ASN1_IA5STRING' (aka 
'struct asn1_string_st')
| /Users/dennis/sw/include/openssl/types.h:57:16: note: forward declaration of 
'struct asn1_string_st'

The reason is a change in OpenSSL: the ASN1_STRING is now opaque and can
no longer be accessed directly. Now, accessor functions must be used.

See <https://openssl-library.org/post/2026-04-13-asn1_string/>

The attached diff fixes this for me; something like this seems to be
necessary for OpenSSL >= 4.0.

Dennis
--- mutt-2.4.0_orig/mutt_ssl.c  2026-06-12 07:03:22
+++ mutt-2.4.0/mutt_ssl.c       2026-06-28 17:58:56
@@ -983,10 +983,10 @@ static int check_host(X509 *x509cert, const char *host
       if (subj_alt_name->type == GEN_DNS)
       {
         has_dns_entry = 1;
-        if (subj_alt_name->d.ia5->length >= 0 &&
-            mutt_strlen((char *)subj_alt_name->d.ia5->data) == 
(size_t)subj_alt_name->d.ia5->length &&
+        if (mutt_get_asn1_string_length(subj_alt_name->d.ia5) >= 0 &&
+            mutt_strlen((char 
*)mutt_get_asn1_string_data(subj_alt_name->d.ia5)) == 
(size_t)mutt_get_asn1_string_length(subj_alt_name->d.ia5) &&
             (match_found = hostname_match(hostname_ascii,
-                                          (char 
*)(subj_alt_name->d.ia5->data))))
+                                          (char 
*)(mutt_get_asn1_string_data(subj_alt_name->d.ia5)))))
         {
           break;
         }
--- mutt-2.4.0_orig/mutt_ssl.h  2026-06-12 07:03:22
+++ mutt-2.4.0/mutt_ssl.h       2026-06-28 18:00:20
@@ -26,4 +26,12 @@ int mutt_ssl_socket_setup(CONNECTION *conn);
 int mutt_ssl_socket_setup(CONNECTION *conn);
 #endif
 
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x40000000L)
+#    define mutt_get_asn1_string_length(str) ASN1_STRING_length((str))
+#    define mutt_get_asn1_string_data(str) ASN1_STRING_get0_data((str))
+#else
+#    define mutt_get_asn1_string_length(str) (str)->length
+#    define mutt_get_asn1_string_data(str) (str)->data
+#endif
+
 #endif /* _MUTT_SSL_H_ */

Reply via email to