[rpms/valkey] rawhide: Add patch to fix OpenSSL 4.0 compatibility

[rpms/valkey] rawhide: Add patch to fix OpenSSL 4.0 compatibility

[@ 2026-06-01 13:38 UTC (permalink / raw)]

A new commit has been pushed.

Repo   : rpms/valkey
Branch : rawhide
Commit : 1a9c8847172ef3fb116a1e2fdb3871692378adae
Author : Pavol Žáčik <pzacik@redhat.com>
Date   : 2026-06-01T15:20:57+02:00
Stats  : +62/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/valkey/c/1a9c8847172ef3fb116a1e2fdb3871692378adae?branch=rawhide

Log:
Add patch to fix OpenSSL 4.0 compatibility

---
diff --git a/valkey-openssl4.patch b/valkey-openssl4.patch
new file mode 100644
index 0000000..ba2f9cf
--- /dev/null
+++ b/valkey-openssl4.patch
@@ -0,0 +1,55 @@
+From 6fdf48c1333924411471879839f622d37833988a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Mon, 4 May 2026 09:08:40 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility in TLS certificate handling
+
+Replace deprecated X509_NAME_get_text_by_NID. Not a perfect
+fix, because the new implementation still assumes that
+the name does not contain embedded null characters
+which may not be true, e.g., if the name is of type
+UniversalString or BMPString.
+
+Also fix constness of X509_get_subject_name return value.
+---
+ src/tls.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/src/tls.c b/src/tls.c
+index c56c981..3a9d346 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -1193,10 +1193,29 @@ static int getCertSubjectFieldByName(X509 *cert, const char *field, char *out, s
+ 
+     if (nid == -1) return 0;
+ 
+-    X509_NAME *subject = X509_get_subject_name(cert);
++    const X509_NAME *subject = X509_get_subject_name(cert);
+     if (!subject) return 0;
+ 
+-    return X509_NAME_get_text_by_NID(subject, nid, out, outlen) > 0;
++    /* X509_NAME_get_text_by_NID is deprecated in OpenSSL 4.0 */
++    int idx = X509_NAME_get_index_by_NID(subject, nid, -1);
++    if (idx < 0) return 0;
++
++    X509_NAME_ENTRY *entry = X509_NAME_get_entry(subject, idx);
++    if (!entry) return 0;
++
++    ASN1_STRING *data = X509_NAME_ENTRY_get_data(entry);
++    if (!data) return 0;
++
++    const unsigned char *str = ASN1_STRING_get0_data(data);
++    int len = ASN1_STRING_length(data);
++    if (!str || len <= 0) return 0;
++
++    /* Copy to output buffer, ensuring null termination */
++    size_t copy_len = (size_t)len < outlen - 1 ? (size_t)len : outlen - 1;
++    memcpy(out, str, copy_len);
++    out[copy_len] = '\0';
++
++    return 1;
+ }
+ 
+ /* Extract URI from Subject Alternative Name extension and return the first
+-- 
+2.53.0
+

diff --git a/valkey.spec b/valkey.spec
index 2c6a52a..90dafcd 100644
--- a/valkey.spec
+++ b/valkey.spec
@@ -14,7 +14,7 @@
 
 Name:              valkey
 Version:           %{upstream_version}%{?upstream_prever:~%{upstream_prever}}
-Release:           1%{?dist}
+Release:           2%{?dist}
 Summary:           A persistent key-value database
 # valkey: BSD-3-Clause
 # hiredis: BSD-3-Clause
@@ -36,6 +36,8 @@ Source50:          https://github.com/valkey-io/%{name}-doc/archive/%{doc_versio
 Patch0:            %{name}-conf.patch
 # Workaround to https://github.com/valkey-io/valkey/issues/2678
 Patch1:            %{name}-loadmod.patch
+# Fix OpenSSL 4.0 compatibility
+Patch2:            %{name}-openssl4.patch
 
 BuildRequires:     make
 BuildRequires:     gcc
@@ -190,6 +192,7 @@ Provides:          redis-doc = %{version}-%{release}
 %setup -n %{name}-%{upstream_version}%{?upstream_prever:-%{upstream_prever}} -a50
 %patch -P0 -p1 -b .rpm
 %patch -P1 -p1 -b .loadmod
+%patch -P2 -p1 -b .openssl4
 
 mv deps/lua/COPYRIGHT             COPYRIGHT-lua
 mv deps/jemalloc/COPYING          COPYING-jemalloc
@@ -449,6 +452,9 @@ fi
 
 
 %changelog
+* Mon Jun 01 2026 Pavol Žáčik <pzacik@redhat.com> - 9.1.0-2
+- Fix OpenSSL 4.0 compatibility
+
 * Tue May 19 2026 Petr Khartskhaev <pkhartsk@redhat.com> - 9.1.0
 - Valkey 9.1.0
 - Fixes CVE-2026-23631 CVE-2026-25243 CVE-2026-23479