public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/nordugrid-arc] rawhide: Support OpenSSL 4
@ 2026-06-18 17:23 Mattias Ellert
0 siblings, 0 replies; only message in thread
From: Mattias Ellert @ 2026-06-18 17:23 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/nordugrid-arc
Branch : rawhide
Commit : d66c8b17f5ff053f1c1f0e27f56e6ad928e79277
Author : Mattias Ellert <mattias.ellert@physics.uu.se>
Date : 2026-06-18T19:22:33+02:00
Stats : +565/-14 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/nordugrid-arc/c/d66c8b17f5ff053f1c1f0e27f56e6ad928e79277?branch=rawhide
Log:
Support OpenSSL 4
---
diff --git a/0001-Support-OpenSSL-4.patch b/0001-Support-OpenSSL-4.patch
new file mode 100644
index 0000000..51289f7
--- /dev/null
+++ b/0001-Support-OpenSSL-4.patch
@@ -0,0 +1,547 @@
+From 21b7145d3f1a9408cc6fc8f4f25c3d006478a279 Mon Sep 17 00:00:00 2001
+From: Mattias Ellert <mattias.ellert@physics.uu.se>
+Date: Thu, 18 Jun 2026 18:56:29 +0200
+Subject: [PATCH] Support OpenSSL 4
+
+---
+ src/clients/compute/arctest.cpp | 4 ++
+ src/hed/libs/credential/CertUtil.cpp | 28 +++++---
+ src/hed/libs/credential/Credential.cpp | 66 ++++++++++---------
+ src/hed/libs/credential/Proxycertinfo.cpp | 6 +-
+ src/hed/libs/credential/VOMSUtil.cpp | 40 ++++++-----
+ .../libs/delegation/DelegationInterface.cpp | 15 +++--
+ src/hed/mcc/tls/DelegationCollector.cpp | 4 +-
+ src/hed/mcc/tls/PayloadTLSMCC.cpp | 6 +-
+ 8 files changed, 96 insertions(+), 73 deletions(-)
+
+diff --git a/src/clients/compute/arctest.cpp b/src/clients/compute/arctest.cpp
+index 184b7e518..024a0338a 100644
+--- a/src/clients/compute/arctest.cpp
++++ b/src/clients/compute/arctest.cpp
+@@ -337,7 +337,11 @@ int dumpjobdescription_arctest_legacy(const Arc::UserConfig& usercfg, Arc::Execu
+ static bool get_hash_value(const Arc::Credential& c, std::string& hash_str) {
+ X509* cert = c.GetCert();
+ if(!cert) return false;
++#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+ X509_NAME* cert_name = X509_get_subject_name(cert);
++#else
++ const X509_NAME* cert_name = X509_get_subject_name(cert);
++#endif
+ if(!cert_name) return false;
+
+ char hash[32];
+diff --git a/src/hed/libs/credential/CertUtil.cpp b/src/hed/libs/credential/CertUtil.cpp
+index 0776ee716..55217ec5c 100644
+--- a/src/hed/libs/credential/CertUtil.cpp
++++ b/src/hed/libs/credential/CertUtil.cpp
+@@ -306,8 +306,12 @@ static int verify_cert_additional(X509* cert, X509_STORE_CTX* store_ctx, std::st
+
+ static bool collect_proxy_info(std::string& proxy_policy, X509* cert) {
+ /**Check the proxy certificate infomation extension*/
++#if (OPENSSL_VERSION_NUMBER < 0x40000000L)
+ X509_EXTENSION* ext;
+- ASN1_OBJECT* extension_obj;
++#else
++ const X509_EXTENSION* ext;
++#endif
++ const ASN1_OBJECT* extension_obj;
+ int i;
+ for (i=0;i<X509_get_ext_count(cert);i++) {
+ ext = (X509_EXTENSION *) X509_get_ext(cert,i);
+@@ -358,10 +362,10 @@ static bool collect_proxy_info(std::string& proxy_policy, X509* cert) {
+ proxy_policy.clear();
+ if((proxycertinfo->proxyPolicy) &&
+ (proxycertinfo->proxyPolicy->policy) &&
+- (proxycertinfo->proxyPolicy->policy->data)) {
++ ASN1_STRING_get0_data(proxycertinfo->proxyPolicy->policy)) {
+ proxy_policy.append(
+- (char const*)(proxycertinfo->proxyPolicy->policy->data),
+- proxycertinfo->proxyPolicy->policy->length);
++ (char const*) ASN1_STRING_get0_data(proxycertinfo->proxyPolicy->policy),
++ ASN1_STRING_length(proxycertinfo->proxyPolicy->policy));
+ }
+ /* Use : as separator for policies parsed from different proxy certificate*/
+ /* !!!! Taking int account previous proxy_policy.clear() !!!!
+@@ -387,8 +391,12 @@ bool check_cert_type(X509* cert, certType& type) {
+ bool ret = false;
+ type = CERT_TYPE_EEC;
+
+- ASN1_STRING* data;
++ const ASN1_STRING* data;
++#if (OPENSSL_VERSION_NUMBER < 0x40000000L)
+ X509_EXTENSION* certinfo_ext;
++#else
++ const X509_EXTENSION* certinfo_ext;
++#endif
+ int policynid;
+ PROXY_CERT_INFO_EXTENSION* certinfo_openssl = NULL;
+
+@@ -404,8 +412,8 @@ bool check_cert_type(X509* cert, certType& type) {
+ }
+
+ X509_NAME* issuer = NULL;
+- X509_NAME* subject = X509_get_subject_name(cert);
+- X509_NAME_ENTRY * name_entry = NULL;
++ const X509_NAME* subject = X509_get_subject_name(cert);
++ const X509_NAME_ENTRY * name_entry = NULL;
+ if(!subject) goto err;
+ name_entry = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
+ if(!name_entry) goto err;
+@@ -413,8 +421,8 @@ bool check_cert_type(X509* cert, certType& type) {
+ /* the name entry is of the type: common name */
+ data = X509_NAME_ENTRY_get_data(name_entry);
+ if(!data) goto err;
+- if (data->length == 5 && !memcmp(data->data,"proxy",5)) { type = CERT_TYPE_GSI_2_PROXY; }
+- else if(data->length == 13 && !memcmp(data->data,"limited proxy",13)) { type = CERT_TYPE_GSI_2_LIMITED_PROXY; }
++ if (ASN1_STRING_length(data) == 5 && !memcmp(ASN1_STRING_get0_data(data),"proxy",5)) { type = CERT_TYPE_GSI_2_PROXY; }
++ else if(ASN1_STRING_length(data) == 13 && !memcmp(ASN1_STRING_get0_data(data),"limited proxy",13)) { type = CERT_TYPE_GSI_2_LIMITED_PROXY; }
+ else if((index = X509_get_ext_by_NID(cert, NID_proxyCertInfo, -1)) != -1) {
+ certinfo_ext = X509_get_ext(cert,index);
+ if(X509_EXTENSION_get_critical(certinfo_ext)) {
+@@ -453,7 +461,7 @@ bool check_cert_type(X509* cert, certType& type) {
+ X509_NAME_ENTRY* new_name_entry = NULL;
+ if(type != CERT_TYPE_EEC && type != CERT_TYPE_CA) {
+ issuer = X509_NAME_dup(X509_get_issuer_name(cert));
+- new_name_entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, V_ASN1_APP_CHOOSE, data->data, -1);
++ new_name_entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, V_ASN1_APP_CHOOSE, ASN1_STRING_get0_data(data), -1);
+ if(!new_name_entry) goto err;
+ X509_NAME_add_entry(issuer,new_name_entry,X509_NAME_entry_count(issuer),0);
+ X509_NAME_ENTRY_free(new_name_entry);
+diff --git a/src/hed/libs/credential/Credential.cpp b/src/hed/libs/credential/Credential.cpp
+index 609f9a34d..439496eca 100644
+--- a/src/hed/libs/credential/Credential.cpp
++++ b/src/hed/libs/credential/Credential.cpp
+@@ -79,15 +79,15 @@ namespace Arc {
+ ERR_print_errors_cb(&ssl_err_cb, &CredentialLogger);
+ }
+
+- Time asn1_to_utctime(const ASN1_UTCTIME *s) {
++ Time asn1_to_utctime(const ASN1_TIME *s) {
+ if(s == NULL) return Time();
+ std::string t_str;
+- if(s->type == V_ASN1_UTCTIME) {
++ if(ASN1_STRING_type(s) == V_ASN1_UTCTIME) {
+ t_str.append("20");
+- t_str.append((char*)(s->data));
++ t_str.append((const char*) ASN1_STRING_get0_data(s));
+ }
+ else {//V_ASN1_GENERALIZEDTIME
+- t_str.append((char*)(s->data));
++ t_str.append((const char*) ASN1_STRING_get0_data(s));
+ }
+ return Time(t_str);
+ }
+@@ -124,7 +124,7 @@ namespace Arc {
+ //Get the life time of the credential
+ void Credential::GetLifetime(STACK_OF(X509) const * certchain, X509 const * cert, Time& start, Period &lifetime) {
+ Time start_time(-1), end_time(-1);
+- ASN1_UTCTIME* atime = NULL;
++ const ASN1_UTCTIME* atime = NULL;
+
+ if(cert == NULL) {
+ start = Time();
+@@ -135,20 +135,20 @@ namespace Arc {
+ if(certchain) for (int n = 0; n < sk_X509_num(certchain); n++) {
+ X509* tmp_cert = sk_X509_value(certchain, n);
+
+- atime = X509_getm_notAfter(tmp_cert);
++ atime = X509_get0_notAfter(tmp_cert);
+ Time e = asn1_to_utctime(atime);
+ if (end_time == Time(-1) || e < end_time) { end_time = e; }
+
+- atime = X509_getm_notBefore(tmp_cert);
++ atime = X509_get0_notBefore(tmp_cert);
+ Time s = asn1_to_utctime(atime);
+ if (start_time == Time(-1) || s > start_time) { start_time = s; }
+ }
+
+- atime = X509_getm_notAfter(cert);
++ atime = X509_get0_notAfter(cert);
+ Time e = asn1_to_utctime(atime);
+ if (end_time == Time(-1) || e < end_time) { end_time = e; }
+
+- atime = X509_getm_notBefore(cert);
++ atime = X509_get0_notBefore(cert);
+ Time s = asn1_to_utctime(atime);
+ if (start_time == Time(-1) || s > start_time) { start_time = s; }
+
+@@ -249,7 +249,7 @@ namespace Arc {
+ }
+
+ std::string Credential::GetDN(void) const {
+- X509_NAME *subject = NULL;
++ const X509_NAME *subject = NULL;
+ if(!cert_) return "";
+ subject = X509_get_subject_name(cert_);
+ std::string str;
+@@ -269,19 +269,17 @@ namespace Arc {
+ if(!cert_) return "";
+ subject = X509_NAME_dup(X509_get_subject_name(cert_));
+
+- ASN1_STRING* entry;
++ const ASN1_STRING* entry;
+ std::string entry_str;
+ for(;;) {
+- X509_NAME_ENTRY *ne = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
++ const X509_NAME_ENTRY *ne = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
+ if (!OBJ_cmp(X509_NAME_ENTRY_get_object(ne),OBJ_nid2obj(NID_commonName))) {
+ entry = X509_NAME_ENTRY_get_data(ne);
+- entry_str.assign((const char*)(entry->data), (std::size_t)(entry->length));
++ entry_str.assign((const char*) ASN1_STRING_get0_data(entry), (std::size_t) ASN1_STRING_length(entry));
+ if(entry_str == "proxy" || entry_str == "limited proxy" ||
+ entry_str.find_first_not_of("0123456789") == std::string::npos) {
+ //Drop the name entry "proxy", "limited proxy", or the random digital(RFC)
+- ne = X509_NAME_delete_entry(subject, X509_NAME_entry_count(subject)-1);
+- X509_NAME_ENTRY_free(ne);
+- ne = NULL;
++ X509_NAME_ENTRY_free(X509_NAME_delete_entry(subject, X509_NAME_entry_count(subject)-1));
+ }
+ else break;
+ }
+@@ -305,7 +303,7 @@ namespace Arc {
+ }
+
+ std::string Credential::GetIssuerName(void) const {
+- X509_NAME *issuer = NULL;
++ const X509_NAME *issuer = NULL;
+ if(!cert_) return "";
+ issuer = X509_get_issuer_name(cert_);
+ std::string str;
+@@ -327,7 +325,7 @@ namespace Arc {
+ // This works even if last cert on chain is CA
+ // itself because CA is self-signed.
+ X509 *cacert = sk_X509_value(cert_chain_, num-1);
+- X509_NAME *caname = X509_get_issuer_name(cacert);
++ const X509_NAME *caname = X509_get_issuer_name(cacert);
+ if(caname!=NULL) {
+ char* buf = X509_NAME_oneline(caname,NULL,0);
+ if(buf) {
+@@ -1158,16 +1156,12 @@ namespace Arc {
+ return NULL;
+ }
+
+- //ASN1_OCTET_STRING_set(ext_oct, data.c_str(), data.size());
+- ext_oct->data = (unsigned char*) malloc(data.size());
+- if(!(ext_oct->data)) {
++ if (ASN1_OCTET_STRING_set(ext_oct, (const unsigned char *) data.c_str(), data.size()) == 0) {
+ CredentialLogger.msg(ERROR, "Can not allocate memory for extension for proxy certificate");
+ if(ext_oct) ASN1_OCTET_STRING_free(ext_oct);
+ if(ext_obj) ASN1_OBJECT_free(ext_obj);
+ return NULL;
+ }
+- memcpy(ext_oct->data, data.c_str(), data.size());
+- ext_oct->length = data.size();
+
+ X509_EXTENSION* ext = NULL;
+ if (!(ext = X509_EXTENSION_create_by_OBJ(NULL, ext_obj, crit, ext_oct))) {
+@@ -1708,14 +1702,14 @@ namespace Arc {
+ req_extensions = X509_REQ_get_extensions(req_);
+ for(i=0;i<sk_X509_EXTENSION_num(req_extensions);i++) {
+ X509_EXTENSION* ext = sk_X509_EXTENSION_value(req_extensions,i);
+- ASN1_OBJECT* extension_oid = X509_EXTENSION_get_object(ext);
++ const ASN1_OBJECT* extension_oid = X509_EXTENSION_get_object(ext);
+ int nid = OBJ_obj2nid(extension_oid);
+ if(nid == NID_proxyCertInfo) {
+ if(proxy_cert_info_) {
+ PROXY_CERT_INFO_EXTENSION_free(proxy_cert_info_);
+ proxy_cert_info_ = NULL;
+ }
+- ASN1_OCTET_STRING* data = X509_EXTENSION_get_data(ext);
++ const ASN1_OCTET_STRING* data = X509_EXTENSION_get_data(ext);
+ if(!data) {
+ CredentialLogger.msg(ERROR, "Missing data in DER encoded PROXY_CERT_INFO_EXTENSION extension");
+ LogError(); goto err;
+@@ -1954,7 +1948,11 @@ err:
+ int num;
+ if ((num = X509_get_ext_count(cert_)) > 0) {
+ for (int i = 0; i < num; i++) {
++#if (OPENSSL_VERSION_NUMBER < 0x40000000L)
+ X509_EXTENSION *ext;
++#else
++ const X509_EXTENSION *ext;
++#endif
+ const char *extname;
+
+ ext = X509_get_ext(cert_, i);
+@@ -1970,18 +1968,18 @@ err:
+ //Get x509 extension method structure
+ if (!(method = (X509V3_EXT_METHOD *)(X509V3_EXT_get(ext)))) break;
+
+- ASN1_OCTET_STRING* extvalue = X509_EXTENSION_get_data(ext);
+- ext_value_data = extvalue->data;
++ const ASN1_OCTET_STRING* extvalue = X509_EXTENSION_get_data(ext);
++ ext_value_data = ASN1_STRING_get0_data(extvalue);
+
+ //Decode ASN1 item in data
+ if (method->it) {
+ //New style ASN1
+- extstr = ASN1_item_d2i(NULL, &ext_value_data, extvalue->length,
++ extstr = ASN1_item_d2i(NULL, &ext_value_data, ASN1_STRING_length(extvalue),
+ ASN1_ITEM_ptr(method->it));
+ }
+ else {
+ //Old style ASN1
+- extstr = method->d2i(NULL, &ext_value_data, extvalue->length);
++ extstr = method->d2i(NULL, &ext_value_data, ASN1_STRING_length(extvalue));
+ }
+
+ val = method->i2v(method, extstr, NULL);
+@@ -2100,12 +2098,16 @@ err:
+
+ position = X509_get_ext_by_NID(issuer, NID_ext_key_usage, -1);
+ if(position > -1) {
+- X509_EXTENSION* ext = NULL;
+- if(!(ext = X509_get_ext(issuer, position))) {
++#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
++ X509_EXTENSION* ext0;
++#else
++ const X509_EXTENSION* ext0;
++#endif
++ if(!(ext0 = X509_get_ext(issuer, position))) {
+ CredentialLogger.msg(ERROR, "Can not get extended KeyUsage extension from issuer certificate");
+ LogError(); goto err;
+ }
+- ext = X509_EXTENSION_dup(ext);
++ X509_EXTENSION* ext = X509_EXTENSION_dup(ext0);
+ if(!ext) {
+ CredentialLogger.msg(ERROR, "Can not copy extended KeyUsage extension");
+ LogError(); goto err;
+diff --git a/src/hed/libs/credential/Proxycertinfo.cpp b/src/hed/libs/credential/Proxycertinfo.cpp
+index af24afd5e..6f0f214f7 100644
+--- a/src/hed/libs/credential/Proxycertinfo.cpp
++++ b/src/hed/libs/credential/Proxycertinfo.cpp
+@@ -54,12 +54,12 @@ int PROXY_POLICY_set_policy(PROXY_POLICY * proxypolicy, unsigned char * policy,
+ unsigned char * PROXY_POLICY_get_policy(PROXY_POLICY * proxypolicy, int * length) {
+ /* assure field policy is set */
+ if(proxypolicy->policy) {
+- *length = proxypolicy->policy->length;
++ *length = ASN1_STRING_length(proxypolicy->policy);
+ /* assure ASN1_OCTET_STRING is full */
+- if (*length>0 && proxypolicy->policy->data) {
++ if (*length > 0 && ASN1_STRING_get0_data(proxypolicy->policy)) {
+ unsigned char * copy = (unsigned char*) malloc(*length);
+ if(copy) {
+- memcpy(copy, proxypolicy->policy->data, *length);
++ memcpy(copy, ASN1_STRING_get0_data(proxypolicy->policy), *length);
+ return copy;
+ }
+ }
+diff --git a/src/hed/libs/credential/VOMSUtil.cpp b/src/hed/libs/credential/VOMSUtil.cpp
+index 2b4f1335f..8a4a58ea8 100644
+--- a/src/hed/libs/credential/VOMSUtil.cpp
++++ b/src/hed/libs/credential/VOMSUtil.cpp
+@@ -818,7 +818,7 @@ err:
+ // const_cast hack due to missing set method
+ const ASN1_BIT_STRING* bstr = X509_ACERT_get0_issuerUID(a);
+ if(bstr)
+- ASN1_BIT_STRING_set(const_cast<ASN1_BIT_STRING*>(bstr), uid->data, uid->length);
++ ASN1_BIT_STRING_set(const_cast<ASN1_BIT_STRING*>(bstr), const_cast<unsigned char*>(ASN1_STRING_get0_data(uid)), ASN1_STRING_length(uid));
+ }
+
+ if(alg1) {
+@@ -1455,7 +1455,7 @@ err:
+ GENERAL_NAME *data = sk_GENERAL_NAME_value(OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority(capattr), 0);
+ if (data && data->type == GEN_URI) {
+ std::string voname("/voname=");
+- voname.append((const char*)(data->d.ia5->data), data->d.ia5->length);
++ voname.append((const char*) ASN1_STRING_get0_data(data->d.ia5), ASN1_STRING_length(data->d.ia5));
+ std::string::size_type pos = voname.find("://");
+ if(pos != std::string::npos) {
+ voname.replace(pos,3,"/hostname=");
+@@ -1479,7 +1479,7 @@ err:
+ return false;
+ }
+
+- std::string fqan((const char*)(capname->data), capname->length);
++ std::string fqan((const char*) ASN1_STRING_get0_data(capname), ASN1_STRING_length(capname));
+
+ // if the attribute is like: /knowarc.eu/Role=NULL/Capability=NULL
+ // or /knowarc.eu/Role=tester/Capability=NULL
+@@ -1533,7 +1533,7 @@ err:
+ STACK_OF(AC_ATTRIBUTE) *atts = holder->attributes;
+
+ gn = sk_GENERAL_NAME_value(holder->grantor, 0);
+- grantor.assign((const char*)(gn->d.ia5->data), gn->d.ia5->length);
++ grantor.assign((const char*) ASN1_STRING_get0_data(gn->d.ia5), ASN1_STRING_length(gn->d.ia5));
+ if(grantor.empty()) {
+ CredentialLogger.msg(ERROR,"VOMS: the grantor attribute is empty");
+ status |= VOMSACInfo::InternalParsingFailed;
+@@ -1551,18 +1551,18 @@ err:
+ std::string attribute;
+ AC_ATTRIBUTE *at = sk_AC_ATTRIBUTE_value(atts, j);
+
+- name.assign((const char*)(at->name->data), at->name->length);
++ name.assign((const char*) ASN1_STRING_get0_data(at->name), ASN1_STRING_length(at->name));
+ if(name.empty()) {
+ CredentialLogger.msg(ERROR,"VOMS: the attribute name is empty");
+ status |= VOMSACInfo::InternalParsingFailed;
+ return false;
+ }
+- value.assign((const char*)(at->value->data), at->value->length);
++ value.assign((const char*) ASN1_STRING_get0_data(at->value), ASN1_STRING_length(at->value));
+ if(value.empty()) {
+ CredentialLogger.msg(WARNING,"VOMS: the attribute value for %s is empty", name.c_str());
+ //return false;
+ }
+- qualifier.assign((const char*)(at->qualifier->data), at->qualifier->length);
++ qualifier.assign((const char*) ASN1_STRING_get0_data(at->qualifier), ASN1_STRING_length(at->qualifier));
+ if(qualifier.empty()) {
+ CredentialLogger.msg(ERROR,"VOMS: the attribute qualifier is empty");
+ status |= VOMSACInfo::InternalParsingFailed;
+@@ -1794,14 +1794,14 @@ err:
+ if (iss) {
+ if (key->keyid) {
+ unsigned char hashed[20];
+- ASN1_BIT_STRING* pkeystr = X509_get0_pubkey_bitstr(iss);
+- if (!SHA1(pkeystr->data,
+- pkeystr->length,
++ const ASN1_BIT_STRING* pkeystr = X509_get0_pubkey_bitstr(iss);
++ if (!SHA1(ASN1_STRING_get0_data(pkeystr),
++ ASN1_STRING_length(pkeystr),
+ hashed))
+ keyerr = true;
+
+- if ((memcmp(key->keyid->data, hashed, 20) != 0) &&
+- (key->keyid->length == 20))
++ if ((memcmp(ASN1_STRING_get0_data(key->keyid), hashed, 20) != 0) &&
++ (ASN1_STRING_length(key->keyid) == 20))
+ keyerr = true;
+ }
+ else {
+@@ -1838,8 +1838,8 @@ err:
+ }
+
+ static time_t ASN1_GENERALIZEDTIME_get(const ASN1_GENERALIZEDTIME* const s) {
+- if ((s == NULL) || (s->data == NULL) || (s->length == 0)) return Arc::Time::UNDEFINED;
+- std::string str((char const *)(s->data), s->length);
++ if ((s == NULL) || (ASN1_STRING_get0_data(s) == NULL) || (ASN1_STRING_length(s) == 0)) return Arc::Time::UNDEFINED;
++ std::string str((char const *) ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
+ Arc::Time t(str);
+ return t.GetTime();
+ }
+@@ -2050,7 +2050,7 @@ err:
+ ctime += 300;
+ dtime = ctime-600;
+
+- if ((start->type != V_ASN1_GENERALIZEDTIME) || (end->type != V_ASN1_GENERALIZEDTIME)) {
++ if ((ASN1_STRING_type(start) != V_ASN1_GENERALIZEDTIME) || (ASN1_STRING_type(end) != V_ASN1_GENERALIZEDTIME)) {
+ CredentialLogger.msg(ERROR,"VOMS: unsupported time format in AC - expecting GENERALIZED TIME");
+ status |= VOMSACInfo::ACParsingFailed;
+ return false; // ?
+@@ -2181,7 +2181,7 @@ err:
+ }
+ }
+
+- if (X509_ACERT_get0_serialNumber(ac)->length > 20) {
++ if (ASN1_STRING_length(X509_ACERT_get0_serialNumber(ac)) > 20) {
+ CredentialLogger.msg(ERROR,"VOMS: the serial number of AC INFO is too long - expecting no more than 20 octets");
+ status |= VOMSACInfo::InternalParsingFailed;
+ return false;
+@@ -2261,7 +2261,7 @@ err:
+ return false;
+ }
+
+- std::string voname((const char *)name->d.ia5->data, 0, name->d.ia5->length);
++ std::string voname((const char *) ASN1_STRING_get0_data(name->d.ia5), 0, ASN1_STRING_length(name->d.ia5));
+ std::string::size_type cpos = voname.find("://");
+ std::string hostname;
+ if (cpos != std::string::npos) {
+@@ -2314,7 +2314,11 @@ err:
+ int nid = 0;
+ int position = 0;
+ bool critical = false;
++#if (OPENSSL_VERSION_NUMBER < 0x40000000L)
+ X509_EXTENSION * ext;
++#else
++ const X509_EXTENSION * ext;
++#endif
+ AC_SEQ* aclist = NULL;
+ nid = OBJ_txt2nid(acseqOID);
+ position = X509_get_ext_by_NID(holder, nid, -1);
+@@ -2675,7 +2679,7 @@ err:
+ ext = X509V3_EXT_conf_nid(NULL, NULL, OBJ_txt2nid(acseqOID), (char*)(ac_seq.c_str()));
+ if(ext!=NULL) {
+ asn1.clear();
+- asn1.assign((const char*)(X509_EXTENSION_get_data(ext)->data), X509_EXTENSION_get_data(ext)->length);
++ asn1.assign((const char*) ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext)), ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ ret = true;
+ X509_EXTENSION_free(ext);
+ }
+diff --git a/src/hed/libs/delegation/DelegationInterface.cpp b/src/hed/libs/delegation/DelegationInterface.cpp
+index ad61e40d0..a9df879db 100644
+--- a/src/hed/libs/delegation/DelegationInterface.cpp
++++ b/src/hed/libs/delegation/DelegationInterface.cpp
+@@ -214,8 +214,8 @@ err:
+
+ static Time asn1_to_time(const ASN1_UTCTIME *s) {
+ if(s != NULL) {
+- if(s->type == V_ASN1_UTCTIME) return Time(std::string("20")+((char*)(s->data)));
+- if(s->type == V_ASN1_GENERALIZEDTIME) return Time(std::string((char*)(s->data)));
++ if(ASN1_STRING_type(s) == V_ASN1_UTCTIME) return Time(std::string("20")+((const char*)(ASN1_STRING_get0_data(s))));
++ if(ASN1_STRING_type(s) == V_ASN1_GENERALIZEDTIME) return Time(std::string((const char*)(ASN1_STRING_get0_data(s))));
+ }
+ return Time(Time::UNDEFINED);
+ }
+@@ -648,6 +648,11 @@ std::string DelegationProvider::Delegate(const std::string& request,const Delega
+ PROXY_POLICY proxy_policy;
+ const EVP_MD *digest = EVP_sha256();
+ X509_NAME *subject = NULL;
++#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
++ X509_NAME *subject_c = NULL;
++#else
++ const X509_NAME *subject_c = NULL;
++#endif
+ const char* need_ext = "critical,digitalSignature,keyEncipherment";
+ std::string proxy_cn;
+ std::string res;
+@@ -814,9 +819,9 @@ std::string DelegationProvider::Delegate(const std::string& request,const Delega
+ } PROXY_POLICY;
+ */
+
+- subject=X509_get_subject_name((X509*)cert_);
+- if(!subject) goto err;
+- subject=X509_NAME_dup(subject);
++ subject_c=X509_get_subject_name((X509*)cert_);
++ if(!subject_c) goto err;
++ subject=X509_NAME_dup(subject_c);
+ if(!subject) goto err;
+ if(!X509_set_issuer_name(cert,subject)) goto err;
+ if(!X509_NAME_add_entry_by_NID(subject,NID_commonName,MBSTRING_ASC,(unsigned char*)(proxy_cn.c_str()),proxy_cn.length(),-1,0)) goto err;
+diff --git a/src/hed/mcc/tls/DelegationCollector.cpp b/src/hed/mcc/tls/DelegationCollector.cpp
+index 5d9c04dfc..2dcbb66b4 100644
+--- a/src/hed/mcc/tls/DelegationCollector.cpp
++++ b/src/hed/mcc/tls/DelegationCollector.cpp
+@@ -45,8 +45,8 @@ static bool get_proxy_policy(X509* cert,DelegationMultiSecAttr* sattr) {
+ }; break;
+ case NID_id_ppl_anyLanguage: { // Here we store ARC policy
+ // Either this is ARC policy is determined by examining content
+- const char* policy_str = (const char *)(pci->proxyPolicy->policy->data);
+- int policy_length = pci->proxyPolicy->policy->length;
++ const char* policy_str = (const char *) ASN1_STRING_get0_data(pci->proxyPolicy->policy);
++ int policy_length = ASN1_STRING_length(pci->proxyPolicy->policy);
+ if((policy_str == NULL) || (policy_length <= 0)) {
+ logger.msg(DEBUG,"Proxy with empty policy - fail on unrecognized policy");
+ break;
+diff --git a/src/hed/mcc/tls/PayloadTLSMCC.cpp b/src/hed/mcc/tls/PayloadTLSMCC.cpp
+index 81ad9d71f..358fac844 100644
+--- a/src/hed/mcc/tls/PayloadTLSMCC.cpp
++++ b/src/hed/mcc/tls/PayloadTLSMCC.cpp
+@@ -20,12 +20,12 @@ int PayloadTLSMCC::ex_data_index_ = -1;
+ Time asn1_to_utctime(const ASN1_UTCTIME *s) {
+ std::string t_str;
+ if(!s) return Time();
+- if(s->type == V_ASN1_UTCTIME) {
++ if(ASN1_STRING_type(s) == V_ASN1_UTCTIME) {
+ t_str.append("20");
+- t_str.append((char*)(s->data));
++ t_str.append((const char*) ASN1_STRING_get0_data(s));
+ }
+ else {//V_ASN1_GENERALIZEDTIME
+- t_str.append((char*)(s->data));
++ t_str.append((const char*) ASN1_STRING_get0_data(s));
+ }
+ return Time(t_str);
+ }
+--
+2.54.0
+
diff --git a/nordugrid-arc.spec b/nordugrid-arc.spec
index ca997ad..aa5bc77 100644
--- a/nordugrid-arc.spec
+++ b/nordugrid-arc.spec
@@ -34,7 +34,10 @@ Source: https://download.nordugrid.org/packages/%{name}/releases/%{version}/src
# https://github.com/nordugrid/arc/pull/15
# https://source.coderefinery.org/nordugrid/arc/-/merge_requests/1964
Patch0: 0001-Handle-Python-multi-phase-initialization-support-in-.patch
+# https://source.coderefinery.org/nordugrid/arc/-/merge_requests/1971
Patch1: 0001-Fix-compilation-with-Python-3.15.patch
+# https://source.coderefinery.org/nordugrid/arc/-/merge_requests/1997
+Patch2: 0001-Support-OpenSSL-4.patch
# Packages dropped without replacements
Obsoletes: %{name}-arcproxyalt < 6.0.0
@@ -71,10 +74,10 @@ BuildRequires: systemd-rpm-macros
BuildRequires: systemd-devel
BuildRequires: libuuid-devel
BuildRequires: gettext-devel
-BuildRequires: python%{python3_pkgversion}-devel
-BuildRequires: python%{python3_pkgversion}-pip
-BuildRequires: python%{python3_pkgversion}-setuptools
-BuildRequires: python%{python3_pkgversion}-wheel
+BuildRequires: python3-devel
+BuildRequires: python3-pip
+BuildRequires: python3-setuptools
+BuildRequires: python3-wheel
%if %{with_pylint}
BuildRequires: pylint
%endif
@@ -450,7 +453,7 @@ sites, to be used with a local installation of the ARC Control Tower.
%package plugins-python
Summary: ARC Python dependent plugin
Requires: %{name} = %{version}-%{release}
-Requires: python%{python3_pkgversion}-%{name} = %{version}-%{release}
+Requires: python3-%{name} = %{version}-%{release}
%description plugins-python
NorduGrid is a collaboration aiming at development, maintenance and
@@ -477,12 +480,12 @@ Connector (ARC).
Header files and libraries needed to develop applications using ARC.
-%package -n python%{python3_pkgversion}-%{name}
+%package -n python3-%{name}
Summary: ARC Python 3 wrapper
-%{?python_provide:%python_provide python%{python3_pkgversion}-%{name}}
+%{?python_provide:%python_provide python3-%{name}}
Requires: %{name} = %{version}-%{release}
-%description -n python%{python3_pkgversion}-%{name}
+%description -n python3-%{name}
NorduGrid is a collaboration aiming at development, maintenance and
support of the middleware, known as the Advanced Resource
Connector (ARC).
@@ -529,12 +532,12 @@ Connector (ARC).
This package contains the optional components that provide new job
management features on the worker nodes (WN).
-%package -n python%{python3_pkgversion}-arcrest
+%package -n python3-arcrest
Summary: ARC REST client
-%{?python_provide:%python_provide python%{python3_pkgversion}-arcrest}
+%{?python_provide:%python_provide python3-arcrest}
BuildArch: noarch
-%description -n python%{python3_pkgversion}-arcrest
+%description -n python3-arcrest
NorduGrid is a collaboration aiming at development, maintenance and
support of the middleware, known as the Advanced Resource
Connector (ARC).
@@ -558,6 +561,7 @@ publishes metrics about jobs and datastaging on the ARC-CE.
%setup -q
%patch -P0 -p1
%patch -P1 -p1
+%patch -P2 -p1
%build
autoreconf -v -f -i
@@ -1112,7 +1116,7 @@ semanage fcontext -a -t slapd_var_run_t "/var/run/arc/bdii/db(/.*)?" 2>/dev/null
%{_bindir}/arcplugin
%doc %{_mandir}/man1/arcplugin.1*
-%files -n python%{python3_pkgversion}-%{name}
+%files -n python3-%{name}
%{python3_sitearch}/_arc.*so
%{python3_sitearch}/%{pkgdir}/[^_p]*.py
%{python3_sitearch}/%{pkgdir}/__pycache__/[^_p]*.*
@@ -1127,7 +1131,7 @@ semanage fcontext -a -t slapd_var_run_t "/var/run/arc/bdii/db(/.*)?" 2>/dev/null
%files wn
%attr(4755,root,root) %{_bindir}/arc-job-cgroup
-%files -n python%{python3_pkgversion}-arcrest
+%files -n python3-arcrest
%{python3_sitelib}/pyarcrest
%{python3_sitelib}/pyarcrest-*.*-info
%{_bindir}/arcrest
@@ -1143,7 +1147,7 @@ semanage fcontext -a -t slapd_var_run_t "/var/run/arc/bdii/db(/.*)?" 2>/dev/null
- Rebuilt for Python 3.15
* Tue May 19 2026 Mattias Ellert <mattias.ellert@physics.uu.se> - 7.1.2-1
-- Update to version 7.1.
+- Update to version 7.1.2
* Wed Apr 22 2026 Mattias Ellert <mattias.ellert@physics.uu.se> - 7.1.1-5
- Rebuilt for xrootd 6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-18 17:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-18 17:23 [rpms/nordugrid-arc] rawhide: Support OpenSSL 4 Mattias Ellert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox