public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Pavol Sloboda <psloboda@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/mysql8.4] f44: Fixed the compilation with openssl 4
Date: Tue, 23 Jun 2026 18:24:46 GMT [thread overview]
Message-ID: <178223908612.1.14875162687795006822.rpms-mysql8.4-de693db342f0@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/mysql8.4
Branch : f44
Commit : de693db342f091f48c5829b213363f170c81ff67
Author : Pavol Sloboda <psloboda@redhat.com>
Date : 2026-05-18T10:27:26+02:00
Stats : +260/-0 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/mysql8.4/c/de693db342f091f48c5829b213363f170c81ff67?branch=f44
Log:
Fixed the compilation with openssl 4
this is also compatible with older versions of openssl since the
implementation is available since openssl 1.1.0
This patch mostly just fixes errors with the X509_name_st struct being
forced to be used as the opaque implemenation: X509_NAME
/builddir/build/BUILD/mysql8.4-8.4.9-build/mysql-8.4.9/sql/auth/sql_authentication.cc:5279:37: error: invalid conversion from ‘const X509_NAME*’ {aka ‘const X509_name_st*’} to ‘X509_NAME*’ {aka ‘X509_name_st*’} [-fpermissive]
5279 | if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
| ^~~~
| |
| const X509_NAME* {aka const X509_name_st*}
and similar issues with the ASN1_STRING, which can no longer be accessed
directly and getter and setter functions must be used instead:
/builddir/build/BUILD/mysql8.4-8.4.8-build/mysql-8.4.8/storage/ndb/src/common/util/NodeCertificate.cpp:605:52: error: invalid use of incomplete type ‘const ASN1_STRING’ {aka ‘const struct asn1_string_st’}
605 | offset += sprintf(buf + offset, "%02X:", serial->data[i]);
| ^~
---
diff --git a/mysql-fix-compilation-with-openssl4.patch b/mysql-fix-compilation-with-openssl4.patch
new file mode 100644
index 0000000..c08757d
--- /dev/null
+++ b/mysql-fix-compilation-with-openssl4.patch
@@ -0,0 +1,259 @@
+A patch fixing the compilation with openssl4 by using the opaque
+implementation of the X509_name_st struct as X509_NAME
+which was introduced in openssl-1.1.0 as can be seen here:
+https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
+this means that the fix is applicable in openssl versions older than 4.0
+as well and won't break anything
+
+Also changed the openssl major version checking in cmake to check for
+versions greater than 2 rather than equal to 3 to ensure openssl4 is being
+accepted as well
+diff -Naur mysql-8.4.9/cmake/ssl.cmake mysql-8.4.9_patched/cmake/ssl.cmake
+--- mysql-8.4.9/cmake/ssl.cmake 2026-04-07 17:47:38.000000000 +0200
++++ mysql-8.4.9_patched/cmake/ssl.cmake 2026-05-12 12:18:45.230725656 +0200
+@@ -151,7 +151,7 @@
+ ${version_part} "${${version_part}}")
+ ENDFOREACH()
+ SET(OPENSSL_VERSION_MAJOR ${OPENSSL_VERSION_MAJOR} CACHE INTERNAL "" FORCE)
+- IF(OPENSSL_VERSION_MAJOR VERSION_EQUAL 3)
++ IF(OPENSSL_VERSION_MAJOR VERSION_GREATER 2)
+ # OpenSSL 3
+ SET(OPENSSL_FIX_VERSION "${OPENSSL_VERSION_PATCH}")
+ ELSE()
+diff -Naur mysql-8.4.9/sql/auth/sql_authentication.cc mysql-8.4.9_patched/sql/auth/sql_authentication.cc
+--- mysql-8.4.9/sql/auth/sql_authentication.cc 2026-04-07 17:47:38.000000000 +0200
++++ mysql-8.4.9_patched/sql/auth/sql_authentication.cc 2026-05-12 14:20:35.297825829 +0200
+@@ -5251,7 +5251,7 @@
+ X509 *x509 = X509_new();
+ X509_EXTENSION *ext = nullptr;
+ X509V3_CTX v3ctx;
+- X509_NAME *name = nullptr;
++ const X509_NAME *name = nullptr;
+
+ assert(cn.length() <= MAX_CN_NAME_LENGTH);
+ assert(serial != 0);
+@@ -5276,7 +5276,7 @@
+ name = X509_get_subject_name(x509);
+ if (!name) goto err;
+
+- if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
++ if (!X509_NAME_add_entry_by_txt((X509_NAME*)name, "CN", MBSTRING_ASC,
+ (const unsigned char *)cn.c_str(), -1, -1,
+ 0))
+ goto err;
+diff -Naur mysql-8.4.9/storage/ndb/include/util/NodeCertificate.hpp mysql-8.4.9_patched/storage/ndb/include/util/NodeCertificate.hpp
+--- mysql-8.4.9/storage/ndb/include/util/NodeCertificate.hpp 2026-04-07 17:47:38.000000000 +0200
++++ mysql-8.4.9_patched/storage/ndb/include/util/NodeCertificate.hpp 2026-05-12 12:18:45.231419360 +0200
+@@ -31,6 +31,7 @@
+ #include "util/BaseString.hpp"
+ #include "util/Vector.hpp"
+ #include "util/cstrbuf.h"
++#include <openssl/x509.h>
+
+ struct PkiFile {
+ using FileName = cstrbuf<32>;
+@@ -205,7 +206,7 @@
+ ~CertSubject() = default;
+
+ /* Class Methods */
+- static int set_common_name(struct X509_name_st *, const char *);
++ static int set_common_name(const X509_NAME *, const char *);
+
+ /* Public Instance Methods */
+ bool bind_hostname(const char *);
+@@ -225,7 +226,7 @@
+ size_t timestamp(time_t, char *m, size_t) const;
+ size_t timestamp(char *, size_t) const;
+ size_t print_name(char *, size_t) const;
+- bool parse_name(struct X509_name_st *);
++ bool parse_name(const X509_NAME *);
+ bool parse_name(const struct asn1_string_st *);
+
+ /* Member variables */
+diff -Naur mysql-8.4.9/storage/ndb/src/common/util/NodeCertificate.cpp mysql-8.4.9_patched/storage/ndb/src/common/util/NodeCertificate.cpp
+--- mysql-8.4.9/storage/ndb/src/common/util/NodeCertificate.cpp 2026-04-07 17:47:38.000000000 +0200
++++ mysql-8.4.9_patched/storage/ndb/src/common/util/NodeCertificate.cpp 2026-05-12 12:18:45.231560048 +0200
+@@ -23,6 +23,7 @@
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+ #include <assert.h>
++#include <openssl/asn1.h>
+ #include <stdlib.h>
+ #include <sys/stat.h>
+ #include <time.h>
+@@ -558,7 +559,7 @@
+ if (!cert) return nullptr;
+
+ /* Copy name from csr to cert */
+- X509_NAME *name = X509_REQ_get_subject_name(m_req);
++ const X509_NAME *name = X509_REQ_get_subject_name(m_req);
+ if (X509_set_subject_name(cert, name) != 1) return nullptr;
+
+ /* Set serial number in x509 */
+@@ -578,7 +579,7 @@
+
+ bool SigningRequest::parse_name() {
+ if (m_req == nullptr) return false;
+- X509_NAME *name = X509_REQ_get_subject_name(m_req);
++ const X509_NAME *name = X509_REQ_get_subject_name(m_req);
+ return CertSubject::parse_name(name);
+ }
+
+@@ -601,8 +602,8 @@
+
+ int SerialNumber::print(char *buf, int len, const ASN1_STRING *serial) {
+ int offset = 0;
+- for (int i = 0; i < serial->length && offset < (len - 4); i++)
+- offset += sprintf(buf + offset, "%02X:", serial->data[i]);
++ for (int i = 0; i < ASN1_STRING_length(serial) && offset < (len - 4); i++)
++ offset += sprintf(buf + offset, "%02X:", ASN1_STRING_get0_data(serial)[i]);
+ if (offset) buf[offset - 1] = '\0';
+ return offset;
+ }
+@@ -612,8 +613,8 @@
+ SerialNumber::HexString::HexString(const ASN1_STRING *serial) {
+ buf.append("0x");
+ int truncated [[maybe_unused]] = 0;
+- for (int i = 0; i < serial->length; i++)
+- truncated = buf.appendf("%02x", serial->data[i]);
++ for (int i = 0; i < ASN1_STRING_length(serial); i++)
++ truncated = buf.appendf("%02x", ASN1_STRING_get0_data(serial)[i]);
+ assert(!truncated);
+ }
+
+@@ -638,7 +639,7 @@
+ }
+
+ int Certificate::set_common_name(X509 *cert, const char *CN) {
+- X509_NAME *name = X509_get_subject_name(cert);
++ const X509_NAME *name = X509_get_subject_name(cert);
+ return CertSubject::set_common_name(name, CN);
+ }
+
+@@ -652,8 +653,8 @@
+ const ASN1_BIT_STRING *sig = nullptr;
+ const X509_ALGOR *algorithm;
+ X509_get0_signature(&sig, &algorithm, cert);
+- if (sig && sig->data)
+- prefix = (sig->data[0] << 16) | (sig->data[1] << 8) | sig->data[2];
++ if (sig && ASN1_STRING_get0_data(sig))
++ prefix = (ASN1_STRING_get0_data(sig)[0] << 16) | (ASN1_STRING_get0_data(sig)[1] << 8) | ASN1_STRING_get0_data(sig)[2];
+ return prefix;
+ }
+
+@@ -766,8 +767,8 @@
+ if (r1 == 0) return false;
+
+ /* Set subject name */
+- X509_NAME *name = X509_get_subject_name(cert);
+- r1 = X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, subject, -1, -1, 0);
++ const X509_NAME *name = X509_get_subject_name(cert);
++ r1 = X509_NAME_add_entry_by_txt((X509_NAME*)name, "CN", MBSTRING_ASC, subject, -1, -1, 0);
+ if (r1 == 0) return false;
+
+ /* Add extension */
+@@ -874,8 +875,8 @@
+ m_names_owner = false;
+ }
+
+-int CertSubject::set_common_name(X509_NAME *name, const char *text) {
+- return X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
++int CertSubject::set_common_name(const X509_NAME *name, const char *text) {
++ return X509_NAME_add_entry_by_txt((X509_NAME*)name, "CN", MBSTRING_ASC,
+ (const unsigned char *)text, -1, -1, 0);
+ }
+
+@@ -903,8 +904,8 @@
+ ASN1_STRING *str =
+ static_cast<ASN1_STRING *>(GENERAL_NAME_get0_value(name, &name_type));
+ if (name_type == GEN_DNS) {
+- if (str->length < size) size = str->length;
+- memcpy(buffer, str->data, size);
++ if (ASN1_STRING_length(str) < size) size = ASN1_STRING_length(str);
++ memcpy(buffer, ASN1_STRING_get0_data(str), size);
+ buffer[size] = '\0';
+ nwritten = size;
+ }
+@@ -925,8 +926,8 @@
+ ASN1_STRING *str =
+ static_cast<ASN1_STRING *>(GENERAL_NAME_get0_value(name, &name_type));
+ if (name_type == GEN_DNS) {
+- if ((str->length == 9) &&
+- (strncmp("localhost", (const char *)str->data, 9) == 0))
++ if ((ASN1_STRING_length(str) == 9) &&
++ (strncmp("localhost", (char*)ASN1_STRING_get0_data(str), 9) == 0))
+ return true;
+ }
+ }
+@@ -1000,24 +1001,24 @@
+ return len;
+ }
+
+-bool CertSubject::parse_name(X509_NAME *name) {
++bool CertSubject::parse_name(const X509_NAME *name) {
+ int idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
+ if (idx < 0) return false;
+- X509_NAME_ENTRY *cn = X509_NAME_get_entry(name, idx);
++ const X509_NAME_ENTRY *cn = X509_NAME_get_entry((X509_NAME*)name, idx);
+ if (cn == nullptr) return false;
+- ASN1_STRING *str = X509_NAME_ENTRY_get_data(cn);
++ const ASN1_STRING *str = X509_NAME_ENTRY_get_data(cn);
+ return parse_name(str);
+ }
+
+ bool CertSubject::parse_name(const ASN1_STRING *str) {
+ if (str == nullptr) return false;
+- if (str->length == 0) return false;
++ if (ASN1_STRING_length(str) == 0) return false;
+
+ int p = 0; // cursor into name
+- auto atEnd = [&]() { return (str->length == p); };
+- auto data = [&]() { return (char *)(str->data) + p; };
++ auto atEnd = [&]() { return (ASN1_STRING_length(str) == p); };
++ auto data = [&]() { return (char *)(ASN1_STRING_get0_data(str)) + p; };
+ auto find = [&](const char *a, size_t l) {
+- if (str->length <= p) return false;
++ if (ASN1_STRING_length(str) <= p) return false;
+ int r = strncmp(data(), a, l);
+ if (r == 0) {
+ p += l;
+@@ -1358,21 +1359,21 @@
+
+ bool NodeCertificate::parse_name() {
+ if (m_x509 == nullptr) return false;
+- X509_NAME *name = X509_get_subject_name(m_x509);
++ const X509_NAME *name = X509_get_subject_name(m_x509);
+ int idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
+ if (idx < 0) return false;
+- X509_NAME_ENTRY *cn = X509_NAME_get_entry(name, idx);
++ const X509_NAME_ENTRY *cn = X509_NAME_get_entry(name, idx);
+ if (cn == nullptr) return false;
+- ASN1_STRING *str = X509_NAME_ENTRY_get_data(cn);
++ const ASN1_STRING *str = X509_NAME_ENTRY_get_data(cn);
+ return CertSubject::parse_name(str);
+ }
+
+ bool NodeCertificate::parse_name(const char *name) {
+ if (name == nullptr) return false;
+- ASN1_STRING *str = ASN1_STRING_new();
+- ASN1_STRING_set(str, name, strlen(name));
++ const ASN1_STRING *str = ASN1_STRING_new();
++ ASN1_STRING_set((ASN1_STRING*)str, name, strlen(name));
+ bool r = CertSubject::parse_name(str);
+- ASN1_STRING_free(str);
++ ASN1_STRING_free((ASN1_STRING*)str);
+ return r;
+ }
+
+diff -Naur mysql-8.4.9/storage/ndb/src/common/util/testSecureSocket.cpp mysql-8.4.9_patched/storage/ndb/src/common/util/testSecureSocket.cpp
+--- mysql-8.4.9/storage/ndb/src/common/util/testSecureSocket.cpp 2026-04-07 17:47:38.000000000 +0200
++++ mysql-8.4.9_patched/storage/ndb/src/common/util/testSecureSocket.cpp 2026-05-12 12:18:45.231765668 +0200
+@@ -220,7 +220,7 @@
+ X509_set_pubkey(tls_cert, tls_key);
+
+ /* Set the names */
+- X509_NAME *name = X509_get_subject_name(tls_cert);
++ const X509_NAME *name = X509_get_subject_name(tls_cert);
+ X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
+ (const unsigned char *)common_name, -1, -1, 0);
+ X509_set_issuer_name(tls_cert, X509_get_subject_name(tls_cert));
diff --git a/mysql8.4.spec b/mysql8.4.spec
index fc1d6ba..353b675 100644
--- a/mysql8.4.spec
+++ b/mysql8.4.spec
@@ -141,6 +141,7 @@ Patch51: %{pkgnamepatch}-sharedir.patch
Patch52: %{pkgnamepatch}-rpath.patch
Patch54: %{pkgnamepatch}-gcc-15.patch
Patch56: %{pkgnamepatch}-flush-logrotate.patch
+Patch57: %{pkgnamepatch}-fix-compilation-with-openssl4.patch
# Patches taken from boost 1.59
Patch112: boost-1.57.0-mpl-print.patch
reply other threads:[~2026-06-23 18:24 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178223908612.1.14875162687795006822.rpms-mysql8.4-de693db342f0@fedoraproject.org \
--to=psloboda@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox