From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: acme-client: treat ASN1_STRING as opaque
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org
Date: Mon, 2 Mar 2026 12:54:10 +0100

On Mon, Mar 02, 2026 at 11:21:31AM +0100, Theo Buehler wrote:
> Use accessors instead of reaching into ASN1_STRING.
 
Looks good to me. OK claudio@

> Index: revokeproc.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/acme-client/revokeproc.c,v
> diff -u -p -r1.27 revokeproc.c
> --- revokeproc.c	23 Feb 2026 10:27:49 -0000	1.27
> +++ revokeproc.c	2 Mar 2026 10:20:08 -0000
> @@ -187,16 +187,16 @@ revokeproc(int fd, const char *certfile,
>  			char		 ip_buf[INET6_ADDRSTRLEN];
>  			const char	*ip;
>  
> -			name_len = gen_name->d.iPAddress->length;
> +			name_len = ASN1_STRING_length(gen_name->d.iPAddress);
>  			switch (name_len) {
>  			case 4:
>  				ip = inet_ntop(AF_INET,
> -				    gen_name->d.iPAddress->data,
> +				    ASN1_STRING_get0_data(gen_name->d.iPAddress),
>  				    ip_buf, INET6_ADDRSTRLEN);
>  				break;
>  			case 16:
>  				ip = inet_ntop(AF_INET6,
> -				    gen_name->d.iPAddress->data,
> +				    ASN1_STRING_get0_data(gen_name->d.iPAddress),
>  				    ip_buf, INET6_ADDRSTRLEN);
>  				break;
>  			default:
> @@ -209,9 +209,10 @@ revokeproc(int fd, const char *certfile,
>  			}
>  			name_len = asprintf(&name_buf, "%s", ip);
>  		} else if (gen_name->type == GEN_DNS) {
> -			name_len = gen_name->d.dNSName->length;
> +			name_len = ASN1_STRING_length(gen_name->d.dNSName);
>  			name_len = asprintf(&name_buf, "%.*s",
> -			    name_len, gen_name->d.dNSName->data);
> +			    name_len,
> +			    ASN1_STRING_get0_data(gen_name->d.dNSName));
>  		} else
>  			continue;
>  
> 

-- 
:wq Claudio