diff --git a/security/zeek/Makefile b/security/zeek/Makefile index a2b964d76e20..9c8b4784a852 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,195 +1,196 @@ PORTNAME= zeek DISTVERSION= 8.0.8 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ MAINTAINER= leres@FreeBSD.org COMMENT= System for detecting network intruders in real-time WWW= https://www.zeek.org/ LICENSE= CC-BY-4.0 BUILD_DEPENDS= bison>=3.3:devel/bison \ flex>=2.6:textproc/flex \ swig>=4.0.2:devel/swig LIB_DEPENDS= libcares.so:dns/c-ares \ libzmq.so:net/libzmq4 RUN_DEPENDS= c-ares>=1.25.0:dns/c-ares USES= bison cmake compiler:c++20-lang cpe gettext-runtime perl5 \ python shebangfix ssl USE_LDCONFIG= yes EXTRACT_AFTER_ARGS= --exclude ${DISTNAME}/auxil/c-ares \ --no-same-owner --no-same-permissions BINARY_ALIAS= python3=${PYTHON_CMD} PORTSCOUT= limit:^[0-9]*\.0\. CXXFLAGS_powerpc64= -mpower8-vector SHEBANG_FILES= \ auxil/broker/bindings/python/3rdparty/pybind11/docs/conf.py \ auxil/broker/bindings/python/3rdparty/pybind11/setup.py \ auxil/broker/bindings/python/3rdparty/pybind11/tools/make_changelog.py \ auxil/broker/bindings/python/3rdparty/pybind11/tools/setup_global.py.in \ auxil/broker/bindings/python/3rdparty/pybind11/tools/setup_main.py.in \ auxil/btest/btest \ auxil/btest/btest-setsid \ auxil/netcontrol-connectors/acld/acld.py \ auxil/netcontrol-connectors/command-line/command-line.py \ auxil/netcontrol-connectors/openflow/controller.py \ auxil/netcontrol-connectors/test/simple-client.py \ auxil/package-manager/zkg \ auxil/spicy/3rdparty/benchmark/tools/compare.py \ auxil/spicy/3rdparty/benchmark/tools/strip_asm.py \ auxil/spicy/3rdparty/doctest/scripts/bench/bench.py \ auxil/spicy/3rdparty/doctest/scripts/bench/run_all.py \ auxil/spicy/doc/scripts/spicy-doc-to-rst \ auxil/spicy/tests/Scripts/license-header.py \ auxil/spicy/tests/Scripts/stray_baselines.py \ auxil/vcpkg/ports/gobject-introspection/portfile.cmake \ auxil/zeek-aux/devel-tools/github-manage \ auxil/zeek-client/man/build.py \ auxil/zeek-client/zeek-client \ auxil/zeekctl/ZeekControl/test_cli.py \ auxil/zeekctl/auxil/pysubnettree/setup.py \ auxil/zeekctl/auxil/trace-summary/trace-summary \ auxil/zeekctl/bin/stats-to-csv \ auxil/zeekctl/bin/zeekctl.in \ auxil/zeekctl/bin/zeekctld.in \ auxil/zeekctl/testing/Cfg/bin/zeek__test \ auxil/zeekctl/testing/Scripts/diff-to-bytes-output \ auxil/zeekctl/util/extract-strictly-local-conns \ auxil/zeekctl/util/reformat-stats \ ci/collect-repo-info.py \ testing/coverage/coverage_cleanup.py \ testing/scripts/coverage-calc \ testing/scripts/httpd.py SUB_FILES= pkg-message NO_MTREE= yes CMAKE_ON= BROKER_DISABLE_DOC_EXAMPLES BROKER_DISABLE_TESTS \ BUILD_SHARED_LIBS BUILD_STATIC_BROKER INSTALL_AUX_TOOLS CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \ -DCMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" \ -DDISABLE_JAVASCRIPT:BOOL=ON \ -DINSTALL_BTEST:BOOL=OFF \ -DINSTALL_BTEST_PCAPS:BOOL=OFF \ -DINSTALL_ZKG:BOOL=OFF \ -DPY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \ -DZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \ -DZEEK_LOG_DIR:PATH=/var/log/zeek \ -DZEEK_ROOT_DIR:PATH=${PREFIX} \ -DZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \ -DZEEK_SPOOL_DIR:PATH=/var/spool/zeek ZEEKUSER?= zeek ZEEKGROUP?= zeek PLIST_SUB+= ZEEKGROUP=${ZEEKGROUP} \ ZEEKUSER=${ZEEKUSER} USERS= ${ZEEKUSER} GROUPS= ${ZEEKGROUP} OPTIONS_DEFINE= GEOIP2 IPSUMDUMP LBL_CF LBL_HF PERFTOOLS SPICY ZEEKCTL \ ZKG OPTIONS_SINGLE= BUILD_TYPE OPTIONS_SINGLE_BUILD_TYPE= DEBUG MINSIZEREL RELEASE RELWITHDEBINFO OPTIONS_DEFAULT= GEOIP2 IPSUMDUMP LBL_CF LBL_HF RELEASE ZEEKCTL \ ZKG OPTIONS_DEFAULT_aarch64= SPICY OPTIONS_DEFAULT_amd64= SPICY OPTIONS_DEFAULT_armv6= SPICY OPTIONS_DEFAULT_armv7= SPICY OPTIONS_DEFAULT_i386= SPICY OPTIONS_SUB= yes DEBUG_DESC= Optimizations off, debug symbols/flags on GEOIP2_DESC= Build with GeoIP2 (MaxMindDB) support IPSUMDUMP_DESC= Enables traffic summaries LBL_CF_DESC= Unix time to formated time/date filter support LBL_HF_DESC= Address to hostname filter support MINSIZEREL_DESC= Optimizations on, debug symbols/flags off PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage RELEASE_DESC= Optimizations on, debug symbols/flags off RELWITHDEBINFO_DESC= Optimizations/debug symbols on, debug flags off SPICY_DESC= Enable the Spicy parser generator ZEEKCTL_DESC= ZeekControl support (implies IPSUMDUMP) ZKG_DESC= Zeek package manager support ZEEKCTL_IMPLIES= IPSUMDUMP GEOIP2_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb IPSUMDUMP_BUILD_DEPENDS= ipsumdump:net/ipsumdump IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf PERFTOOLS_BUILD_DEPENDS= ${LOCALBASE}/include/gperftools/tcmalloc.h:devel/google-perftools \ ${LOCALBASE}/bin/pprof:devel/pprof PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS PERFTOOLS_RUN_DEPENDS= ${LOCALBASE}/lib/libtcmalloc.so.4:devel/google-perftools \ ${LOCALBASE}/bin/pprof:devel/pprof SPICY_CMAKE_OFF= -DDISABLE_SPICY=ON ZEEKCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} ZEEKCTL_CMAKE_BOOL= INSTALL_ZEEKCTL ZEEKCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} ZKG_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}zkg>=2.7.1:security/py-zkg@${PY_FLAVOR} .include .if ${PORT_OPTIONS:MDEBUG} CMAKE_BUILD_TYPE= Debug STRIP= .elif ${PORT_OPTIONS:MMINSIZEREL} CMAKE_BUILD_TYPE= MinSizeRel .elif ${PORT_OPTIONS:MRELEASE} CMAKE_BUILD_TYPE= Release .elif ${PORT_OPTIONS:MRELWITHDEBINFO} CMAKE_BUILD_TYPE= RelWithDebInfo STRIP= .endif .if ${PORT_OPTIONS:MZEEKCTL} USE_RC_SUBR= zeek .endif # Let crash-diag find gdb (when installed) post-patch: ${REINPLACE_CMD} -e "2s,^\#,export PATH=${LOCALBASE}/bin"':$${PATH}', \ ${WRKSRC}/auxil/zeekctl/bin/crash-diag post-install: ${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \ ${STAGEDIR}${DATADIR}/site/local.zeek.sample @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/zeek-cut @${RM} ${STAGEDIR}${PREFIX}/share/zeek/tests ${LN} -s ../btest/data ${STAGEDIR}${PREFIX}/share/zeek/tests post-install-ZEEKCTL-on: ${MKDIR} ${STAGEDIR}/var/spool/zeek/installed-scripts-do-not-touch/auto ${MKDIR} ${STAGEDIR}/var/spool/zeek/installed-scripts-do-not-touch/site .for F in zeekctl.cfg networks.cfg node.cfg ${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.sample .endfor # Do this here because later zeek won't be running as root ${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh ${LN} -s ../../../../../var/spool/zeek/zeekctl-config.sh \ ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh ${RM} ${STAGEDIR}${PREFIX}/lib/broctl ${LN} -s zeek/python/zeekctl ${STAGEDIR}${PREFIX}/lib/broctl post-install-SPICY-on: @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Archive @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Test pre-install-ZEEKCTL-on: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d .include diff --git a/security/zeek/files/patch-src_OpaqueVal.cc b/security/zeek/files/patch-src_OpaqueVal.cc new file mode 100644 index 000000000000..7ca84c8c482c --- /dev/null +++ b/security/zeek/files/patch-src_OpaqueVal.cc @@ -0,0 +1,12 @@ +--- src/OpaqueVal.cc.orig 2026-05-12 18:14:44 UTC ++++ src/OpaqueVal.cc +@@ -27,7 +27,8 @@ + #include "zeek/probabilistic/BloomFilter.h" + #include "zeek/probabilistic/CardinalityCounter.h" + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + inline void* EVP_MD_CTX_md_data(const EVP_MD_CTX* ctx) { return ctx->md_data; } + #endif + diff --git a/security/zeek/files/patch-src_digest.cc b/security/zeek/files/patch-src_digest.cc new file mode 100644 index 000000000000..f0d7aabeb29d --- /dev/null +++ b/security/zeek/files/patch-src_digest.cc @@ -0,0 +1,12 @@ +--- src/digest.cc.orig 2026-05-12 18:14:44 UTC ++++ src/digest.cc +@@ -12,7 +12,8 @@ + + #include "zeek/Reporter.h" + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #endif diff --git a/security/zeek/files/patch-src_file__analysis_analyzer_x509_OCSP.cc b/security/zeek/files/patch-src_file__analysis_analyzer_x509_OCSP.cc new file mode 100644 index 000000000000..1614a4676cf6 --- /dev/null +++ b/security/zeek/files/patch-src_file__analysis_analyzer_x509_OCSP.cc @@ -0,0 +1,84 @@ +--- src/file_analysis/analyzer/x509/OCSP.cc.orig 2026-05-12 18:14:44 UTC ++++ src/file_analysis/analyzer/x509/OCSP.cc +@@ -26,7 +26,8 @@ static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp + static constexpr size_t OCSP_STRING_BUF_SIZE = 2048; + + static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp, BIO* bio) { +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + ASN1_OCTET_STRING* key = nullptr; + X509_NAME* name = nullptr; + +@@ -353,7 +354,8 @@ void OCSP::ParseRequest(OCSP_REQUEST* req) { + + uint64_t version = 0; + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + if ( req->tbsRequest->version ) + version = (uint64_t)ASN1_INTEGER_get(req->tbsRequest->version); + #else +@@ -425,7 +427,8 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) { + if ( ! basic_resp ) + goto clean_up; + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + resp_data = basic_resp->tbsResponseData; + if ( ! resp_data ) + goto clean_up; +@@ -434,7 +437,8 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) { + vl.emplace_back(GetFile()->ToVal()); + vl.emplace_back(std::move(status_val)); + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + vl.emplace_back(val_mgr->Count((uint64_t)ASN1_INTEGER_get(resp_data->version))); + #else + vl.emplace_back(parse_basic_resp_data_version(basic_resp)); +@@ -451,8 +455,9 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) { + vl.emplace_back(val_mgr->EmptyString()); + } + +- // producedAt +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++// producedAt ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + produced_at = resp_data->producedAt; + #else + produced_at = OCSP_resp_get0_produced_at(basic_resp); +@@ -477,7 +482,8 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) { + // cert id + const OCSP_CERTID* cert_id = nullptr; + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + cert_id = single_resp->certId; + #else + cert_id = OCSP_SINGLERESP_get0_id(single_resp); +@@ -550,7 +556,8 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) { + } + } + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm); + len = BIO_read(bio, buf, sizeof(buf)); + vl.emplace_back(make_intrusive(len, buf)); +@@ -567,7 +574,8 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) { + certs_vector = new VectorVal(id::find_type("x509_opaque_vector")); + vl.emplace_back(AdoptRef{}, certs_vector); + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + certs = basic_resp->certs; + #else + certs = OCSP_resp_get0_certs(basic_resp); diff --git a/security/zeek/files/patch-src_file__analysis_analyzer_x509_X509.cc b/security/zeek/files/patch-src_file__analysis_analyzer_x509_X509.cc new file mode 100644 index 000000000000..60a12b4a5441 --- /dev/null +++ b/security/zeek/files/patch-src_file__analysis_analyzer_x509_X509.cc @@ -0,0 +1,12 @@ +--- src/file_analysis/analyzer/x509/X509.cc.orig 2026-05-12 18:14:44 UTC ++++ src/file_analysis/analyzer/x509/X509.cc +@@ -349,7 +349,8 @@ void X509::ParseSAN(X509_EXTENSION* ext) { + } + + auto len = ASN1_STRING_length(gen->d.ia5); +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + const char* name = (const char*)ASN1_STRING_data(gen->d.ia5); + #else + const char* name = (const char*)ASN1_STRING_get0_data(gen->d.ia5); diff --git a/security/zeek/files/patch-src_file__analysis_analyzer_x509_X509.h b/security/zeek/files/patch-src_file__analysis_analyzer_x509_X509.h new file mode 100644 index 000000000000..31fd9a917cdf --- /dev/null +++ b/security/zeek/files/patch-src_file__analysis_analyzer_x509_X509.h @@ -0,0 +1,20 @@ +--- src/file_analysis/analyzer/x509/X509.h.orig 2026-05-12 18:14:44 UTC ++++ src/file_analysis/analyzer/x509/X509.h +@@ -9,13 +9,15 @@ + #include "zeek/OpaqueVal.h" + #include "zeek/file_analysis/analyzer/x509/X509Common.h" + +-#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + + #define X509_get_signature_nid(x) OBJ_obj2nid((x)->sig_alg->algorithm) + + #endif + +-#if ( OPENSSL_VERSION_NUMBER < 0x1010000fL ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x1010000fL ) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30900000L)) + + #define X509_OBJECT_new() (X509_OBJECT*)malloc(sizeof(X509_OBJECT)) + #define X509_OBJECT_free(a) free(a) diff --git a/security/zeek/files/patch-src_file__analysis_analyzer_x509_functions.bif b/security/zeek/files/patch-src_file__analysis_analyzer_x509_functions.bif new file mode 100644 index 000000000000..aa673887b14b --- /dev/null +++ b/security/zeek/files/patch-src_file__analysis_analyzer_x509_functions.bif @@ -0,0 +1,38 @@ +--- src/file_analysis/analyzer/x509/functions.bif.orig 2026-05-12 18:14:44 UTC ++++ src/file_analysis/analyzer/x509/functions.bif +@@ -65,7 +65,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs + const ASN1_OCTET_STRING* key = nullptr; + const X509_NAME* name = nullptr; + +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || ( defined(LIBRESSL_VERSION_NUMBER) && ( LIBRESSL_VERSION_NUMBER < 0x30900000L ) ) + OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId; + + if ( resp_id->type == V_OCSP_RESPID_NAME ) +@@ -359,7 +359,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, + + // Because we actually want to be able to give nice error messages that show why we were + // not able to verify the OCSP response - do our own verification logic first. +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || ( defined(LIBRESSL_VERSION_NUMBER) && ( LIBRESSL_VERSION_NUMBER < 0x30900000L ) ) + signer = x509_get_ocsp_signer(basic->certs, basic); + #else + signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic); +@@ -730,7 +730,7 @@ function sct_verify%(cert: opaque of x509, logid: stri + uint32_t cert_length; + if ( precert ) + { +-#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || ( defined(LIBRESSL_VERSION_NUMBER) && ( LIBRESSL_VERSION_NUMBER < 0x30900000L ) ) + x->cert_info->enc.modified = 1; + cert_length = i2d_X509_CINF(x->cert_info, &cert_out); + #else +@@ -1058,7 +1058,7 @@ function x509_check_cert_hostname%(cert_opaque: opaque + continue; + + std::size_t len = ASN1_STRING_length(gen->d.ia5); +-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) ++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || ( defined(LIBRESSL_VERSION_NUMBER) && ( LIBRESSL_VERSION_NUMBER < 0x30900000L ) ) + auto* name = reinterpret_cast(ASN1_STRING_data(gen->d.ia5)); + #else + auto* name = reinterpret_cast(ASN1_STRING_get0_data(gen->d.ia5));