From 98b27dac0a6f39bf4ef4b871eb364d3c202c034b Mon Sep 17 00:00:00 2001
From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Sun, 15 Mar 2026 06:38:35 +1300
Subject: [PATCH] Remove X509_NAME_get_text_by_NID()

---
 src/ssl/gadgets.cc | 16 ++++++++++------
 src/ssl/support.cc |  9 ++++++++-
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc
index 7290a534d59..36befa17983 100644
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -1060,14 +1060,18 @@ static const char *getSubjectEntry(X509 *x509, int nid)
         return nullptr;
 
     // TODO: What if the entry is a UTF8String? See X509_NAME_get_index_by_NID(3ssl).
-    const int nameLen = X509_NAME_get_text_by_NID(
-                            X509_get_subject_name(x509),
-                            nid,  name, sizeof(name));
 
-    if (nameLen > 0)
-        return name;
+    const auto nm = X509_get_subject_name(x509);
+    int pos = -1;
+    pos = X509_NAME_get_index_by_NID(nm, nid, pos);
+    if (pos < 0) {
+        debugs(83, 3, (pos == -2 ? "Invalid" : "Missing") << " SSL certificate subject name");
+        return nullptr;
+    }
 
-    return nullptr;
+    const auto str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(nm, pos));
+    xstrncpy(name, reinterpret_cast<const char *>(ASN1_STRING_get0_data(str)), sizeof(name));
+    return (*name ? name : nullptr);
 }
 
 const char *Ssl::CommonHostName(X509 *x509)
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 6d7c61ab4a9..2ceeb0eb026 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -874,7 +874,14 @@ ssl_get_attribute(X509_NAME * name, const char *attribute_name)
             debugs(83, DBG_IMPORTANT, "WARNING: Unknown SSL attribute name '" << attribute_name << "'");
             return nullptr;
         }
-        X509_NAME_get_text_by_NID(name, nid, buffer, sizeof(buffer));
+        int pos = -1;
+        pos = X509_NAME_get_index_by_NID(name, nid, pos);
+        if (pos < 0) {
+            debugs(83, 3, (pos == -2 ? "Invalid" : "Missing") << " SSL attribute name '" << attribute_name << "'");
+            return nullptr;
+        }
+        auto str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
+        xstrncpy(buffer, reinterpret_cast<const char *>(ASN1_STRING_get0_data(str)), sizeof(buffer));
     }
 
     return *buffer ? buffer : nullptr;