Fix the type of x400Address in GENERAL_NAME

This fixes CVE-2023-0286.

The main impact is that GENERAL_NAME_cmp, when given x400Addresses, can
interpret a pointer with the wrong type. Applications that set
X509_V_FLAG_CRL_CHECK and take CRLs from untrusted sources should take
this patch.

Change-Id: Ib76265fa098df3cb0db075646773c14d59d0ca75
Commit-Queue: Bob Beck <>
Auto-Submit: David Benjamin <>
Reviewed-by: Bob Beck <>
(cherry picked from commit f219ae96bef5be04e78ddb5b5226ccb6439bd3ed)
3 files changed