Fixed _SSL_get_cert_info() to stop dereferencing OpenSSL-internal struct fields, which is what caused the macOS/OpenSSL opaque-struct build failure (peer_cert->sig_alg->algorithm). It now uses X509_ALGOR_get0() for the public key algorithm OID and OBJ_obj2nid() from that accessor output.

Reworked signature algorithm detection to use X509_get_signature_nid() when available, and a compatibility fallback (X509_get0_signature() + X509_ALGOR_get0() + OBJ_obj2nid()) when HAVE_X509_GET_SIGNATURE_NID is not defined.

src/common/ssl.c

@@ -154,6 +154,7 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
 	X509 *peer_cert;
 	X509_PUBKEY *key;
 	X509_ALGOR *algor = NULL;
+	const ASN1_OBJECT *algor_obj = NULL;
 	EVP_PKEY *peer_pkey;
 	char notBefore[64];
 	char notAfter[64];
@@ -175,11 +176,19 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
 	if (!X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key))
 		return 1;
 
-	alg = OBJ_obj2nid (algor->algorithm);
-#ifndef HAVE_X509_GET_SIGNATURE_NID
-	sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
-#else
+	X509_ALGOR_get0 (&algor_obj, NULL, NULL, algor);
+	alg = OBJ_obj2nid (algor_obj);
+#ifdef HAVE_X509_GET_SIGNATURE_NID
 	sign_alg = X509_get_signature_nid (peer_cert);
+#else
+	{
+		const X509_ALGOR *signature_algor = NULL;
+		const ASN1_OBJECT *signature_algor_obj = NULL;
+
+		X509_get0_signature (NULL, &signature_algor, peer_cert);
+		X509_ALGOR_get0 (&signature_algor_obj, NULL, NULL, signature_algor);
+		sign_alg = OBJ_obj2nid (signature_algor_obj);
+	}
 #endif
 	ASN1_TIME_snprintf (notBefore, sizeof (notBefore),
 							  X509_get_notBefore (peer_cert));