CVE-2023-0286: X.509 GeneralName Type Confusion in OpenSSL 3.0.7

A type confusion vulnerability in OpenSSL's X.509 certificate name checking code allows an attacker to read out-of-bounds memory or cause denial of service. The vulnerability exists in the do_x509_check() function where union members of GENERAL_NAME are accessed based on the check_type parameter rather than the actual gen->type field. When a certificate contains a Subject Alternative Name (SAN) with a GEN_OTHERNAME entry and the validation function is called with a different check_type (e.g., GEN_DNS or GEN_EMAIL), the code incorrectly accesses the union member corresponding to check_type instead of gen->type, leading to out-of-bounds memory reads.