CVE-2023-0286: Type Confusion in OpenSSL X.509 GENERAL_NAME Processing

OpenSSL 3.0.7 contains a type confusion vulnerability in the X.509 certificate validation code. When processing GENERAL_NAME structures in the Subject Alternative Name (SAN) extension, the code accesses union members based on the check_type parameter rather than the actual gen->type field, leading to out-of-bounds memory reads, information disclosure, and denial of service.