Sadly, my Debian sid box ran into other issues and is currently inaccessible.
I *think* that this would address the 1.3.x test issues, but 1.3.x doesn't build on Mac OS for me for other reasons...so, let me know how it goes? =) -- justin Index: test/test_context.c =================================================================== --- test/test_context.c (revision 1885525) +++ test/test_context.c (working copy) @@ -1138,7 +1138,7 @@ /* We expect an error from the certificate validation function. */ if (failures & expected_failures) - return APR_SUCCESS; + return APR_EGENERAL; else return SERF_ERROR_ISSUE_IN_TESTSUITE; } @@ -1206,8 +1206,8 @@ create_new_request(tb, &handler_ctx[0], "GET", "/", 1); - test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, - test_pool); + test_helper_run_requests_expect_fail(tc, tb, num_requests, handler_ctx, + test_pool); } /* Set up the ssl context with the CA and root CA certificates needed for @@ -1774,8 +1774,8 @@ create_new_request(tb, &handler_ctx[0], "GET", "/", 1); - test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, - test_pool); + test_helper_run_requests_expect_fail(tc, tb, num_requests, handler_ctx, + test_pool); } /* Validate that the expired certificate is reported as failure in the @@ -1820,8 +1820,8 @@ create_new_request(tb, &handler_ctx[0], "GET", "/", 1); - test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, - test_pool); + test_helper_run_requests_expect_fail(tc, tb, num_requests, handler_ctx, + test_pool); } Index: test/test_serf.h =================================================================== --- test/test_serf.h (revision 1885525) +++ test/test_serf.h (working copy) @@ -239,6 +239,12 @@ int num_requests, handler_baton_t handler_ctx[], apr_pool_t *pool); +void +test_helper_run_requests_expect_fail(CuTest *tc, test_baton_t *tb, + int num_requests, + handler_baton_t handler_ctx[], + apr_pool_t *pool); + serf_bucket_t* accept_response(serf_request_t *request, serf_bucket_t *stream, void *acceptor_baton, Index: test/test_util.c =================================================================== --- test/test_util.c (revision 1885525) +++ test/test_util.c (working copy) @@ -461,6 +461,19 @@ CuAssertIntEquals(tc, num_requests, tb->handled_requests->nelts); } +void +test_helper_run_requests_expect_fail(CuTest *tc, test_baton_t *tb, + int num_requests, + handler_baton_t handler_ctx[], + apr_pool_t *pool) +{ + apr_status_t status; + + status = test_helper_run_requests_no_check(tc, tb, num_requests, + handler_ctx, pool); + CuAssertIntEquals(tc, APR_EGENERAL, status); +} + serf_bucket_t* accept_response(serf_request_t *request, serf_bucket_t *stream, void *acceptor_baton, On Thu, Jan 14, 2021 at 11:35 PM James McCoy <james...@debian.org> wrote: > Happy New Year! > > On Wed, Dec 30, 2020 at 10:39:28PM -0500, James McCoy wrote: > > On Tue, Dec 29, 2020 at 02:35:11PM -0500, Justin Erenkrantz wrote: > > > The OpenSSL devs intended this to be a breaking change - but it's not > > > documented anywhere. Sigh. > > > > > > I've got a WIP patch against trunk that causes test_ssl to pass - see > below. > > > It also seems to work with OpenSSL 1.1.1h as well as OpenSSL 1.1.1i / > > > 1.1.1-stable, AFAICT. > > > > > > James: can you please give it a try as well? > > > > Yes, I can confirm this fixes test_ssl_handshake on trunk. There's > > enough difference between trunk and branches/1.3.x that it doesn't apply > > cleanly there. > > Any chance you would be able to make a patch for 1.3.x? Although a 1.4 > release would be nice, it's a bit late in the Debian release cycle to > upload a major new version. > > A targeted fix for the test suite would address the immediate issue, > though. > > Cheers, > -- > James > GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB >