Evgeny Kotkov <evgeny.kot...@visualsvn.com> writes:
> Maybe that could allow for a more robust fix that doesn't require rewriting
> the tests to a different callback, depending on the kind of failures that
> should be ignored.
With a few more thoughts, there might be an alternative approach: maybe we
could try switching the tests to a new cert callback that logs its every
invocation into a string, something like:
depth = 0, subject = …, failures = …
depth = 1, subject = …, failures = …
[…]
Then we would compare those logs against the recorded expectations.
For OpenSSL 1.1.1i and later, we would expect to see an additional log
entry with failures = 0.
There could be certain advantages to this approach, such as:
— being explicit,
— being able to detect changes in how the callbacks are called,
— understandable error messages, and
— easier debugging of the related failures.
Thanks,
Evgeny Kotkov
