Hello! I noticed that the test_ssl_ocsp_verify_response_no_signer() test fails if serf is built with OpenSSL 3.0+:
[[ There was 1 failure: 1) test_ssl_ocsp_verify_response_no_signer: test/test_ssl.c:2724: expected <120176> but was <20014> ]] It looks like the OCSP_response_create() call [1] returns NULL and the test fails with APR_EGENERAL [2]. I found that the problem appeared after this commit [3], which introduces more strict behavior and refuses to encode *invalid* OCSP responses. In particular, responses with missing mandatory fields. The test checks the "no signer" case and I can assume that a signer is a mandatory field for OCSP responses. In other words, it looks like the test checks an OCSP response, which can no longer be created using the OpenSSL API. [1] http://svn.apache.org/viewvc/serf/trunk/test/test_ssl.c?view=markup&pathrev=1901040#l2501 [2] http://svn.apache.org/viewvc/serf/trunk/test/test_ssl.c?view=markup&pathrev=1901040#l2590 [3] https://github.com/openssl/openssl/commit/4cd473518777766e303cebe89c5a056dbec7e513# Kind Regards, Denis Kovalchuk
