Author: brane
Date: Thu Jul 17 14:05:32 2025
New Revision: 1927292
URL: http://svn.apache.org/viewvc?rev=1927292&view=rev
Log:
Make a test pass with LibreSSL and old (deprecated) OpenSSL.
* test/test_ssl.c: Include openssl/opensslv.h.
(test_ssl_ocsp_verify_response_no_signer): Expect different errors based
on the version of OpenSSL (LibreSSL declares itself as OpenSSL 2.0.0).
Modified:
serf/trunk/test/test_ssl.c
Modified: serf/trunk/test/test_ssl.c
URL:
http://svn.apache.org/viewvc/serf/trunk/test/test_ssl.c?rev=1927292&r1=1927291&r2=1927292&view=diff
==============================================================================
--- serf/trunk/test/test_ssl.c (original)
+++ serf/trunk/test/test_ssl.c Thu Jul 17 14:05:32 2025
@@ -31,6 +31,7 @@
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
+#include <openssl/opensslv.h>
#ifndef OPENSSL_NO_OCSP /* requires openssl 0.9.7 or later */
#include <openssl/ocsp.h>
#endif
@@ -2783,10 +2784,16 @@ static void test_ssl_ocsp_verify_respons
{
#ifndef OPENSSL_NO_OCSP
apr_status_t status = verify_ocsp_response(tc, 1, 0, 0, 0);
- /* OCSP responses MUST be signed, we can't even create one
- without a signature. This error doesn't come from response
- validation but because OCSP_response_create() fails. */
+#if OPENSSL_VERSION_NUMBER >= (3 << 28) /* OpenSSL 3.0.0 */
+ /* OCSP responses MUST be signed, and on newer versions of OpenSSL we
+ can't even create one without a signature. This error doesn't come
+ from response validation but because OCSP_response_create() fails. */
CuAssertIntEquals(tc, APR_EGENERAL, status);
+#else
+ /* But both LibreSSL and OpenSSL up to 1.1.1 do allow creating such
+ a response, and so our validation will return a different error. */
+ CuAssertIntEquals(tc, SERF_ERROR_SSL_OCSP_RESPONSE_INVALID, status);
+#endif
#endif /* OPENSSL_NO_OCSP */
}
