REGTESTS: ssl: make reg-tests compatible with OpenSSL 4.0

OpenSSL 4.0 changed the way it stores objects in X509_STORE structures
and are not allowing anymore to iterate on objects in insertion order.

Meaning that the order of the object are not the same before and after
OpenSSL 4.0, and the reg-tests need to handle both cases.

diff --git a/reg-tests/ssl/set_ssl_cafile.vtci b/reg-tests/ssl/set_ssl_cafile.vtci
index f193310eb6109c3e4817a9377a4dfe49de4a377b..b7b284932dba2df2860567bb05020116da3e8001 100644 (file)
--- a/reg-tests/ssl/set_ssl_cafile.vtci
+++ b/reg-tests/ssl/set_ssl_cafile.vtci
@@ -145,7 +145,7 @@ haproxy h1 -cli {
     send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
     expect !~ ".*SHA1 FingerPrint: 4FFF535278883264693CEA72C4FAD13F995D0098"
     send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
-    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D"
+    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D|5F8DAE4B2099A09F9BDDAFD7E9D900F0CE49977C"
 }
 
 client c1 -connect ${h1_clearverifiedlst_sock} {

diff --git a/reg-tests/ssl/set_ssl_crlfile.vtci b/reg-tests/ssl/set_ssl_crlfile.vtci
index 5f1267eb650be101e6d5ca529911255c90b90cc2..346be076b96fb7cfa4d63e55d5d8b58db930bf26 100644 (file)
--- a/reg-tests/ssl/set_ssl_crlfile.vtci
+++ b/reg-tests/ssl/set_ssl_crlfile.vtci
@@ -86,9 +86,7 @@ haproxy h1 -cli {
     expect ~ "\\*${testdir}/certs/interCA2_crl_empty.pem"
 
     send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem"
-    expect ~ "Revoked Certificates:"
-    send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem:1"
-    expect ~ "Serial Number: 1008"
+    expect ~ "Revoked Certificates:\n.*Serial Number: 1008"
 }
 
 # This connection should still succeed since the transaction was not committed