From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 29 Jan 2026 14:18:08 +0000 (+0100)
Subject: REGTESTS: ssl: make reg-tests compatible with OpenSSL 4.0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da728aa0f66d97aa231cf22e94c25c2ed1a5e49b;p=thirdparty%2Fhaproxy.git

REGTESTS: ssl: make reg-tests compatible with OpenSSL 4.0

OpenSSL 4.0 changed the way it stores objects in X509_STORE structures
and are not allowing anymore to iterate on objects in insertion order.

Meaning that the order of the object are not the same before and after
OpenSSL 4.0, and the reg-tests need to handle both cases.
---

diff --git a/reg-tests/ssl/set_ssl_cafile.vtci b/reg-tests/ssl/set_ssl_cafile.vtci
index f193310eb..b7b284932 100644
--- a/reg-tests/ssl/set_ssl_cafile.vtci
+++ b/reg-tests/ssl/set_ssl_cafile.vtci
@@ -145,7 +145,7 @@ haproxy h1 -cli {
     send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
     expect !~ ".*SHA1 FingerPrint: 4FFF535278883264693CEA72C4FAD13F995D0098"
     send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
-    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D"
+    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D|5F8DAE4B2099A09F9BDDAFD7E9D900F0CE49977C"
 }
 
 client c1 -connect ${h1_clearverifiedlst_sock} {
diff --git a/reg-tests/ssl/set_ssl_crlfile.vtci b/reg-tests/ssl/set_ssl_crlfile.vtci
index 5f1267eb6..346be076b 100644
--- a/reg-tests/ssl/set_ssl_crlfile.vtci
+++ b/reg-tests/ssl/set_ssl_crlfile.vtci
@@ -86,9 +86,7 @@ haproxy h1 -cli {
     expect ~ "\\*${testdir}/certs/interCA2_crl_empty.pem"
 
     send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem"
-    expect ~ "Revoked Certificates:"
-    send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem:1"
-    expect ~ "Serial Number: 1008"
+    expect ~ "Revoked Certificates:\n.*Serial Number: 1008"
 }
 
 # This connection should still succeed since the transaction was not committed