From da728aa0f66d97aa231cf22e94c25c2ed1a5e49b Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 29 Jan 2026 15:18:08 +0100
Subject: [PATCH] REGTESTS: ssl: make reg-tests compatible with OpenSSL 4.0

OpenSSL 4.0 changed the way it stores objects in X509_STORE structures
and are not allowing anymore to iterate on objects in insertion order.

Meaning that the order of the object are not the same before and after
OpenSSL 4.0, and the reg-tests need to handle both cases.
---
 reg-tests/ssl/set_ssl_cafile.vtci  | 2 +-
 reg-tests/ssl/set_ssl_crlfile.vtci | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/reg-tests/ssl/set_ssl_cafile.vtci b/reg-tests/ssl/set_ssl_cafile.vtci
index f193310eb..b7b284932 100644
--- a/reg-tests/ssl/set_ssl_cafile.vtci
+++ b/reg-tests/ssl/set_ssl_cafile.vtci
@@ -145,7 +145,7 @@ haproxy h1 -cli {
     send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
     expect !~ ".*SHA1 FingerPrint: 4FFF535278883264693CEA72C4FAD13F995D0098"
     send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
-    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D"
+    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D|5F8DAE4B2099A09F9BDDAFD7E9D900F0CE49977C"
 }
 
 client c1 -connect ${h1_clearverifiedlst_sock} {
diff --git a/reg-tests/ssl/set_ssl_crlfile.vtci b/reg-tests/ssl/set_ssl_crlfile.vtci
index 5f1267eb6..346be076b 100644
--- a/reg-tests/ssl/set_ssl_crlfile.vtci
+++ b/reg-tests/ssl/set_ssl_crlfile.vtci
@@ -86,9 +86,7 @@ haproxy h1 -cli {
     expect ~ "\\*${testdir}/certs/interCA2_crl_empty.pem"
 
     send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem"
-    expect ~ "Revoked Certificates:"
-    send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem:1"
-    expect ~ "Serial Number: 1008"
+    expect ~ "Revoked Certificates:\n.*Serial Number: 1008"
 }
 
 # This connection should still succeed since the transaction was not committed
-- 
2.47.3