Initial OpenSSL 3.0 support

* Don't use deprecated functions when building against OpenSSL 3.0.
* Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol.
  error in addition to the expected IO error produced by OpenSSL 1.1.1
* Update regress_mbedtls.c for compatibility with OpenSSL 3

2 files changed, 10 insertions, 0 deletions

diff --git a/test/regress_mbedtls.c b/test/regress_mbedtls.c
index 6822fece..df152a2f 100644
--- a/test/regress_mbedtls.c
+++ b/test/regress_mbedtls.c
@@ -48,6 +48,7 @@
 
 #define SSL_renegotiate mbedtls_ssl_renegotiate
 #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
+#define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert
 #define SSL_new mbedtls_ssl_new
 #define SSL_use_certificate(a, b) \
 	do {                          \
diff --git a/test/regress_ssl.c b/test/regress_ssl.c
index 19b29b56..a27f225a 100644
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@@ -224,7 +224,16 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
 		++n_connected;
 		ssl = bufferevent_ssl_get_ssl(bev);
 		tt_assert(ssl);
+#if OPENSSL_VERSION_MAJOR >= 3
+		/* SSL_get1_peer_certificate() means we want
+		 * to increase the reference count on the cert
+		 * and so we will need to free it ourselves later
+		 * when we're done with it. The non-reference count
+		 * increasing version is not available in OpenSSL 1.1.1. */
+		peer_cert = SSL_get1_peer_certificate(ssl);
+#else
 		peer_cert = SSL_get_peer_certificate(ssl);
+#endif
 		if (type & REGRESS_OPENSSL_SERVER) {
 			tt_assert(peer_cert == NULL);
 		} else {