From 29c420c418aeb497e5e8b7abd45dee39194ca5fc Mon Sep 17 00:00:00 2001
From: William Marlow <william.marlow@ibm.com>
Date: Sat, 18 Jun 2022 21:43:31 +0100
Subject: Initial OpenSSL 3.0 support

* Don't use deprecated functions when building against OpenSSL 3.0.
* Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol.
  error in addition to the expected IO error produced by OpenSSL 1.1.1
* Update regress_mbedtls.c for compatibility with OpenSSL 3
---
 test/regress_mbedtls.c | 1 +
 test/regress_ssl.c     | 9 +++++++++
 2 files changed, 10 insertions(+)

(limited to 'test')

diff --git a/test/regress_mbedtls.c b/test/regress_mbedtls.c
index 6822fece..df152a2f 100644
--- a/test/regress_mbedtls.c
+++ b/test/regress_mbedtls.c
@@ -48,6 +48,7 @@
 
 #define SSL_renegotiate mbedtls_ssl_renegotiate
 #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
+#define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert
 #define SSL_new mbedtls_ssl_new
 #define SSL_use_certificate(a, b) \
 	do {                          \
diff --git a/test/regress_ssl.c b/test/regress_ssl.c
index 19b29b56..a27f225a 100644
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@@ -224,7 +224,16 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
 		++n_connected;
 		ssl = bufferevent_ssl_get_ssl(bev);
 		tt_assert(ssl);
+#if OPENSSL_VERSION_MAJOR >= 3
+		/* SSL_get1_peer_certificate() means we want
+		 * to increase the reference count on the cert
+		 * and so we will need to free it ourselves later
+		 * when we're done with it. The non-reference count
+		 * increasing version is not available in OpenSSL 1.1.1. */
+		peer_cert = SSL_get1_peer_certificate(ssl);
+#else
 		peer_cert = SSL_get_peer_certificate(ssl);
+#endif
 		if (type & REGRESS_OPENSSL_SERVER) {
 			tt_assert(peer_cert == NULL);
 		} else {
-- 
cgit v1.2.1