From e4ffdc07b1f0f01ebeab359c1001984912d87437 Mon Sep 17 00:00:00 2001
From: Simon Chopin <simon.chopin@canonical.com>
Date: Wed, 6 Apr 2022 18:43:57 +0200
Subject: tests: Enable legacy providers if using OpenSSL 3.0

Quite a few tests rely on outdated algorithms that have been relegated
to the legacy provider in OpenSSL 3.0. `rake test` now loads a custom
OpenSSL configuration file to enable said legacy provider, which is
usually disabled by default.
---
 test/openssl3.conf | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 test/openssl3.conf

(limited to 'test')

diff --git a/test/openssl3.conf b/test/openssl3.conf
new file mode 100644
index 0000000..79bae9a
--- /dev/null
+++ b/test/openssl3.conf
@@ -0,0 +1,25 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+CipherString = DEFAULT@SECLEVEL=0
+# system_default = system_default_sect
+# 
+# [system_default_sect]
+# Options = UnsafeLegacyRenegotiation
-- 
cgit v1.2.1