These are updates to help with OpenSSL 3 compilation. I found
https://github.com/libevent/libevent/pull/1288 after I started this, but
these seem independent, and fix a different set of problems:
- First off, OpenSSL 3 does not by default allow signing with SHA1
digests - moving this to SHA256 universally at this point seems a
better idea than continuing to use the insecure SHA1 for older OpenSSL
versions. This fixes X509_sign failing in regress_openssl for a number
of tests, eg:
```
regress: http/https_openssl_basic:
FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_filter_basic:
FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_simple:
...
```
- Secondly, when using TLS 1.3, there's no support for renegotiation, so
for the renegotiation tests, we need to disable TLS v1.3, and expect
to negotiate TLS 1.1 or 1.2
Fixes: #661
* upstream/pr/1291:
OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support
OpenSSL 3 fixes: use SHA256 instead of SHA1
projects / libevent / commitdiff