From: Azat Khuzhin <azat@libevent.org>
Date: Sat, 9 Jul 2022 10:35:54 +0000 (+0300)
Subject: Fix some OpenSSL 3 test issues (#1291)
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=29032da661369160f1cfe1019ceecae124d0d8c9;p=libevent

Fix some OpenSSL 3 test issues (#1291)

These are updates to help with OpenSSL 3 compilation. I found
https://github.com/libevent/libevent/pull/1288 after I started this, but
these seem independent, and fix a different set of problems:

- First off, OpenSSL 3 does not by default allow signing with SHA1
  digests - moving this to SHA256 universally at this point seems a
  better idea than continuing to use the insecure SHA1 for older OpenSSL
  versions. This fixes X509_sign failing in regress_openssl for a number
  of tests, eg:

  ```
   regress: http/https_openssl_basic:
    FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_filter_basic:
    FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_simple:
  ...
  ```

- Secondly, when using TLS 1.3, there's no support for renegotiation, so
  for the renegotiation tests, we need to disable TLS v1.3, and expect
  to negotiate TLS 1.1 or 1.2

Fixes: #661

* upstream/pr/1291:
  OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support
  OpenSSL 3 fixes: use SHA256 instead of SHA1
---

29032da661369160f1cfe1019ceecae124d0d8c9