REGTESTS: ssl: make reg-tests compatible with OpenSSL 4.0

OpenSSL 4.0 changed the way it stores objects in X509_STORE structures and are not allowing anymore to iterate on objects in insertion order. Meaning that the order of the object are not the same before and after OpenSSL 4.0, and the reg-tests need to handle both cases.
2026-02-04 17:01:24 +01:00 · 2026-01-29 15:18:08 +01:00 · 2026-01-29 15:18:08 +01:00 · da728aa0f6
commit da728aa0f6
parent 23e8ed6ea6
2 changed files with 2 additions and 4 deletions
--- a/reg-tests/ssl/set_ssl_cafile.vtci
+++ b/reg-tests/ssl/set_ssl_cafile.vtci
@ -145,7 +145,7 @@ haproxy h1 -cli {
    send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
    expect !~ ".*SHA1 FingerPrint: 4FFF535278883264693CEA72C4FAD13F995D0098"
    send "show ssl ca-file ${testdir}/certs/set_cafile_interCA1.crt:2"
-    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D"
+    expect ~ ".*SHA1 FingerPrint: 3D3D1D10AD74A8135F05A818E10E5FA91433954D|5F8DAE4B2099A09F9BDDAFD7E9D900F0CE49977C"
 }

 client c1 -connect ${h1_clearverifiedlst_sock} {
--- a/reg-tests/ssl/set_ssl_crlfile.vtci
+++ b/reg-tests/ssl/set_ssl_crlfile.vtci
@ -86,9 +86,7 @@ haproxy h1 -cli {
    expect ~ "\\*${testdir}/certs/interCA2_crl_empty.pem"

    send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem"
-    expect ~ "Revoked Certificates:"
-    send "show ssl crl-file \\*${testdir}/certs/interCA2_crl_empty.pem:1"
-    expect ~ "Serial Number: 1008"
+    expect ~ "Revoked Certificates:\n.*Serial Number: 1008"
 }

 # This connection should still succeed since the transaction was not committed