search

icing / mod_h2

HTTP/2 module for Apache httpd
https://icing.github.io/mod_h2/
Apache License 2.0
256 stars 41 forks source link

Switch to using OpenSSL EVP_* API to avoid deprecation warnings with OpenSSL 3.0. #211

Closed notroj closed 3 years ago

notroj commented 3 years ago

Not sure if the test suite is exercising this code directly, so may be untested. FWIW I get the same four failures running "make test" against httpd trunk on Fedora 34 with and without this patch.

============================================== short test summary info ==============================================
FAILED test_101_ssl_reneg.py::TestStore::test_101_02 - assert 0 != 0
FAILED test_101_ssl_reneg.py::TestStore::test_101_11 - assert 0 != 0
FAILED test_105_timeout.py::TestStore::test_105_01 - assert False
FAILED test_105_timeout.py::TestStore::test_105_02 - assert False
icing commented 3 years ago

Thanks for the patch! I merged and on my local setup all works nicely.

101_02 tries to trigger a TSL cipher renegotiation in a directory by requiring ECDHE-RSA-CHACHA20-POLY1305. If that cipher had already been negoatiated, the access will succeed unexpectedly. Same for 101_11.

Is there an easy way for me to test on such a Fedora system?

The 105 tests are a bit time critical. Need to verify how to improve the tests here to work more reliably on other OS.