From e4ffdc07b1f0f01ebeab359c1001984912d87437 Mon Sep 17 00:00:00 2001
From: Simon Chopin <simon.chopin@canonical.com>
Date: Wed, 6 Apr 2022 18:43:57 +0200
Subject: tests: Enable legacy providers if using OpenSSL 3.0

Quite a few tests rely on outdated algorithms that have been relegated
to the legacy provider in OpenSSL 3.0. `rake test` now loads a custom
OpenSSL configuration file to enable said legacy provider, which is
usually disabled by default.
---
 Rakefile           |  6 ++++++
 test/openssl3.conf | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 test/openssl3.conf

diff --git a/Rakefile b/Rakefile
index 92d7a9f..5f5925d 100644
--- a/Rakefile
+++ b/Rakefile
@@ -95,6 +95,12 @@ Rake::TestTask.new do |t|
   t.test_files = test_files
 end
 
+# We need to enable the OpenSSL 3.0 legacy providers for our test suite
+require 'openssl'
+if OpenSSL::OPENSSL_LIBRARY_VERSION.start_with? "OpenSSL 3" then
+  ENV['OPENSSL_CONF'] = 'test/openssl3.conf'
+end
+
 desc "Run tests of Net::SSH:Test"
 Rake::TestTask.new do |t|
   t.name = "test_test"
diff --git a/test/openssl3.conf b/test/openssl3.conf
new file mode 100644
index 0000000..79bae9a
--- /dev/null
+++ b/test/openssl3.conf
@@ -0,0 +1,25 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+CipherString = DEFAULT@SECLEVEL=0
+# system_default = system_default_sect
+# 
+# [system_default_sect]
+# Options = UnsafeLegacyRenegotiation
-- 
cgit v1.2.1