REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
LibreSSL-3.4.2 introduced cert revocation check behaviour change, for some
checks now X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY (20) is returned.
https://github.com/libressl-portable/portable/issues/697
let us modify vtc accordingly
diff --git a/reg-tests/ssl/new_del_ssl_cafile.vtc b/reg-tests/ssl/new_del_ssl_cafile.vtc
index 166ba2c..4b04571 100644
--- a/reg-tests/ssl/new_del_ssl_cafile.vtc
+++ b/reg-tests/ssl/new_del_ssl_cafile.vtc
@@ -60,7 +60,7 @@
rxresp
expect resp.status == 200
# The CA file known by the frontend does not allow to verify the client's certificate
- expect resp.http.X-SSL-Client-Verify == 21
+ expect resp.http.X-SSL-Client-Verify ~ "20|21"
} -run
# This connection should fail because the with-ca.com sni is not mentioned in the crt-list yet.
diff --git a/reg-tests/ssl/set_ssl_cafile.vtc b/reg-tests/ssl/set_ssl_cafile.vtc
index 38ee919..c9dbf74 100644
--- a/reg-tests/ssl/set_ssl_cafile.vtc
+++ b/reg-tests/ssl/set_ssl_cafile.vtc
@@ -77,7 +77,7 @@
rxresp
expect resp.status == 200
# unable to verify the client certificate
- expect resp.http.X-SSL-Client-Verify == 21
+ expect resp.http.X-SSL-Client-Verify ~ "20|21"
} -run
# Set a new ca-file without committing it and check that the new ca-file is not taken into account
@@ -106,7 +106,7 @@
rxresp
expect resp.status == 200
# unable to verify the client certificate
- expect resp.http.X-SSL-Client-Verify == 21
+ expect resp.http.X-SSL-Client-Verify ~ "20|21"
} -run
haproxy h1 -cli {