Testsuite fails against openssl 1.1.1h

[DimStar77]

openssl 1.1.1h has been released, with this short release notes:

 5+- Update to 1.1.1h
 6+  * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used
 7+  * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts
 8+- refresh openssl-fips_selftest_upstream_drbg.patch
 9+  * DRBG internals got renamed back:
10+    reseed_gen_counter  -> generate_counter
11+    reseed_prop_counter -> reseed_counter

Neon (up to current master, rev 0bdf346 fails to pass the test suite with this version openssl:

socket-ssl............ 21/46 SKIPPED - ssl_session_id (zero-length session ID, cannot test further)
socket-ssl............ 45/46 passed (1 skipped) 
ssl................... 52/64 FAIL - fail_ca_notyetvalid (no error in verification callback; request rv 0 error string: 200 OK)
ssl................... 53/64 FAIL - fail_ca_expired (no error in verification callback; request rv 0 error string: 200 OK)
ssl................... 55/64 FAIL - fail_nul_cn (verification flags were 6 not 22)
ssl................... 56/64 FAIL - fail_nul_san (verification flags were 6 not 22)
ssl................... 63/64 WARNING: NSS required for PKCS#11 testing
[   67s] ssl................... 63/64 SKIPPED - pkcs11
ssl................... 64/64 WARNING: NSS required for PKCS#11 testing
[   67s] ssl................... 64/64 SKIPPED - pkcs11_dsa
ssl................... 58/64 passed, 4 failed (2 skipped) (2 warnings)

Test environment: openSUSE Tumbleweed, openssl 1.1.1h integration test project

[pmgdeb]

I think the fail_nul_* tests fail because OpenSSL is configured to reject SHA-1 digests.

[notroj]

Thanks for the report. Yup, that's right. I disabled the tests now.

From a fresh build (make clean && make check TESTS=ssl) can you attach test/debug.log so I can see the debugging output for the other failures?

[notroj]

I don't see any failures with 1.1.1i on the master branch, so I'm going to assume it's fixed with 0f2d079