Here's my WIP patch, building upon Lucas' patch. If I run the tests with OPENSSL_CONF pointing to the ssl.conf file in this patch (which has the legacy provider enabled) I get
Deduplicating the errors, there are 4 types of failures that I can see:
EVP_PKEY_derive_set_peer failures, from the test_diffie_hellman_group14_sha1.rb (7 or 8 failures) -> This has me completely puzzled, as the tests work fine for the group1 data.
OpenSSL::PKey::PKeyError: EVP_PKEY_keygen: bad ffc parameters (most errors)
->I haven't looked into this one just yet
Authentication::TestKeyManager#test_identities_with_ecdsa_should_load_from_agent:
OpenSSL::PKey::PKeyError: pkeys are immutable on OpenSSL 3.0
-> This one is similar to many other already fixed
OpenSSL::PKey::DSAError: incorrect pkey type: dhpublicnumber
-> I looked quickly into it. I suspect it's a bug in the OpenSSL Ruby bindings?
I'll keep at it tomorrow.
NB: I'm running the test suite manually from upstream git with the sole Debian patch applied, which explains why the total number of tests differs.
Here's my WIP patch, building upon Lucas' patch. If I run the tests with OPENSSL_CONF pointing to the ssl.conf file in this patch (which has the legacy provider enabled) I get
1504 runs, 4940 assertions, 4 failures, 23 errors, 0 skips
Deduplicating the errors, there are 4 types of failures that I can see:
EVP_PKEY_ derive_ set_peer failures, from the test_diffie_ hellman_ group14_ sha1.rb (7 or 8 failures) -> This has me completely puzzled, as the tests work fine for the group1 data.
OpenSSL: :PKey:: PKeyError: EVP_PKEY_keygen: bad ffc parameters (most errors)
->I haven't looked into this one just yet
Authentication: :TestKeyManager #test_identitie s_with_ ecdsa_should_ load_from_ agent: :PKey:: PKeyError: pkeys are immutable on OpenSSL 3.0
OpenSSL:
-> This one is similar to many other already fixed
OpenSSL: :PKey:: DSAError: incorrect pkey type: dhpublicnumber
-> I looked quickly into it. I suspect it's a bug in the OpenSSL Ruby bindings?
I'll keep at it tomorrow.
NB: I'm running the test suite manually from upstream git with the sole Debian patch applied, which explains why the total number of tests differs.