Comment 8 for bug 1964025

Here's my WIP patch, building upon Lucas' patch. If I run the tests with OPENSSL_CONF pointing to the ssl.conf file in this patch (which has the legacy provider enabled) I get

1504 runs, 4940 assertions, 4 failures, 23 errors, 0 skips

Deduplicating the errors, there are 4 types of failures that I can see:

EVP_PKEY_derive_set_peer failures, from the test_diffie_hellman_group14_sha1.rb (7 or 8 failures) -> This has me completely puzzled, as the tests work fine for the group1 data.

OpenSSL::PKey::PKeyError: EVP_PKEY_keygen: bad ffc parameters (most errors)
->I haven't looked into this one just yet

Authentication::TestKeyManager#test_identities_with_ecdsa_should_load_from_agent:
OpenSSL::PKey::PKeyError: pkeys are immutable on OpenSSL 3.0
-> This one is similar to many other already fixed

OpenSSL::PKey::DSAError: incorrect pkey type: dhpublicnumber
-> I looked quickly into it. I suspect it's a bug in the OpenSSL Ruby bindings?

I'll keep at it tomorrow.

NB: I'm running the test suite manually from upstream git with the sole Debian patch applied, which explains why the total number of tests differs.