Attached is the newest version of the patch, which solves all failures mentioned above except for the EVP_PKEY_derive_set_peer diffie-hellman group 14 one:
* split the patch into smaller patches to ease upstream inclusion
* automatically load the custom ssl config with legacy providers if OpenSSL 3.0 is detected
* try to mock up the group 14 issue in a C PoC to get some OpenSSL upstream eyeballs on the problem
Attached is the newest version of the patch, which solves all failures mentioned above except for the EVP_PKEY_ derive_ set_peer diffie-hellman group 14 one:
1504 runs, 5067 assertions, 4 failures, 3 errors, 0 skips
Next steps are
* split the patch into smaller patches to ease upstream inclusion
* automatically load the custom ssl config with legacy providers if OpenSSL 3.0 is detected
* try to mock up the group 14 issue in a C PoC to get some OpenSSL upstream eyeballs on the problem