Stunnel has a ui_retry() function that inspects the topmost entry on the
OpenSSL error stack to decide whether it should re-try a certain
operation.
With OpenSSL 3, many of these error codes changed. For example, when
using an encrypted private key, stunnel will prompt for the password on
startup, but will not repeat the prompt with OpenSSL 3 when the password
is entered incorrectly, because the error code returned for this case
changed.
This problem becomes worse with OpenSSL 3.0.7 in RHEL 9.2: because of
the same root cause, stunnel no longer prompts for the password at all.
Fix this by backporting changes in the ui_retry() function from 5.66.
Resolves: rhbz#2151888
Signed-off-by: Clemens Lang <cllang@redhat.com>
The || section after make test replaced the return value of the entire
statement with 0. This hides error in test execution.
Resolves: rhbz#2051083
Signed-off-by: Clemens Lang <cllang@redhat.com>
Update the default TLS version patch to no longer include a large amount
of whitespace in its "Using the default TLS version as specified in its
OpenSSL crypto policies. Not setting explicitly." message. The
whitespace was caused by a line continuation, which is now replaced by
string literal concatenation.
Patch one of the FIPS tests to address changed error behavior when
a cipher suite is not available in OpenSSL 3.
Switch to package URL to https. Upstream has done the same in the spec
file in the tarball.
Add build dependencies for python3 and the openssl command line tool.
Both are used in tests now.
Drop a sed expression applied to the configure script that no longer
does anything and remove environment variables from testing that are no
longer required to make the tests pass.
Resolves: rhbz#2039299
Signed-off-by: Clemens Lang <cllang@redhat.com>
