* Fix build with OpenSSL 3.0
- FIPS_mode_set() does not exist in OpenSSL 3.0 [1]
- X509_check_* functions declarated in openssl/x509v3.h instead of openssl/x509.h [2]
- X509_chack_* functions have const char arg inserad of const unsigned char [2]
- skip MD4 tests if it is unsupported by OpenSSL
- the patch does not change behavior under OpenSSL version != 3
- the patch just fixes build under OpenSSL 3.0 and doesn't update deprecated code
or behavior
1. https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_from_the_OpenSSL_2.0_FIPS_Object_Module
2. https://www.openssl.org/docs/man3.0/man3/X509_check_host.html
* Add Ubuntu 22.04 runner to GitHub Actions go test workflow
* Fix flaky tests on Ubuntu 22.04
It is necessary to handle OpenSSL errors very carefully. Otherwise,
errors may appear in unexpected places. For example, we didn't catch
an error from EVP_DigestInit_ex() and it appears sometimes in conn.go:
func (c *Conn) getErrorHandler(rv C.int, errno error) func() error {
errcode := C.SSL_get_error(c.ssl, rv) // <- here
Use github.com/mattn/go-pointer to save/restore "pointers" across FFI
bounderies. Go reserves the right to move pointers, so using
`unsafe.Pointer` for this is not safe.
Closing may need to write, which will cause it to fail if the other side
has already closed. The correct fix is to use shutdown to half-close,
then wait for the other side, but that's honestly not worth it right
now. So I just fixed the tests to pass.
Fix `staticcheck` issues:
- S1028 use `fmt.Errorf` to construct formatted errors
- ST1017 yoda conditions
- ST1005 error message capitalization
- ST1006 avoid `self` as receiver name
- S1030 use `buf.String`
- S1011 avoid redundant loop when `append` suffices
- SA4006 unused value
- S1019 remove redundant capacity on `make` call
- SA2002 `t.Fatal` called outside of test
Exported error violates ST1012, which is ignored by this PR since rename may cause breaking changes.
Remove redundant parentheses wrapping, and use CamelCase naming while at it.