* Fix build with OpenSSL 3.0
- FIPS_mode_set() does not exist in OpenSSL 3.0 [1]
- X509_check_* functions declarated in openssl/x509v3.h instead of openssl/x509.h [2]
- X509_chack_* functions have const char arg inserad of const unsigned char [2]
- skip MD4 tests if it is unsupported by OpenSSL
- the patch does not change behavior under OpenSSL version != 3
- the patch just fixes build under OpenSSL 3.0 and doesn't update deprecated code
or behavior
1. https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_from_the_OpenSSL_2.0_FIPS_Object_Module
2. https://www.openssl.org/docs/man3.0/man3/X509_check_host.html
* Add Ubuntu 22.04 runner to GitHub Actions go test workflow
* Fix flaky tests on Ubuntu 22.04
It is necessary to handle OpenSSL errors very carefully. Otherwise,
errors may appear in unexpected places. For example, we didn't catch
an error from EVP_DigestInit_ex() and it appears sometimes in conn.go:
func (c *Conn) getErrorHandler(rv C.int, errno error) func() error {
errcode := C.SSL_get_error(c.ssl, rv) // <- here
Fix `staticcheck` issues:
- S1028 use `fmt.Errorf` to construct formatted errors
- ST1017 yoda conditions
- ST1005 error message capitalization
- ST1006 avoid `self` as receiver name
- S1030 use `buf.String`
- S1011 avoid redundant loop when `append` suffices
- SA4006 unused value
- S1019 remove redundant capacity on `make` call
- SA2002 `t.Fatal` called outside of test
Exported error violates ST1012, which is ignored by this PR since rename may cause breaking changes.
Remove redundant parentheses wrapping, and use CamelCase naming while at it.
the signature for the X509_check_host function takes
a char **peername, and our vendored hostname code does
not have this argument. hilarity ensues!!
so since we never use it, just have our vendored code
ignore it.
Change-Id: I4fdf0a4cd43738e4cc7261e4e2d16a9deef1ac82
