svn commit: r1931008 - serf/trunk/test

Wed, 31 Dec 2025 08:26:01 -0800 

Author: brane
Date: Wed Dec 31 16:25:52 2025
New Revision: 1931008

Log:
Follow up to r1931007: make conditional compilation more portable.

* test/test_ssl.c
  (test_ssl_revoked_server_cert): Move the #if outside of the macro
   invocation, and use OPENSSL_VERSION_PREREQ for OpenSSL 3.x checks.
  (test_ssl_ocsp_verify_response_no_signer): Use OPENSSL_VERSION_PREREQ.

Modified:
   serf/trunk/test/test_ssl.c

Modified: serf/trunk/test/test_ssl.c
==============================================================================
--- serf/trunk/test/test_ssl.c  Wed Dec 31 15:51:41 2025        (r1931007)
+++ serf/trunk/test/test_ssl.c  Wed Dec 31 16:25:52 2025        (r1931008)
@@ -1394,16 +1394,22 @@ static void test_ssl_revoked_server_cert
        certificate. OpenSSL may call the application multiple times per depth,
        e.g. once to tell that the cert is revoked, and a second time to tell
        that the certificate itself is valid. */
+#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3, 6)
+    /* In OpenSSL 3.6, error handling changed so that only the
+       first instance of CERT_UNABLE_TO_GET_CRL is reported. */
+    CuAssertStrEquals(tc,
+        "cert_cb: failures = CERT_REVOKED, cert = (CN=localhost, depth=0)\n"
+        "cert_cb: failures = CERT_UNABLE_TO_GET_CRL, cert = (CN=Serf CA, 
depth=1)\n"
+        "cert_cb: failures = NONE, cert = (CN=localhost, depth=0)\n",
+        tb->user_baton);
+#else
     CuAssertStrEquals(tc,
         "cert_cb: failures = CERT_REVOKED, cert = (CN=localhost, depth=0)\n"
         "cert_cb: failures = CERT_UNABLE_TO_GET_CRL, cert = (CN=Serf CA, 
depth=1)\n"
-#if OPENSSL_VERSION_NUMBER < ((3 << 28) | (6 << 20)) /* OpenSSL 3.6.0 */
-        /* In OpenSSL 3.6, error handling changed so that only
-           the first CERT_UNABLE_TO_GET_CRL is reported. */
         "cert_cb: failures = CERT_UNABLE_TO_GET_CRL, cert = (CN=Serf Root CA, 
depth=2)\n"
-#endif
         "cert_cb: failures = NONE, cert = (CN=localhost, depth=0)\n",
         tb->user_baton);
+#endif
 }
 
 /* Test if serf is sets up an SSL tunnel to the proxy and doesn't contact the
@@ -2788,7 +2794,7 @@ static void test_ssl_ocsp_verify_respons
 {
 #ifndef OPENSSL_NO_OCSP
     apr_status_t status = verify_ocsp_response(tc, 1, 0, 0, 0);
-#if OPENSSL_VERSION_NUMBER >= (3 << 28) /* OpenSSL 3.0.0 */
+#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3, 0)
     /* OCSP responses MUST be signed, and on newer versions of OpenSSL we
        can't even create one without a signature. This error doesn't come
        from response validation but because OCSP_response_create() fails. */

Reply via email to