$OpenBSD: patch-test_openssl_test_ssl_rb,v 1.5 2021/11/02 10:19:11 tb Exp $

Remove a pend that hides missing support for SSL_CTX_set_client_cert_cb()
in the TLSv1.3 stack.

Index: test/openssl/test_ssl.rb
--- test/openssl/test_ssl.rb.orig
+++ test/openssl/test_ssl.rb
@@ -352,8 +352,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
   end
 
   def test_client_ca
-    pend "LibreSSL 3.2 has broken client CA support" if libressl?(3, 2, 0)
-
+    if ENV['SKIP_EXPECTED_FAILURES']
+      pend "skip failing client CA test"
+    end
     ctx_proc = Proc.new do |ctx|
       ctx.client_ca = [@ca_cert]
     end
@@ -669,6 +670,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
       create_cert_with_san('DNS:*.example.com'), 'foo.example.com'))
     assert_equal(false, OpenSSL::SSL.verify_certificate_identity(
       create_cert_with_san('DNS:*.example.com'), 'bar.foo.example.com'))
+    return if ENV['SKIP_EXPECTED_FAILURES']
     # 3.  The client MAY match a presented identifier in which the wildcard
     #     character is not the only character of the label (e.g.,
     #     baz*.example.net and *baz.example.net and b*z.example.net would
