From c63ba3e67f4d08d279bc823b1ac9884fb237541b Mon Sep 17 00:00:00 2001
From: Dan Radez <dradez@redhat.com>
Date: Tue, 2 Apr 2024 10:33:42 -0400
Subject: [PATCH] handle openssl3 error in ssl tests

Using OpenSSL 3, the expected error string caught in ssl tests has changed.
E       AssertionError: assert 'wrong version number' in
                                 '[SSL] record layer failure (_ssl.c:1000)'

This is already handled for OpenSSL pre-1.1 and gte-1.1, adding handling
for OpenSSL 3+

Fixes: #645
---
 cheroot/_compat.py       | 2 ++
 cheroot/test/test_ssl.py | 7 ++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/cheroot/_compat.py b/cheroot/_compat.py
index dbe5c6d2ff..a6497c1778 100644
--- a/cheroot/_compat.py
+++ b/cheroot/_compat.py
@@ -8,9 +8,11 @@
 try:
     import ssl
     IS_ABOVE_OPENSSL10 = ssl.OPENSSL_VERSION_INFO >= (1, 1)
+    IS_OPENSSL3 = ssl.OPENSSL_VERSION_INFO >= (3, 0)
     del ssl
 except ImportError:
     IS_ABOVE_OPENSSL10 = None
+    IS_OPENSSL3 = None
 
 
 IS_CI = bool(os.getenv('CI'))
diff --git a/cheroot/test/test_ssl.py b/cheroot/test/test_ssl.py
index 1900e20d15..047da4db36 100644
--- a/cheroot/test/test_ssl.py
+++ b/cheroot/test/test_ssl.py
@@ -17,7 +17,7 @@
 import trustme
 
 from .._compat import bton, ntob, ntou
-from .._compat import IS_ABOVE_OPENSSL10, IS_CI, IS_PYPY
+from .._compat import IS_ABOVE_OPENSSL10, IS_OPENSSL3, IS_CI, IS_PYPY
 from .._compat import IS_LINUX, IS_MACOS, IS_WINDOWS
 from ..server import HTTPServer, get_ssl_adapter_class
 from ..testing import (
@@ -597,8 +597,9 @@ def test_https_over_http_error(http_server, ip_addr):
             ),
         ).request('GET', '/')
     expected_substring = (
-        'wrong version number' if IS_ABOVE_OPENSSL10
-        else 'unknown protocol'
+      'record layer failure' if IS_OPENSSL3
+      else 'wrong version number' if IS_ABOVE_OPENSSL10
+      else 'unknown protocol'
     )
     assert expected_substring in ssl_err.value.args[-1]