CI OpenSSL version needs 1.1.1e updates for SSL_set_tlsext_host_name

[bneradt]

Traffic Dump retrieves the server-side TLS server name via SSL_get_servername:

trafficserver/plugins/experimental/traffic_dump/session_data.cc

Line 105 in 40de57b

char const *sni_ptr = SSL_get_servername(ssl_obj, TLSEXT_NAMETYPE_host_name);

With the patch in the following PR the traffic_dump test consistently fails because the SNI is not being retrieved:
#7537

Locally, @duke8253 and I were not able to reproduce this failure. @duke8253 was able to reproduce this when he ran with OpenSSL 1.1.1d. The documentation mentions bug fixes that went into 1.1.1e SSL_get_servername:

https://www.openssl.org/docs/man1.1.1/man3/SSL_set_tlsext_host_name.html

Quoting:

HISTORY

SSL_get_servername() historically provided some unexpected results in certain corner cases. This has been fixed from OpenSSL 1.1.1e.

Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but set a different explicit servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake.

Also prior to 1.1.1e, if the client sent a servername in the first handshake but the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to NULL.

It would be helpful if we could update CI's version of OpenSSL, which currently runs an older version of OpensSSL 3.0.0 master, to have these fixes.

[duke8253]

It would be great if we can get this fixed soon.

[bneradt]

The latest version of OpenSSL-quic breaks the TLS handshake for AuTests when ATS is built against it. @duke8253 suggested I use a draft-29 version which worked fine locally. I deployed it to all the CI systems and all the AuTests passed for his PR:

#7537

To record what I did:

1. I copied the current versions of /opt/openssl-quic to /opt/openssl-quic_quic-draft-22, preserving the old version in case we need it and recording the branch from which it was built which I derived from a git search.
2. @zwoop pointed me to https://github.com/apache/trafficserver/blob/master/tools/build_h3_tools.sh. I copied that onto the jenkins master box.
3. I modified build_h3_tools.sh to just build and install openssl-quic using the OpenSSL_1_1_1g-quic-draft-29, installing to /opt/openssl-quic_OpenSSL_1_1_1g-quic-draft-29
4. I then symbolic linked /opt/openssl-quic to the new /opt/openssl-quic_OpenSSL_1_1_1g-quic-draft-29
5. I then applied these same changes to each of the CI agent machines (moving the old directory to the specified location, rsync'ed the new openssl-quic draft 29 version, and then symbolic linked /opt/openssl-quic).