When investigating the failing test, I noticed that the connection was broken during test setup:

[2020-07-04 11:36:57:750] [INFO    ] [     pool-34-thread-11 ] IOService.readData()             : Socket: TLS: c2s@localhost/127.0.0.1_5222_127.0.0.1_62134 Socket[addr=/127.0.0.1,port=62134,localport=5222], Exception starting connectionjavax.net.ssl.SSLHandshakeException: Empty server certificate chain

After more digging in it turned out that the cause of the issue was change in #server-1035 - we enabled requirement for TLS for all connections. This broke the test because it was expected, that the user would be available prior to running the test. Due to internal changes in TTS-NG, instead of having user created by admin user, we were registering required accounts during setup of each test class (if needed). We also were configuring this particular, dedicated VHost to force requirement on client certificate while at the same time - we weren't configuring the client to provide it hence the setUp with user registration was failing.

Given, that the test was not testing authentication (SASL-EXTERNAL with certificate) and merely was a test that server correctly enforces requirement for the certificate and the CA is correctly setup, I change slightly the tests and moved account registration to tests itself and verify only if the registration was successful (indicating, that the TLS was indeed correctly established).

We should add dedicated SASL-EXTERNAL test though.