test: address review feedback on ssl/stream-mtls tests

- t/ssl.t: guard the openresty version parse so an unexpected `nginx -V`
  output falls back to the pre-1.29 wording instead of warning on an undef
  numeric comparison.
- t/stream/upstream_mtls.t: TEST 2 now also asserts the upstream rejects the
  request ("No required SSL certificate was sent"), proving the handshake did
  not succeed when set_cert_and_key rejected the missing key, not just that the
  argument was rejected.

Author: AlinsRan

t/ssl.t

@@ -8,9 +8,12 @@ no_long_string();
 # reworded in OpenResty 1.29.2.4. Detect the running version once and pick
 # the exact expected message, so a wrong-message regression is still caught.
 my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx';
-my $version = eval { `$nginx_binary -V 2>&1` };
+my $version = eval { `$nginx_binary -V 2>&1` } // '';
 my ($major, $minor) = $version =~ m{openresty/(\d+)\.(\d+)};
-my $reworded = ($major > 1 or ($major == 1 and $minor >= 29));
+# If the version cannot be parsed, fall back to the pre-1.29 wording rather
+# than warning on an undef numeric compare.
+my $reworded = defined $major && defined $minor
+    && ($major > 1 || ($major == 1 && $minor >= 29));
 
 $::err_cert_both_set = $reworded
     ? "client_cert_path and client_cert cannot both be set"

t/stream/upstream_mtls.t

@@ -86,6 +86,10 @@ __DATA__
 "GET / HTTP/1.0\r\nHost: admin.apisix.dev\r\n\r\n"
 --- error_log
 set_cert_and_key failed: both client certificate and private key should be given
+# no client cert was applied, so the upstream mTLS must not succeed: the
+# verify-on upstream rejects the request instead of printing "client verify:
+# SUCCESS"
+--- stream_response_like: No required SSL certificate was sent