From: Matt Caswell <matt@openssl.org>
Date: Wed, 2 Dec 2020 12:23:37 +0000 (+0000)
Subject: Don't use legacy provider if not available in test_ssl_old
X-Git-Tag: openssl-3.0.0-alpha10~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49da54b9faca740592ff0645b480dfeaca775970;p=thirdparty%2Fopenssl.git

Don't use legacy provider if not available in test_ssl_old

If we've been configured with no-legacy then we should not attempt to
load the legacy provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)
---

diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 4e3c0998a29..05b940ca8eb 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -104,7 +104,12 @@ subtest 'test_ss' => sub {
 };
 
 note('test_ssl -- key U');
-testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default-and-legacy.cnf"));
+my $configfile = srctop_file("test","default-and-legacy.cnf");
+if (disabled("legacy")) {
+    $configfile = srctop_file("test","default.cnf");
+}
+
+testssl("keyU.ss", $Ucert, $CAcert, "default", $configfile);
 unless ($no_fips) {
     testssl("keyU.ss", $Ucert, $CAcert, "fips",
             srctop_file("test","fips-and-base.cnf"));
@@ -329,7 +334,7 @@ sub testssl {
     my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
     my @providerflags = ("-provider", $provider);
 
-    if ($provider eq "default") {
+    if ($provider eq "default" && !disabled("legacy")) {
         push @providerflags, "-provider", "legacy";
     }