From: Tomas Mraz <tomas@openssl.foundation>
Date: Thu, 16 Apr 2026 05:47:01 +0000 (+0200)
Subject: Fix broken sslapitest with old FIPS providers
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fcba2a133762f76bac128381ca3fa2e9a9fe424;p=thirdparty%2Fopenssl.git

Fix broken sslapitest with old FIPS providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Apr 16 06:34:31 2026
(Merged from https://github.com/openssl/openssl/pull/30858)
---

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 0cdb0f0a1b0..411d0076812 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -9700,7 +9700,8 @@ static int cert_cb(SSL *s, void *arg)
 
         chain = sk_X509_new_null();
 #ifndef OPENSSL_NO_ML_DSA
-        if (SSL_version(s) >= TLS1_3_VERSION) {
+        if (SSL_version(s) >= TLS1_3_VERSION
+            && fips_provider_version_ge(libctx, 3, 5, 0)) {
             if (!TEST_ptr(chain)
                 || !TEST_true(load_chain("root-ml-dsa-44-cert.pem", NULL, NULL, chain))
                 || !TEST_true(load_chain("server-ml-dsa-44-cert.pem", NULL, &x509, NULL))