Commit 6fcba2a133 for openssl.org

commit 6fcba2a133762f76bac128381ca3fa2e9a9fe424
Author: Tomas Mraz <tomas@openssl.foundation>
Date:   Thu Apr 16 07:47:01 2026 +0200

    Fix broken sslapitest with old FIPS providers

    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Thu Apr 16 06:34:31 2026
    (Merged from https://github.com/openssl/openssl/pull/30858)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 0cdb0f0a1b..411d007681 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -9700,7 +9700,8 @@ static int cert_cb(SSL *s, void *arg)

         chain = sk_X509_new_null();
 #ifndef OPENSSL_NO_ML_DSA
-        if (SSL_version(s) >= TLS1_3_VERSION) {
+        if (SSL_version(s) >= TLS1_3_VERSION
+            && fips_provider_version_ge(libctx, 3, 5, 0)) {
             if (!TEST_ptr(chain)
                 || !TEST_true(load_chain("root-ml-dsa-44-cert.pem", NULL, NULL, chain))
                 || !TEST_true(load_chain("server-ml-dsa-44-cert.pem", NULL, &x509, NULL))