Don't use legacy provider if not available in test_ssl_old

If we've been configured with no-legacy then we should not attempt to
load the legacy provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

1 files changed, 7 insertions, 2 deletions

diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 4e3c0998a2..05b940ca8e 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -104,7 +104,12 @@ subtest 'test_ss' => sub {
 };
 
 note('test_ssl -- key U');
-testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default-and-legacy.cnf"));
+my $configfile = srctop_file("test","default-and-legacy.cnf");
+if (disabled("legacy")) {
+    $configfile = srctop_file("test","default.cnf");
+}
+
+testssl("keyU.ss", $Ucert, $CAcert, "default", $configfile);
 unless ($no_fips) {
     testssl("keyU.ss", $Ucert, $CAcert, "fips",
             srctop_file("test","fips-and-base.cnf"));
@@ -329,7 +334,7 @@ sub testssl {
     my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
     my @providerflags = ("-provider", $provider);
 
-    if ($provider eq "default") {
+    if ($provider eq "default" && !disabled("legacy")) {
         push @providerflags, "-provider", "legacy";
     }