Use ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"] instead of OpenSSL::OPENSSL_FIPS.

junaruga · junaruga · commit 13d1a89474f3 · 2025-02-24T16:40:20.000+01:00
As OpenSSL::OPENSSL_FIPS always returns true on OpenSSL >= 3.0.0, we cannot use this constant as a flag to check whether the OpenSSL is FIPS or not. See <https://github.com/ruby/openssl/blob/d725783c5c180337f3d00efcba5b8744e0aea813/ext/openssl/ossl.c#L994-L1004>.
diff --git a/test/openssl/test_fips.rb b/test/openssl/test_fips.rb
@@ -37,7 +37,9 @@ def test_fips_mode_is_reentrant
   end
 
   def test_fips_mode_get_with_fips_mode_set
-    omit('OpenSSL is not FIPS-capable') unless OpenSSL::OPENSSL_FIPS
+    unless ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"]
+      omit "Only for FIPS mode environment"
+    end
     pend "AWS-LC's FIPS mode is decided at compile time" if aws_lc?
 
     assert_separately(["-ropenssl"], <<~"end;")
