From f793b28de437eff3b3f2f14320e08198ceaf75c1 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 1 Nov 2024 08:42:41 +1100
Subject: [PATCH] Add missing $FEATURETEST --have-fips-dh

Notify over TLS only works if FIPS DH is supported.  Skip the system
tests parts that depend on it.

(cherry picked from commit 4f7e3e29a7907dada00ed8a4002eecb669214646)
---
 bin/tests/system/notify/tests.sh | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index d68c76250a..6c90ebae2b 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -118,17 +118,19 @@ grep 'notify from 10.53.0.2#[0-9][0-9]*: serial 2$' ns3/named.run >/dev/null ||
 grep 'refused notify from non-primary: fd92:7065:b8e:ffff::2#[0-9][0-9]*$' ns3/named.run >/dev/null || ret=1
 test_end
 
-test_start "checking notify over TLS successful"
-grep "zone tls-x1/IN: notify to 10.53.0.2#${TLSPORT} successful" ns3/named.run >/dev/null || ret=1
-grep "zone tls-x2/IN: notify to 10.53.0.2#${EXTRAPORT1} successful" ns3/named.run >/dev/null || ret=1
-grep "zone tls-x3/IN: notify to 10.53.0.2#${EXTRAPORT1} successful" ns3/named.run >/dev/null || ret=1
-grep "zone tls-x5/IN: notify to 10.53.0.2#${EXTRAPORT3} successful" ns3/named.run >/dev/null || ret=1
-test_end
+if $FEATURETEST --have-fips-dh; then
+  test_start "checking notify over TLS successful"
+  grep "zone tls-x1/IN: notify to 10.53.0.2#${TLSPORT} successful" ns3/named.run >/dev/null || ret=1
+  grep "zone tls-x2/IN: notify to 10.53.0.2#${EXTRAPORT1} successful" ns3/named.run >/dev/null || ret=1
+  grep "zone tls-x3/IN: notify to 10.53.0.2#${EXTRAPORT1} successful" ns3/named.run >/dev/null || ret=1
+  grep "zone tls-x5/IN: notify to 10.53.0.2#${EXTRAPORT3} successful" ns3/named.run >/dev/null || ret=1
+  test_end
 
-test_start "checking notify over TLS failed"
-grep "zone tls-x4/IN: notify to 10.53.0.2#${EXTRAPORT1} failed: TLS peer certificate verification failed" ns3/named.run >/dev/null || ret=1
-grep "zone tls-x6/IN: notify to 10.53.0.2#${EXTRAPORT4} failed: TLS peer certificate verification failed" ns3/named.run >/dev/null || ret=1
-test_end
+  test_start "checking notify over TLS failed"
+  grep "zone tls-x4/IN: notify to 10.53.0.2#${EXTRAPORT1} failed: TLS peer certificate verification failed" ns3/named.run >/dev/null || ret=1
+  grep "zone tls-x6/IN: notify to 10.53.0.2#${EXTRAPORT4} failed: TLS peer certificate verification failed" ns3/named.run >/dev/null || ret=1
+  test_end
+fi
 
 test_start "checking example2 loaded"
 dig_plus_opts a.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1