From 2229d9cb13b85bd2d8f8fdc9e2bcae7fa6fe496e Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 15 Apr 2024 11:11:25 -0400
Subject: [PATCH] Apply keycmp workaroud only for non-private keys

This allow to use private URIs w/o interference.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 tests/tcmpkeys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/tcmpkeys.c b/tests/tcmpkeys.c
index cee66977..ac338485 100644
--- a/tests/tcmpkeys.c
+++ b/tests/tcmpkeys.c
@@ -44,7 +44,7 @@ static EVP_PKEY *load_key(const char *uri)
         exit(EXIT_FAILURE);
     }
 
-    if (strncmp(uri, "pkcs11:", 7)) {
+    if (strncmp(uri, "pkcs11:", 7) && strstr(uri, "type=private") == NULL) {
         /* This is a workaround for OpenSSL < 3.2.0 where the code fails
          * to correctly source public keys unless explicitly requested
          * via an expect hint */