From 76abbde849bf7dea07676e9ee9a4d84b0a0b0f79 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Mon, 4 May 2026 14:00:05 +0200
Subject: [PATCH] test_ssl.rb: Fix key numbering in test_pqc_sigalg

* Align key numbers with the pattern in test/openssl/utils.rb setup: rsa-1 for
  certificate (CA), rsa-2 for server, rsa-3 for client.
* Use mldsa65-1 for certificate and mldsa65-2 for server.
* Use rsa-2 for server, because rsa-1 is already used for certificate (@ca_key,
  @ca_cert).

Assisted-by: Claude Code
---
 test/openssl/test_ssl.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index e4fd58107..d1357973a 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -2101,13 +2101,13 @@ def test_pqc_sigalg
     # PQC algorithm ML-DSA (FIPS 204) is supported on OpenSSL 3.5 or later.
     return unless openssl?(3, 5, 0)
 
-    mldsa = Fixtures.pkey("mldsa65-1")
-    mldsa_ca_key  = Fixtures.pkey("mldsa65-2")
+    mldsa = Fixtures.pkey("mldsa65-2")
+    mldsa_ca_key  = Fixtures.pkey("mldsa65-1")
     mldsa_ca_cert = issue_cert(@ca, mldsa_ca_key, 1, @ca_exts, nil, nil,
                                digest: nil)
     mldsa_cert = issue_cert(@svr, mldsa, 60, [], mldsa_ca_cert, mldsa_ca_key,
                             digest: nil)
-    rsa = Fixtures.pkey("rsa-1")
+    rsa = Fixtures.pkey("rsa-2")
     rsa_cert = issue_cert(@svr, rsa, 61, [], @ca_cert, @ca_key)
     ctx_proc = -> ctx {
       # Unset values set by start_server