Commit b2c4909c authored by Matt Caswell's avatar Matt Caswell
Browse files

Add a test for RSA key exchange with both RSA and RSA-PSS certs 



Check that we use an RSA certificate if an RSA key exchange ciphersuite
is being used and we have both RSA and RSA-PSS certificates configured.

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7099)
parent b8fef8ee

test/ssl-tests/20-cert-select.conf

+279 −226

File changed.

Preview size limit exceeded, changes collapsed.

test/ssl-tests/20-cert-select.conf.in

+30 −0
Original line number Diff line number Diff line
@@ -36,6 +36,13 @@ my $server_pss_only = { 
    "PrivateKey" => test_pem("server-pss-key.pem"),

};



my $server_rsa_all = {

    "PSS.Certificate" => test_pem("server-pss-cert.pem"),

    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),

    "Certificate" => test_pem("servercert.pem"),

    "PrivateKey" => test_pem("serverkey.pem"),

};



our @tests = (

    {

        name => "ECDSA CipherString Selection",
@@ -360,6 +367,29 @@ our @tests = ( 
            "ExpectedResult" => "ServerFail"

        },

    },

    {

        name => "RSA key exchange with all RSA certificate types",

        server => $server_rsa_all,

        client => {

            "CipherString" => "kRSA",

            "MaxProtocol" => "TLSv1.2",

        },

        test   => {

            "ExpectedServerCertType" =>, "RSA",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "RSA key exchange with only RSA-PSS certificate",

        server => $server_pss_only,

        client => {

            "CipherString" => "kRSA",

            "MaxProtocol" => "TLSv1.2",

        },

        test   => {

            "ExpectedResult" => "ServerFail"

        },

    },

    {

        name => "Suite B P-256 Hash Algorithm Selection",

        server =>  {