Add a test for RSA key exchange with both RSA and RSA-PSS certs

Check that we use an RSA certificate if an RSA key exchange ciphersuite is being used and we have both RSA and RSA-PSS certificates configured. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7099)
2018-09-03 16:29:35 +01:00 · 2018-09-03 16:29:35 +01:00 · b2c4909c20
commit b2c4909c20
parent b8fef8ee92
2 changed files with 365 additions and 282 deletions
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -36,6 +36,13 @@ my $server_pss_only = {
    "PrivateKey" => test_pem("server-pss-key.pem"),
 };

+my $server_rsa_all = {
+    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
+    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
+    "Certificate" => test_pem("servercert.pem"),
+    "PrivateKey" => test_pem("serverkey.pem"),
+};
+
 our @tests = (
    {
        name => "ECDSA CipherString Selection",
@ -360,6 +367,29 @@ our @tests = (
            "ExpectedResult" => "ServerFail"
        },
    },
+    {
+        name => "RSA key exchange with all RSA certificate types",
+        server => $server_rsa_all,
+        client => {
+            "CipherString" => "kRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA key exchange with only RSA-PSS certificate",
+        server => $server_pss_only,
+        client => {
+            "CipherString" => "kRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
    {
        name => "Suite B P-256 Hash Algorithm Selection",
        server =>  {