Add a test for RSA key exchange with both RSA and RSA-PSS certs

[openssl.git] / test / ssl-tests / 20-cert-select.conf.in

diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 51a158dc49ebff6798b1d8569c709d077c0544d3..2038bdf23fdc5ee8b655764395cea97f5cd4665f 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -36,6 +36,13 @@ my $server_pss_only = {
     "PrivateKey" => test_pem("server-pss-key.pem"),
 };
 
+my $server_rsa_all = {
+    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
+    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
+    "Certificate" => test_pem("servercert.pem"),
+    "PrivateKey" => test_pem("serverkey.pem"),
+};
+
 our @tests = (
     {
         name => "ECDSA CipherString Selection",
@@ -360,6 +367,29 @@ our @tests = (
             "ExpectedResult" => "ServerFail"
         },
     },
+    {
+        name => "RSA key exchange with all RSA certificate types",
+        server => $server_rsa_all,
+        client => {
+            "CipherString" => "kRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA key exchange with only RSA-PSS certificate",
+        server => $server_pss_only,
+        client => {
+            "CipherString" => "kRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
     {
         name => "Suite B P-256 Hash Algorithm Selection",
         server =>  {