Fallback to TLS 1.2 when incompatible with signature certs are provided

This only takes into account certificates in the credentials structure.
If certificates are provided in a callback, these must be checked by
the provider. For that we assume that the credentials structure is
filled when associated with a session; if not then the fallback mechanism
will not work and the handshake will fail.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/tests/tls13-cert-key-exchange.c b/tests/tls13-cert-key-exchange.c
index 066c7d2fb0..3a214f9ad1 100644
--- a/tests/tls13-cert-key-exchange.c
+++ b/tests/tls13-cert-key-exchange.c
@@ -143,6 +143,11 @@ void doit(void)
 			GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN,
 			&server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL);
 
+	try_with_key_fail("TLS 1.3 and TLS 1.2 with rsa encryption cert",
+			"NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2",
+			GNUTLS_E_SUCCESS, GNUTLS_E_SUCCESS,
+			&server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL);
+
 	try_with_key_fail("TLS 1.3 with (forced) rsa encryption cert - client should detect",
 			"NORMAL:-VERS-ALL:+VERS-TLS1.3:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS",
 			GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION,
@@ -150,7 +155,7 @@ void doit(void)
 
 	try_with_key_fail("TLS 1.3 with client rsa encryption cert",
 			"NORMAL:-VERS-ALL:+VERS-TLS1.3",
-			GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION,
+			GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_CREDENTIALS,
 			&server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key);
 
 	try_with_key_fail("TLS 1.3 with (forced) client rsa encryption cert - server should detect",