diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-01-02 13:21:49 +0100 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-01-09 05:56:52 +0100 |
| commit | 86eecda9a9719ce4c72f80159741ccf588487bc7 (patch) | |
| tree | fc6c05bf8a9ee8f5ff760c5d8d0b6737e478c456 /tests | |
| parent | 62d1d56f5d0531027dac9be07df39f38c5619373 (diff) | |
| download | gnutls-86eecda9a9719ce4c72f80159741ccf588487bc7.tar.gz | |
tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2
This extends commit 51d21634 to cover the optional TLS 1.2 cases,
which RFC 8446 4.2.3 suggests: "Implementations that advertise support
for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
accept a signature using that scheme even when TLS 1.2 is negotiated".
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-cert.json | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json index f9de174699..c2b28c5569 100644 --- a/tests/suite/tls-fuzzer/gnutls-cert.json +++ b/tests/suite/tls-fuzzer/gnutls-cert.json @@ -37,13 +37,11 @@ "-p", "@PORT@"] }, {"name" : "test-rsa-pss-sigs-on-certificate-verify.py", - "comment" : "FIXME: We shouldn't allow rsa_pss_pss* schemes as there is only RSA key #645", + "comment": "tlsfuzzer doesn't know ed25519 scheme which we advertise", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", "-e", "check CertificateRequest sigalgs", - "-e", "rsa_pss_pss_sha256 in CertificateVerify with rsa key", - "-e", "rsa_pss_pss_sha384 in CertificateVerify with rsa key", - "-e", "rsa_pss_pss_sha512 in CertificateVerify with rsa key", + "--illegpar", "-n", "100", "-p", "@PORT@"] }, |