1 files changed, 31 insertions, 3 deletions

diff --git a/tests/tls12-server-kx-neg.c b/tests/tls12-server-kx-neg.c
index 3de87becff..009f2d8d74 100644
--- a/tests/tls12-server-kx-neg.c
+++ b/tests/tls12-server-kx-neg.c
@@ -54,7 +54,7 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
-		.name = "TLS 1.2 ANON-DH with cred and DH params",
+		.name = "TLS 1.2 ANON-DH with cred and DH params (level)",
 		.server_ret = 0,
 		.client_ret = 0,
 		.have_anon_cred = 1,
@@ -63,6 +63,15 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
+		.name = "TLS 1.2 ANON-DH with cred and DH params (explicit)",
+		.server_ret = 0,
+		.client_ret = 0,
+		.have_anon_cred = 1,
+		.have_anon_exp_dh_params = 1,
+		.server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2"
+	},
+	{
 		.name = "TLS 1.2 DHE-RSA without cred",
 		.client_ret = GNUTLS_E_AGAIN,
 		.server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS,
@@ -107,7 +116,7 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
-		.name = "TLS 1.2 DHE-RSA with cred and cert and DH params",
+		.name = "TLS 1.2 DHE-RSA with cred and cert and DH params (level)",
 		.client_ret = 0,
 		.server_ret = 0,
 		.have_cert_cred = 1,
@@ -117,6 +126,16 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
+		.name = "TLS 1.2 DHE-RSA with cred and cert and DH params (explicit)",
+		.client_ret = 0,
+		.server_ret = 0,
+		.have_cert_cred = 1,
+		.have_rsa_sign_cert = 1,
+		.have_cert_exp_dh_params = 1,
+		.server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2"
+	},
+	{
 		.name = "TLS 1.2 DHE-RSA with cred and multiple certs and DH params",
 		.client_ret = 0,
 		.server_ret = 0,
@@ -144,7 +163,7 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
-		.name = "TLS 1.2 DHE-PSK with cred DH params",
+		.name = "TLS 1.2 DHE-PSK with cred and DH params (level)",
 		.client_ret = 0,
 		.server_ret = 0,
 		.have_psk_cred = 1,
@@ -153,6 +172,15 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
+		.name = "TLS 1.2 DHE-PSK with cred and DH params (explicit)",
+		.client_ret = 0,
+		.server_ret = 0,
+		.have_psk_cred = 1,
+		.have_psk_exp_dh_params = 1,
+		.server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2"
+	},
+	{
 		.name = "TLS 1.2 ECDHE-RSA without cred",
 		.client_ret = GNUTLS_E_AGAIN,
 		.server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS,