From 86d5c56950489bc8469f73602d793ef48af6419a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Mon, 29 Apr 2019 19:03:55 +0200
Subject: server auth: disable TLS 1.3 if no signature algorithm is usable

This is a server side counterpart of
005a4d04145707daad9588acedfdb5f6cd97c80c.

Instead of signalling an error when no algorithm is usable in TLS 1.3,
it downgrades the session to TLS 1.2 with a warning.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 tests/Makefile.am | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'tests/Makefile.am')

diff --git a/tests/Makefile.am b/tests/Makefile.am
index eb65e94858..9643a93265 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -453,9 +453,11 @@ tls13_anti_replay_CPPFLAGS = $(AM_CPPFLAGS) \
 
 if ENABLE_PKCS11
 if !WINDOWS
-ctests += tls13/post-handshake-with-cert-pkcs11
+ctests += tls13/post-handshake-with-cert-pkcs11 pkcs11/tls-neg-pkcs11-no-key
 tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES = libpkcs11mock2.la libutils.la
 tls13_post_handshake_with_cert_pkcs11_LDADD = $(LDADD) $(LIBDL)
+pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES = libpkcs11mock2.la libutils.la
+pkcs11_tls_neg_pkcs11_no_key_LDADD = $(LDADD) $(LIBDL)
 endif
 endif
 
-- 
cgit v1.2.1