Remove the DSA signature test, as it can fail in certain

OpenSSL 3 with the FIPS 140-3 module, as the module will not
generate keys with a "q" size that is representable in DNSSEC.

diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py
index 098af693718b425fd5274c1c8c9c142bdf6db7ab..f52f98040587fd493e6250b7419c88bf677a85f0 100644 (file)
--- a/tests/test_dnssec.py
+++ b/tests/test_dnssec.py
@@ -776,13 +776,13 @@ class DNSSECValidatorTestCase(unittest.TestCase):
 
         # Pass keys as a name->node dict, not a name->rrset dict
         keys = {}
-        for (name, key_rrset) in abs_keys.items():
+        for name, key_rrset in abs_keys.items():
             keys[name] = dns.node.Node()
             keys[name].rdatasets.append(key_rrset.to_rdataset())
         dns.dnssec.validate(abs_soa, abs_soa_rrsig, keys, None, when)
         # test key not found.
         keys = {}
-        for (name, key_rrset) in abs_keys.items():
+        for name, key_rrset in abs_keys.items():
             keys[name] = dns.node.Node()
         with self.assertRaises(dns.dnssec.ValidationFailure):
             dns.dnssec.validate(abs_soa, abs_soa_rrsig, keys, None, when)
@@ -1186,12 +1186,6 @@ class DNSSECSignatureTestCase(unittest.TestCase):
         )
         self._test_signature(key, dns.dnssec.Algorithm.RSASHA256, abs_soa)
 
-    def testSignatureDSA(self):  # type: () -> None
-        key = dsa.generate_private_key(key_size=1024)
-        self._test_signature(
-            key, dns.dnssec.Algorithm.DSA, abs_soa, policy=dns.dnssec.allow_all_policy
-        )
-
     def testSignatureECDSAP256SHA256(self):  # type: () -> None
         key = ec.generate_private_key(curve=ec.SECP256R1, backend=default_backend())
         self._test_signature(key, dns.dnssec.Algorithm.ECDSAP256SHA256, abs_soa)