From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 May 2016 15:25:32 +0000 (-0400)
Subject: Add a PKINIT test using RSA
X-Git-Tag: krb5-1.15-beta1~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b55c2ecf1e938132524f2bc079ec1ba3734b0383;p=thirdparty%2Fkrb5.git

Add a PKINIT test using RSA

In t_pkinit.py, add a simple PKINIT test using RSA encryption instead
of a Diffie-Hellman exchange.
---

diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py
index f0214b6529..526473b429 100755
--- a/src/tests/t_pkinit.py
+++ b/src/tests/t_pkinit.py
@@ -111,6 +111,12 @@ realm.kinit(realm.user_princ,
 realm.klist(realm.user_princ)
 realm.run([kvno, realm.host_princ])
 
+# Try again using RSA instead of DH.
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % file_identity,
+                   '-X', 'flag_RSA_PROTOCOL=yes'])
+realm.klist(realm.user_princ)
+
 # Run the basic test - PKINIT with FILE: identity, with a password on the key,
 # supplied by the prompter.
 # Expect failure if the responder does nothing, and we have no prompter.