From b55c2ecf1e938132524f2bc079ec1ba3734b0383 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 May 2016 11:25:32 -0400
Subject: [PATCH] Add a PKINIT test using RSA

In t_pkinit.py, add a simple PKINIT test using RSA encryption instead
of a Diffie-Hellman exchange.
---
 src/tests/t_pkinit.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py
index f0214b6529..526473b429 100755
--- a/src/tests/t_pkinit.py
+++ b/src/tests/t_pkinit.py
@@ -111,6 +111,12 @@ realm.kinit(realm.user_princ,
 realm.klist(realm.user_princ)
 realm.run([kvno, realm.host_princ])
 
+# Try again using RSA instead of DH.
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % file_identity,
+                   '-X', 'flag_RSA_PROTOCOL=yes'])
+realm.klist(realm.user_princ)
+
 # Run the basic test - PKINIT with FILE: identity, with a password on the key,
 # supplied by the prompter.
 # Expect failure if the responder does nothing, and we have no prompter.
-- 
2.47.2