From: Bob Halley Date: Tue, 7 Mar 2023 15:20:46 +0000 (-0800) Subject: Remove the DSA signature test, as it can fail in certain X-Git-Tag: v2.4.0rc1~54 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=98b12e9e43847dac615bb690355d2fabaff969d2;p=thirdparty%2Fdnspython.git Remove the DSA signature test, as it can fail in certain OpenSSL 3 with the FIPS 140-3 module, as the module will not generate keys with a "q" size that is representable in DNSSEC. --- diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py index 098af693..f52f9804 100644 --- a/tests/test_dnssec.py +++ b/tests/test_dnssec.py @@ -776,13 +776,13 @@ class DNSSECValidatorTestCase(unittest.TestCase): # Pass keys as a name->node dict, not a name->rrset dict keys = {} - for (name, key_rrset) in abs_keys.items(): + for name, key_rrset in abs_keys.items(): keys[name] = dns.node.Node() keys[name].rdatasets.append(key_rrset.to_rdataset()) dns.dnssec.validate(abs_soa, abs_soa_rrsig, keys, None, when) # test key not found. keys = {} - for (name, key_rrset) in abs_keys.items(): + for name, key_rrset in abs_keys.items(): keys[name] = dns.node.Node() with self.assertRaises(dns.dnssec.ValidationFailure): dns.dnssec.validate(abs_soa, abs_soa_rrsig, keys, None, when) @@ -1186,12 +1186,6 @@ class DNSSECSignatureTestCase(unittest.TestCase): ) self._test_signature(key, dns.dnssec.Algorithm.RSASHA256, abs_soa) - def testSignatureDSA(self): # type: () -> None - key = dsa.generate_private_key(key_size=1024) - self._test_signature( - key, dns.dnssec.Algorithm.DSA, abs_soa, policy=dns.dnssec.allow_all_policy - ) - def testSignatureECDSAP256SHA256(self): # type: () -> None key = ec.generate_private_key(curve=ec.SECP256R1, backend=default_backend()) self._test_signature(key, dns.dnssec.Algorithm.ECDSAP256SHA256, abs_soa)