Require RSA when using server1* key or certificate Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e32a69..b40e322 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh
@@ -477,9 +477,15 @@ esac case "$CMD_LINE" in + */server1*|\ */server2*|\ */server7*) - # server2 and server7 certificates use RSA encryption + # Certificates with an RSA key. The algorithm requirement is + # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, + # PSS signature}. We can't easily tell which subset works, and + # we aren't currently running ssl-opt.sh in configurations + # where partial RSA support is a problem, so generically, we + # just require RSA and it works out for our tests so far. requires_config_enabled "MBEDTLS_RSA_C" esac