From 530142b2a1b969df0a21701713fb9c203aa85206 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 26 Aug 2022 19:39:51 +1000
Subject: [PATCH] dnssec: check that dnssec-signzone -F work with allowed
 algorithm

---
 bin/tests/system/dnssec/tests.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 5107a66915..b14fcc5331 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1426,6 +1426,24 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 
+echo_ic "check that dnssec-signzone -F works with allowed algorithm ($n)"
+ret=0
+if $FEATURETEST --fips-provider
+then
+    (
+	cd signer/general || exit 1
+	rm -f signed.zone
+	$SIGNER -F -f signed.zone -o example.com. test1.zone > signer.out.$n
+	test -f signed.zone
+    ) || ret=1
+else
+    echo_i "skipped no FIPS provider available"
+fi
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
+
 echo_ic "check that dnssec-signzone rejects excessive NSEC3 iterations ($n)"
 ret=0
 (