Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves

(cherry picked from commit 9d979d7cd6)
2020-04-17 10:58:46 +02:00
parent fb21f7d0e6
commit dc51f720b9
6 changed files with 17 additions and 0 deletions
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3230,6 +3230,15 @@ do
 	1|5|7|8|10) # RSA algorithms
 	    key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
 	    ;;
+	15|16)
+	    key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
+	    # Soft-fail	in case HSM doesn't support Edwards curves
+	    if grep "not found" keygen.err > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
+		echo_i "Algorithm $alg not supported by HSM: skipping"
+		alg=$((alg+1))
+		continue
+	    fi
+	    ;;
 	*)
 	    key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
    esac