This extends the existing system-override-curves-allowlist to also attempt key generation in addition to connecting with TLS. The primary goal was to test gnutls_ecc_curve_set_enabled. The test doesn't stop at get_id failing and passes curve values to privkey_generate anyway, expecting it to fail as well. The subsequent blocking seems incidental (e.g., most blocking here relies on a looping gnutls_ecc_curve_get_pk returning GNUTLS_PK_UNKNOWN and GNUTLS_PK_UNKNOWN not matching the requested pk), but let's start small.
Checklist
-
Commits have Signed-off-by:with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md -
This feature/change has adequate documentation added -
No obvious mistakes in the code