1 files changed, 22 insertions, 0 deletions

diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index 482b26531..d983fd7db 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -955,6 +955,7 @@ Test::Result test_usage(const Botan::Private_Key& ca_key,
                         const std::string& hash_fn = "SHA-256")
    {
    using Botan::Key_Constraints;
+   using Botan::Usage_Type;
 
    Test::Result result("X509 Usage");
 
@@ -1027,6 +1028,27 @@ Test::Result test_usage(const Botan::Private_Key& ca_key,
    result.confirm("key usage digitalSignature allowed", no_usage_cert.allowed_usage(Key_Constraints::DIGITAL_SIGNATURE));
    result.confirm("key usage cRLSign allowed", no_usage_cert.allowed_usage(Key_Constraints::CRL_SIGN));
 
+   if (sig_algo == "RSA")
+      {
+      // cert allows data encryption
+       opts.constraints = Key_Constraints(Key_Constraints::KEY_ENCIPHERMENT | Key_Constraints::DATA_ENCIPHERMENT);
+
+      const Botan::PKCS10_Request enc_req = Botan::X509::create_cert_req(
+               opts,
+               *user1_key,
+               hash_fn,
+               Test::rng());
+
+      const Botan::X509_Certificate enc_cert = ca.sign_request(
+               enc_req,
+               Test::rng(),
+               from_date(-1, 01, 01),
+               from_date(2, 01, 01));
+
+      result.confirm("cert allows encryption", enc_cert.allowed_usage(Usage_Type::ENCRYPTION));
+      result.confirm("cert does not allow TLS client auth", !enc_cert.allowed_usage(Usage_Type::TLS_CLIENT_AUTH));
+      }
+
    return result;
    }