From f5e832e2e2aa553cfd56cf68320d73c9afc49c14 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 26 Nov 2024 17:08:36 -0500
Subject: [PATCH] Handle certool need for der encoded CKA_EC_POINT

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 tests/kryoptic-init.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/kryoptic-init.sh b/tests/kryoptic-init.sh
index ecff6ae1..346ecd0f 100755
--- a/tests/kryoptic-init.sh
+++ b/tests/kryoptic-init.sh
@@ -42,3 +42,7 @@ pkcs11-tool --module "${P11LIB}" --so-pin "${PINVALUE}" \
 export TOKENCONFIGVARS="export KRYOPTIC_CONF=$TOKDIR/kryoptic.sql"
 
 export TESTPORT="34000"
+
+# Older versions of certtool do not support non-DER encoded CKA_EC_POINT
+# so set the kryoptic env var to enforce compatibility for the setup phase
+export KRYOPTIC_EC_POINT_ENCODING="DER"