# Negative test: client trusts an unrelated CA (not the SLH-DSA root used to
# sign the server's chain), so the SLH-DSA root signature on the server's
# certificate path must not chain to a trusted issuer and the handshake
# must fail. Run with `expFail` so the harness expects each scenario here
# to fail rather than succeed.

# server TLSv1.3 — serves chain rooted at SLH-DSA-SHAKE-128s
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-shake.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-d
-x

# client TLSv1.3 — trusts an unrelated RSA CA, must reject the server chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem