1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/iopr/ssl_iopr.sh Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,643 @@
1.4 +#! /bin/bash
1.5 +#
1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.9 +
1.10 +########################################################################
1.11 +#
1.12 +# mozilla/security/nss/tests/iopr/ssl_iopr.sh
1.13 +#
1.14 +# NSS SSL interoperability QA. This file is included from ssl.sh
1.15 +#
1.16 +# needs to work on all Unix and Windows platforms
1.17 +#
1.18 +# special strings
1.19 +# ---------------
1.20 +# FIXME ... known problems, search for this string
1.21 +# NOTE .... unexpected behavior
1.22 +########################################################################
1.23 +IOPR_SSL_SOURCED=1
1.24 +
1.25 +########################################################################
1.26 +# The functions works with variables defined in interoperability
1.27 +# configuration file that was downloaded from a webserver.
1.28 +# It tries to find unrevoked cert based on value of variable
1.29 +# "SslClntValidCertName" defined in the configuration file.
1.30 +# Params NONE.
1.31 +# Returns 0 if found, 1 otherwise.
1.32 +#
1.33 +setValidCert() {
1.34 + testUser=$SslClntValidCertName
1.35 + [ -z "$testUser" ] && return 1
1.36 + return 0
1.37 +}
1.38 +
1.39 +########################################################################
1.40 +# The funtions works with variables defined in interoperability
1.41 +# configuration file that was downloaded from a webserver.
1.42 +# The function sets port, url, param and description test parameters
1.43 +# that was defind for a particular type of testing.
1.44 +# Params:
1.45 +# $1 - supported types of testing. Currently have maximum
1.46 +# of two: forward and reverse. But more can be defined.
1.47 +# No return value
1.48 +#
1.49 +setTestParam() {
1.50 + type=$1
1.51 + sslPort=`eval 'echo $'${type}Port`
1.52 + sslUrl=`eval 'echo $'${type}Url`
1.53 + testParam=`eval 'echo $'${type}Param`
1.54 + testDescription=`eval 'echo $'${type}Descr`
1.55 + [ -z "$sslPort" ] && sslPort=443
1.56 + [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
1.57 + [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
1.58 +}
1.59 +
1.60 +
1.61 +#######################################################################
1.62 +# local shell function to perform SSL Cipher Suite Coverage tests
1.63 +# in interoperability mode. Tests run against web server by using nss
1.64 +# test client
1.65 +# Params:
1.66 +# $1 - supported type of testing.
1.67 +# $2 - testing host
1.68 +# $3 - nss db location
1.69 +# No return value
1.70 +#
1.71 +ssl_iopr_cov_ext_server()
1.72 +{
1.73 + testType=$1
1.74 + host=$2
1.75 + dbDir=$3
1.76 +
1.77 + setTestParam $testType
1.78 + if [ "`echo $testParam | grep NOCOV`" != "" ]; then
1.79 + echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
1.80 + "run by server configuration"
1.81 + return 0
1.82 + fi
1.83 +
1.84 + html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
1.85 + "$BYPASS_STRING $NORM_EXT): $testDescription"
1.86 +
1.87 + setValidCert; ret=$?
1.88 + if [ $ret -ne 0 ]; then
1.89 + html_failed "Fail to find valid test cert(ws: $host)"
1.90 + return $ret
1.91 + fi
1.92 +
1.93 + SSL_REQ_FILE=${TMP}/sslreq.dat.$$
1.94 + echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
1.95 + echo >> $SSL_REQ_FILE
1.96 +
1.97 + while read ecc tls param testname therest; do
1.98 + [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
1.99 + "$ecc" = "ECC" ] && continue;
1.100 +
1.101 + echo "$SCRIPTNAME: running $testname ----------------------------"
1.102 + TLS_FLAG=-T
1.103 + if [ "$tls" = "TLS" ]; then
1.104 + TLS_FLAG=""
1.105 + fi
1.106 +
1.107 + resFile=${TMP}/$HOST.tmpRes.$$
1.108 + rm $resFile 2>/dev/null
1.109 +
1.110 + echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
1.111 + echo " -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\"
1.112 + echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
1.113 +
1.114 + ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \
1.115 + ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \
1.116 + -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1
1.117 + ret=$?
1.118 + grep "ACCESS=OK" $resFile
1.119 + test $? -eq 0 -a $ret -eq 0
1.120 + ret=$?
1.121 + [ $ret -ne 0 ] && cat $resFile
1.122 + rm -f $resFile 2>/dev/null
1.123 + html_msg $ret 0 "${testname}"
1.124 + done < ${SSLCOV}
1.125 + rm -f $SSL_REQ_FILE 2>/dev/null
1.126 +
1.127 + html "</TABLE><BR>"
1.128 +}
1.129 +
1.130 +#######################################################################
1.131 +# local shell function to perform SSL Client Authentication tests
1.132 +# in interoperability mode. Tests run against web server by using nss
1.133 +# test client
1.134 +# Params:
1.135 +# $1 - supported type of testing.
1.136 +# $2 - testing host
1.137 +# $3 - nss db location
1.138 +# No return value
1.139 +#
1.140 +ssl_iopr_auth_ext_server()
1.141 +{
1.142 + testType=$1
1.143 + host=$2
1.144 + dbDir=$3
1.145 +
1.146 + setTestParam $testType
1.147 + if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
1.148 + echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
1.149 + "run by server configuration"
1.150 + return 0
1.151 + fi
1.152 +
1.153 + html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
1.154 + $testDescription"
1.155 +
1.156 + setValidCert;ret=$?
1.157 + if [ $ret -ne 0 ]; then
1.158 + html_failed "Fail to find valid test cert(ws: $host)"
1.159 + return $ret
1.160 + fi
1.161 +
1.162 + SSL_REQ_FILE=${TMP}/sslreq.dat.$$
1.163 + echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
1.164 + echo >> $SSL_REQ_FILE
1.165 +
1.166 + SSLAUTH_TMP=${TMP}/authin.tl.tmp
1.167 + grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}
1.168 +
1.169 + while read ecc value sparam cparam testname; do
1.170 + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
1.171 +
1.172 + cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
1.173 +
1.174 + echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
1.175 + echo " -d ${dbDir} -v < ${SSL_REQ_FILE}"
1.176 +
1.177 + resFile=${TMP}/$HOST.tmp.$$
1.178 + rm $rsFile 2>/dev/null
1.179 +
1.180 + ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
1.181 + -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile 2>&1
1.182 + ret=$?
1.183 + grep "ACCESS=OK" $resFile
1.184 + test $? -eq 0 -a $ret -eq 0
1.185 + ret=$?
1.186 + [ $ret -ne 0 ] && cat $resFile
1.187 + rm $resFile 2>/dev/null
1.188 +
1.189 + html_msg $ret $value "${testname}. Client params: $cparam"\
1.190 + "produced a returncode of $ret, expected is $value"
1.191 + done < ${SSLAUTH_TMP}
1.192 + rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
1.193 +
1.194 + html "</TABLE><BR>"
1.195 +}
1.196 +
1.197 +########################################################################
1.198 +# local shell function to perform SSL interoperability test with/out
1.199 +# revoked certs tests. Tests run against web server by using nss
1.200 +# test client
1.201 +# Params:
1.202 +# $1 - supported type of testing.
1.203 +# $2 - testing host
1.204 +# $3 - nss db location
1.205 +# No return value
1.206 +#
1.207 +ssl_iopr_crl_ext_server()
1.208 +{
1.209 + testType=$1
1.210 + host=$2
1.211 + dbDir=$3
1.212 +
1.213 + setTestParam $testType
1.214 + if [ "`echo $testParam | grep NOCRL`" != "" ]; then
1.215 + echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
1.216 + "run by server configuration"
1.217 + return 0
1.218 + fi
1.219 +
1.220 + html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
1.221 +
1.222 + SSL_REQ_FILE=${TMP}/sslreq.dat.$$
1.223 + echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
1.224 + echo >> $SSL_REQ_FILE
1.225 +
1.226 + SSLAUTH_TMP=${TMP}/authin.tl.tmp
1.227 + grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
1.228 + grep -v none > ${SSLAUTH_TMP}
1.229 +
1.230 + while read ecc value sparam _cparam testname; do
1.231 + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
1.232 +
1.233 + rev_modvalue=254
1.234 + for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
1.235 + cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
1.236 +
1.237 + echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
1.238 + echo " -f -d ${dbDir} -v ${cparam} < ${SSL_REQ_FILE}"
1.239 + resFile=${TMP}/$HOST.tmp.$$
1.240 + rm -f $resFile 2>/dev/null
1.241 + ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
1.242 + -d ${dbDir} -v < ${SSL_REQ_FILE} \
1.243 + > $resFile 2>&1
1.244 + ret=$?
1.245 + grep "ACCESS=OK" $resFile
1.246 + test $? -eq 0 -a $ret -eq 0
1.247 + ret=$?
1.248 + [ $ret -ne 0 ] && ret=$rev_modvalue;
1.249 + [ $ret -ne 0 ] && cat $resFile
1.250 + rm -f $resFile 2>/dev/null
1.251 +
1.252 + if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
1.253 + modvalue=$rev_modvalue
1.254 + testAddMsg="revoked"
1.255 + else
1.256 + testAddMsg="not revoked"
1.257 + modvalue=$value
1.258 + fi
1.259 + html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
1.260 + "produced a returncode of $ret, expected is $modvalue"
1.261 + done
1.262 + done < ${SSLAUTH_TMP}
1.263 + rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
1.264 +
1.265 + html "</TABLE><BR>"
1.266 +}
1.267 +
1.268 +
1.269 +########################################################################
1.270 +# local shell function to perform SSL Cipher Coverage tests of nss server
1.271 +# by invoking remote test client on web server side.
1.272 +# Invoked only if reverse testing is supported by web server.
1.273 +# Params:
1.274 +# $1 - remote web server host
1.275 +# $2 - open port to connect to invoke CGI script
1.276 +# $3 - host where selfserv is running(name of the host nss tests
1.277 +# are running)
1.278 +# $4 - port where selfserv is running
1.279 +# $5 - selfserv nss db location
1.280 +# No return value
1.281 +#
1.282 +ssl_iopr_cov_ext_client()
1.283 +{
1.284 + host=$1
1.285 + port=$2
1.286 + sslHost=$3
1.287 + sslPort=$4
1.288 + serDbDir=$5
1.289 +
1.290 + html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
1.291 +
1.292 + setValidCert
1.293 + ret=$?
1.294 + if [ $res -ne 0 ]; then
1.295 + html_failed "Fail to find valid test cert(ws: $host)"
1.296 + return $ret
1.297 + fi
1.298 +
1.299 + # P_R_SERVERDIR switch require for selfserv to work.
1.300 + # Will be restored after test
1.301 + OR_P_R_SERVERDIR=$P_R_SERVERDIR
1.302 + P_R_SERVERDIR=$serDbDir
1.303 + OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
1.304 + P_R_CLIENTDIR=$serDbDir
1.305 + testname=""
1.306 + sparam="-vvvc ABCDEFcdefgijklmnvyz"
1.307 + # Launch the server
1.308 + start_selfserv
1.309 +
1.310 + while read ecc tls param cipher therest; do
1.311 + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
1.312 + echo "============= Beginning of the test ===================="
1.313 + echo
1.314 +
1.315 + is_selfserv_alive
1.316 +
1.317 + TEST_IN=${TMP}/${HOST}_IN.tmp.$$
1.318 + TEST_OUT=${TMP}/$HOST.tmp.$$
1.319 + rm -f $TEST_IN $TEST_OUT 2>/dev/null
1.320 +
1.321 + echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
1.322 + echo >> $TEST_IN
1.323 +
1.324 + echo "------- Request ----------------------"
1.325 + cat $TEST_IN
1.326 + echo "------- Command ----------------------"
1.327 + echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
1.328 + -h $host \< $TEST_IN \>\> $TEST_OUT
1.329 +
1.330 + ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
1.331 + -h $host <$TEST_IN > $TEST_OUT
1.332 +
1.333 + echo "------- Server output Begin ----------"
1.334 + cat $TEST_OUT
1.335 + echo "------- Server output End ----------"
1.336 +
1.337 + echo "Checking for errors in log file..."
1.338 + grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
1.339 + if [ $? -eq 0 ]; then
1.340 + grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
1.341 + if [ $? -eq 0 ]; then
1.342 + echo "Skiping test: no support for the cipher $cipher on server side"
1.343 + continue
1.344 + fi
1.345 +
1.346 + grep -i "SERVER ERROR:" $TEST_OUT
1.347 + ret=$?
1.348 + if [ $ret -eq 0 ]; then
1.349 + echo "Found problems. Reseting exit code to failure."
1.350 +
1.351 + ret=1
1.352 + else
1.353 + ret=0
1.354 + fi
1.355 + else
1.356 + echo "Script was not executed. Reseting exit code to failure."
1.357 + ret=11
1.358 + fi
1.359 +
1.360 + html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
1.361 + " produced a returncode of $ret, expected is 0"
1.362 + rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
1.363 + done < ${SSLCOV}
1.364 + kill_selfserv
1.365 +
1.366 + P_R_SERVERDIR=$OR_P_R_SERVERDIR
1.367 + P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
1.368 +
1.369 + rm -f ${TEST_IN} ${TEST_OUT}
1.370 + html "</TABLE><BR>"
1.371 +}
1.372 +
1.373 +########################################################################
1.374 +# local shell function to perform SSL Authentication tests of nss server
1.375 +# by invoking remove test client on web server side
1.376 +# Invoked only if reverse testing is supported by web server.
1.377 +# Params:
1.378 +# $1 - remote web server host
1.379 +# $2 - open port to connect to invoke CGI script
1.380 +# $3 - host where selfserv is running(name of the host nss tests
1.381 +# are running)
1.382 +# $4 - port where selfserv is running
1.383 +# $5 - selfserv nss db location
1.384 +# No return value
1.385 +#
1.386 +ssl_iopr_auth_ext_client()
1.387 +{
1.388 + host=$1
1.389 + port=$2
1.390 + sslHost=$3
1.391 + sslPort=$4
1.392 + serDbDir=$5
1.393 +
1.394 + html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
1.395 +
1.396 + setValidCert
1.397 + ret=$?
1.398 + if [ $res -ne 0 ]; then
1.399 + html_failed "Fail to find valid test cert(ws: $host)"
1.400 + return $ret
1.401 + fi
1.402 +
1.403 + OR_P_R_SERVERDIR=$P_R_SERVERDIR
1.404 + P_R_SERVERDIR=${serDbDir}
1.405 + OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
1.406 + P_R_CLIENTDIR=${serDbDir}
1.407 +
1.408 + SSLAUTH_TMP=${TMP}/authin.tl.tmp
1.409 +
1.410 + grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
1.411 +
1.412 + while read ecc value sparam cparam testname; do
1.413 + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
1.414 +
1.415 + echo "Server params: $sparam"
1.416 + sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
1.417 + start_selfserv
1.418 +
1.419 + TEST_IN=${TMP}/$HOST_IN.tmp.$$
1.420 + TEST_OUT=${TMP}/$HOST.tmp.$$
1.421 + rm -f $TEST_IN $TEST_OUT 2>/dev/null
1.422 +
1.423 + echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
1.424 + echo >> $TEST_IN
1.425 +
1.426 + echo "------- Request ----------------------"
1.427 + cat $TEST_IN
1.428 + echo "------- Command ----------------------"
1.429 + echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
1.430 + -h $host \< $TEST_IN \>\> $TEST_OUT
1.431 +
1.432 + ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
1.433 + -h $host <$TEST_IN > $TEST_OUT
1.434 +
1.435 + echo "------- Server output Begin ----------"
1.436 + cat $TEST_OUT
1.437 + echo "------- Server output End ----------"
1.438 +
1.439 + echo "Checking for errors in log file..."
1.440 + grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
1.441 + if [ $? -eq 0 ]; then
1.442 + echo "Checking for error in log file..."
1.443 + grep -i "SERVER ERROR:" $TEST_OUT
1.444 + ret=$?
1.445 + if [ $ret -eq 0 ]; then
1.446 + echo "Found problems. Reseting exit code to failure."
1.447 + ret=1
1.448 + else
1.449 + ret=0
1.450 + fi
1.451 + else
1.452 + echo "Script was not executed. Reseting exit code to failure."
1.453 + ret=11
1.454 + fi
1.455 +
1.456 + html_msg $ret $value "${testname}. Server params: $sparam"\
1.457 + "produced a returncode of $ret, expected is $value"
1.458 + kill_selfserv
1.459 + rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
1.460 + done < ${SSLAUTH_TMP}
1.461 +
1.462 + P_R_SERVERDIR=$OR_P_R_SERVERDIR
1.463 + P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
1.464 +
1.465 + rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
1.466 + html "</TABLE><BR>"
1.467 +}
1.468 +
1.469 +#########################################################################
1.470 +# local shell function to perform SSL CRL testing of nss server
1.471 +# by invoking remote test client on web server side
1.472 +# Invoked only if reverse testing is supported by web server.
1.473 +# Params:
1.474 +# $1 - remote web server host
1.475 +# $2 - open port to connect to invoke CGI script
1.476 +# $3 - host where selfserv is running(name of the host nss tests
1.477 +# are running)
1.478 +# $4 - port where selfserv is running
1.479 +# $5 - selfserv nss db location
1.480 +# No return value
1.481 +#
1.482 +ssl_iopr_crl_ext_client()
1.483 +{
1.484 + host=$1
1.485 + port=$2
1.486 + sslHost=$3
1.487 + sslPort=$4
1.488 + serDbDir=$5
1.489 +
1.490 + html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
1.491 +
1.492 + OR_P_R_SERVERDIR=$P_R_SERVERDIR
1.493 + P_R_SERVERDIR=${serDbDir}
1.494 + OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
1.495 + P_R_CLIENTDIR=$serDbDir
1.496 +
1.497 + SSLAUTH_TMP=${TMP}/authin.tl.tmp
1.498 + grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
1.499 +
1.500 + while read ecc value sparam _cparam testname; do
1.501 + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
1.502 + sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz"
1.503 + start_selfserv
1.504 +
1.505 + for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
1.506 +
1.507 + is_selfserv_alive
1.508 +
1.509 + TEST_IN=${TMP}/${HOST}_IN.tmp.$$
1.510 + TEST_OUT=${TMP}/$HOST.tmp.$$
1.511 + rm -f $TEST_IN $TEST_OUT 2>/dev/null
1.512 +
1.513 + echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
1.514 + echo >> $TEST_IN
1.515 +
1.516 + echo "------- Request ----------------------"
1.517 + cat $TEST_IN
1.518 + echo "------- Command ----------------------"
1.519 + echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
1.520 + -h ${host} \< $TEST_IN \>\> $TEST_OUT
1.521 +
1.522 + ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
1.523 + -h ${host} <$TEST_IN > $TEST_OUT
1.524 + echo "------- Request ----------------------"
1.525 + cat $TEST_IN
1.526 + echo "------- Server output Begin ----------"
1.527 + cat $TEST_OUT
1.528 + echo "------- Server output End ----------"
1.529 +
1.530 + echo "Checking for errors in log file..."
1.531 + grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
1.532 + if [ $? -eq 0 ]; then
1.533 + grep -i "SERVER ERROR:" $TEST_OUT
1.534 + ret=$?
1.535 + if [ $ret -eq 0 ]; then
1.536 + echo "Found problems. Reseting exit code to failure."
1.537 + ret=1
1.538 + else
1.539 + ret=0
1.540 + fi
1.541 + else
1.542 + echo "Script was not executed. Reseting exit code to failure."
1.543 + ret=11
1.544 + fi
1.545 +
1.546 + if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
1.547 + modvalue=1
1.548 + testAddMsg="revoked"
1.549 + else
1.550 + testAddMsg="not revoked"
1.551 + modvalue=0
1.552 + fi
1.553 +
1.554 + html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
1.555 + "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
1.556 + rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
1.557 + done
1.558 + kill_selfserv
1.559 + done < ${SSLAUTH_TMP}
1.560 +
1.561 + P_R_SERVERDIR=$OR_P_R_SERVERDIR
1.562 + P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
1.563 +
1.564 + rm -f ${SSLAUTH_TMP}
1.565 + html "</TABLE><BR>"
1.566 +}
1.567 +
1.568 +#####################################################################
1.569 +# Initial point for running ssl test againt multiple hosts involved in
1.570 +# interoperability testing. Called from nss/tests/ssl/ssl.sh
1.571 +# It will only proceed with test run for a specific host if environment variable
1.572 +# IOPR_HOSTADDR_LIST was set, had the host name in the list
1.573 +# and all needed file were successfully downloaded and installed for the host.
1.574 +#
1.575 +# Returns 1 if interoperability testing is off, 0 otherwise.
1.576 +#
1.577 +ssl_iopr_run() {
1.578 + if [ "$IOPR" -ne 1 ]; then
1.579 + return 1
1.580 + fi
1.581 + cd ${CLIENTDIR}
1.582 +
1.583 + ORIG_ECC_CERT=${NO_ECC_CERTS}
1.584 + NO_ECC_CERTS=1 # disable ECC for interoperability tests
1.585 +
1.586 + NSS_SSL_ENABLE_RENEGOTIATION=u
1.587 + export NSS_SSL_ENABLE_RENEGOTIATION
1.588 +
1.589 + num=1
1.590 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
1.591 + while [ "$IOPR_HOST_PARAM" ]; do
1.592 + IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
1.593 + IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
1.594 + [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
1.595 +
1.596 + . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
1.597 + RES=$?
1.598 +
1.599 + if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
1.600 + num=`expr $num + 1`
1.601 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
1.602 + continue
1.603 + fi
1.604 +
1.605 + #=======================================================
1.606 + # Check if server is capable to run ssl tests
1.607 + #
1.608 + [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;
1.609 +
1.610 + # Testing directories defined by webserver.
1.611 + echo "Testing ssl interoperability.
1.612 + Client: local(tstclnt).
1.613 + Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
1.614 +
1.615 + for sslTestType in ${supportedTests_new}; do
1.616 + if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
1.617 + continue
1.618 + fi
1.619 + ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
1.620 + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
1.621 + ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
1.622 + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
1.623 + ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
1.624 + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
1.625 + done
1.626 +
1.627 +
1.628 + # Testing selfserv with client located at the webserver.
1.629 + echo "Testing ssl interoperability.
1.630 + Client: remote($IOPR_HOSTADDR:$PORT)
1.631 + Server: local(selfserv)"
1.632 + ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
1.633 + ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
1.634 + ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
1.635 + ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
1.636 + ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
1.637 + ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
1.638 + echo "================================================"
1.639 + echo "Done testing interoperability with $IOPR_HOSTADDR"
1.640 + num=`expr $num + 1`
1.641 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
1.642 + done
1.643 + NO_ECC_CERTS=${ORIG_ECC_CERTS}
1.644 + return 0
1.645 +}
1.646 +
