michael@0: #! /bin/bash
michael@0: #
michael@0: # This Source Code Form is subject to the terms of the Mozilla Public
michael@0: # License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0: # file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0:
michael@0: ########################################################################
michael@0: #
michael@0: # mozilla/security/nss/tests/iopr/ssl_iopr.sh
michael@0: #
michael@0: # NSS SSL interoperability QA. This file is included from ssl.sh
michael@0: #
michael@0: # needs to work on all Unix and Windows platforms
michael@0: #
michael@0: # special strings
michael@0: # ---------------
michael@0: # FIXME ... known problems, search for this string
michael@0: # NOTE .... unexpected behavior
michael@0: ########################################################################
michael@0: IOPR_SSL_SOURCED=1
michael@0:
michael@0: ########################################################################
michael@0: # The functions works with variables defined in interoperability
michael@0: # configuration file that was downloaded from a webserver.
michael@0: # It tries to find unrevoked cert based on value of variable
michael@0: # "SslClntValidCertName" defined in the configuration file.
michael@0: # Params NONE.
michael@0: # Returns 0 if found, 1 otherwise.
michael@0: #
michael@0: setValidCert() {
michael@0: testUser=$SslClntValidCertName
michael@0: [ -z "$testUser" ] && return 1
michael@0: return 0
michael@0: }
michael@0:
michael@0: ########################################################################
michael@0: # The funtions works with variables defined in interoperability
michael@0: # configuration file that was downloaded from a webserver.
michael@0: # The function sets port, url, param and description test parameters
michael@0: # that was defind for a particular type of testing.
michael@0: # Params:
michael@0: # $1 - supported types of testing. Currently have maximum
michael@0: # of two: forward and reverse. But more can be defined.
michael@0: # No return value
michael@0: #
michael@0: setTestParam() {
michael@0: type=$1
michael@0: sslPort=`eval 'echo $'${type}Port`
michael@0: sslUrl=`eval 'echo $'${type}Url`
michael@0: testParam=`eval 'echo $'${type}Param`
michael@0: testDescription=`eval 'echo $'${type}Descr`
michael@0: [ -z "$sslPort" ] && sslPort=443
michael@0: [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
michael@0: [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
michael@0: }
michael@0:
michael@0:
michael@0: #######################################################################
michael@0: # local shell function to perform SSL Cipher Suite Coverage tests
michael@0: # in interoperability mode. Tests run against web server by using nss
michael@0: # test client
michael@0: # Params:
michael@0: # $1 - supported type of testing.
michael@0: # $2 - testing host
michael@0: # $3 - nss db location
michael@0: # No return value
michael@0: #
michael@0: ssl_iopr_cov_ext_server()
michael@0: {
michael@0: testType=$1
michael@0: host=$2
michael@0: dbDir=$3
michael@0:
michael@0: setTestParam $testType
michael@0: if [ "`echo $testParam | grep NOCOV`" != "" ]; then
michael@0: echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
michael@0: "run by server configuration"
michael@0: return 0
michael@0: fi
michael@0:
michael@0: html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
michael@0: "$BYPASS_STRING $NORM_EXT): $testDescription"
michael@0:
michael@0: setValidCert; ret=$?
michael@0: if [ $ret -ne 0 ]; then
michael@0: html_failed "Fail to find valid test cert(ws: $host)"
michael@0: return $ret
michael@0: fi
michael@0:
michael@0: SSL_REQ_FILE=${TMP}/sslreq.dat.$$
michael@0: echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
michael@0: echo >> $SSL_REQ_FILE
michael@0:
michael@0: while read ecc tls param testname therest; do
michael@0: [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
michael@0: "$ecc" = "ECC" ] && continue;
michael@0:
michael@0: echo "$SCRIPTNAME: running $testname ----------------------------"
michael@0: TLS_FLAG=-T
michael@0: if [ "$tls" = "TLS" ]; then
michael@0: TLS_FLAG=""
michael@0: fi
michael@0:
michael@0: resFile=${TMP}/$HOST.tmpRes.$$
michael@0: rm $resFile 2>/dev/null
michael@0:
michael@0: echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
michael@0: echo " -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\"
michael@0: echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
michael@0:
michael@0: ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \
michael@0: ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \
michael@0: -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1
michael@0: ret=$?
michael@0: grep "ACCESS=OK" $resFile
michael@0: test $? -eq 0 -a $ret -eq 0
michael@0: ret=$?
michael@0: [ $ret -ne 0 ] && cat $resFile
michael@0: rm -f $resFile 2>/dev/null
michael@0: html_msg $ret 0 "${testname}"
michael@0: done < ${SSLCOV}
michael@0: rm -f $SSL_REQ_FILE 2>/dev/null
michael@0:
michael@0: html "
"
michael@0: }
michael@0:
michael@0: #######################################################################
michael@0: # local shell function to perform SSL Client Authentication tests
michael@0: # in interoperability mode. Tests run against web server by using nss
michael@0: # test client
michael@0: # Params:
michael@0: # $1 - supported type of testing.
michael@0: # $2 - testing host
michael@0: # $3 - nss db location
michael@0: # No return value
michael@0: #
michael@0: ssl_iopr_auth_ext_server()
michael@0: {
michael@0: testType=$1
michael@0: host=$2
michael@0: dbDir=$3
michael@0:
michael@0: setTestParam $testType
michael@0: if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
michael@0: echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
michael@0: "run by server configuration"
michael@0: return 0
michael@0: fi
michael@0:
michael@0: html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
michael@0: $testDescription"
michael@0:
michael@0: setValidCert;ret=$?
michael@0: if [ $ret -ne 0 ]; then
michael@0: html_failed "Fail to find valid test cert(ws: $host)"
michael@0: return $ret
michael@0: fi
michael@0:
michael@0: SSL_REQ_FILE=${TMP}/sslreq.dat.$$
michael@0: echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
michael@0: echo >> $SSL_REQ_FILE
michael@0:
michael@0: SSLAUTH_TMP=${TMP}/authin.tl.tmp
michael@0: grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}
michael@0:
michael@0: while read ecc value sparam cparam testname; do
michael@0: [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
michael@0:
michael@0: cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
michael@0:
michael@0: echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
michael@0: echo " -d ${dbDir} -v < ${SSL_REQ_FILE}"
michael@0:
michael@0: resFile=${TMP}/$HOST.tmp.$$
michael@0: rm $rsFile 2>/dev/null
michael@0:
michael@0: ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
michael@0: -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile 2>&1
michael@0: ret=$?
michael@0: grep "ACCESS=OK" $resFile
michael@0: test $? -eq 0 -a $ret -eq 0
michael@0: ret=$?
michael@0: [ $ret -ne 0 ] && cat $resFile
michael@0: rm $resFile 2>/dev/null
michael@0:
michael@0: html_msg $ret $value "${testname}. Client params: $cparam"\
michael@0: "produced a returncode of $ret, expected is $value"
michael@0: done < ${SSLAUTH_TMP}
michael@0: rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
michael@0:
michael@0: html "
"
michael@0: }
michael@0:
michael@0: ########################################################################
michael@0: # local shell function to perform SSL interoperability test with/out
michael@0: # revoked certs tests. Tests run against web server by using nss
michael@0: # test client
michael@0: # Params:
michael@0: # $1 - supported type of testing.
michael@0: # $2 - testing host
michael@0: # $3 - nss db location
michael@0: # No return value
michael@0: #
michael@0: ssl_iopr_crl_ext_server()
michael@0: {
michael@0: testType=$1
michael@0: host=$2
michael@0: dbDir=$3
michael@0:
michael@0: setTestParam $testType
michael@0: if [ "`echo $testParam | grep NOCRL`" != "" ]; then
michael@0: echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
michael@0: "run by server configuration"
michael@0: return 0
michael@0: fi
michael@0:
michael@0: html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
michael@0:
michael@0: SSL_REQ_FILE=${TMP}/sslreq.dat.$$
michael@0: echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
michael@0: echo >> $SSL_REQ_FILE
michael@0:
michael@0: SSLAUTH_TMP=${TMP}/authin.tl.tmp
michael@0: grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
michael@0: grep -v none > ${SSLAUTH_TMP}
michael@0:
michael@0: while read ecc value sparam _cparam testname; do
michael@0: [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
michael@0:
michael@0: rev_modvalue=254
michael@0: for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
michael@0: cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
michael@0:
michael@0: echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
michael@0: echo " -f -d ${dbDir} -v ${cparam} < ${SSL_REQ_FILE}"
michael@0: resFile=${TMP}/$HOST.tmp.$$
michael@0: rm -f $resFile 2>/dev/null
michael@0: ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
michael@0: -d ${dbDir} -v < ${SSL_REQ_FILE} \
michael@0: > $resFile 2>&1
michael@0: ret=$?
michael@0: grep "ACCESS=OK" $resFile
michael@0: test $? -eq 0 -a $ret -eq 0
michael@0: ret=$?
michael@0: [ $ret -ne 0 ] && ret=$rev_modvalue;
michael@0: [ $ret -ne 0 ] && cat $resFile
michael@0: rm -f $resFile 2>/dev/null
michael@0:
michael@0: if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
michael@0: modvalue=$rev_modvalue
michael@0: testAddMsg="revoked"
michael@0: else
michael@0: testAddMsg="not revoked"
michael@0: modvalue=$value
michael@0: fi
michael@0: html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
michael@0: "produced a returncode of $ret, expected is $modvalue"
michael@0: done
michael@0: done < ${SSLAUTH_TMP}
michael@0: rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
michael@0:
michael@0: html "
"
michael@0: }
michael@0:
michael@0:
michael@0: ########################################################################
michael@0: # local shell function to perform SSL Cipher Coverage tests of nss server
michael@0: # by invoking remote test client on web server side.
michael@0: # Invoked only if reverse testing is supported by web server.
michael@0: # Params:
michael@0: # $1 - remote web server host
michael@0: # $2 - open port to connect to invoke CGI script
michael@0: # $3 - host where selfserv is running(name of the host nss tests
michael@0: # are running)
michael@0: # $4 - port where selfserv is running
michael@0: # $5 - selfserv nss db location
michael@0: # No return value
michael@0: #
michael@0: ssl_iopr_cov_ext_client()
michael@0: {
michael@0: host=$1
michael@0: port=$2
michael@0: sslHost=$3
michael@0: sslPort=$4
michael@0: serDbDir=$5
michael@0:
michael@0: html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
michael@0:
michael@0: setValidCert
michael@0: ret=$?
michael@0: if [ $res -ne 0 ]; then
michael@0: html_failed "Fail to find valid test cert(ws: $host)"
michael@0: return $ret
michael@0: fi
michael@0:
michael@0: # P_R_SERVERDIR switch require for selfserv to work.
michael@0: # Will be restored after test
michael@0: OR_P_R_SERVERDIR=$P_R_SERVERDIR
michael@0: P_R_SERVERDIR=$serDbDir
michael@0: OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
michael@0: P_R_CLIENTDIR=$serDbDir
michael@0: testname=""
michael@0: sparam="-vvvc ABCDEFcdefgijklmnvyz"
michael@0: # Launch the server
michael@0: start_selfserv
michael@0:
michael@0: while read ecc tls param cipher therest; do
michael@0: [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
michael@0: echo "============= Beginning of the test ===================="
michael@0: echo
michael@0:
michael@0: is_selfserv_alive
michael@0:
michael@0: TEST_IN=${TMP}/${HOST}_IN.tmp.$$
michael@0: TEST_OUT=${TMP}/$HOST.tmp.$$
michael@0: rm -f $TEST_IN $TEST_OUT 2>/dev/null
michael@0:
michael@0: echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
michael@0: echo >> $TEST_IN
michael@0:
michael@0: echo "------- Request ----------------------"
michael@0: cat $TEST_IN
michael@0: echo "------- Command ----------------------"
michael@0: echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
michael@0: -h $host \< $TEST_IN \>\> $TEST_OUT
michael@0:
michael@0: ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
michael@0: -h $host <$TEST_IN > $TEST_OUT
michael@0:
michael@0: echo "------- Server output Begin ----------"
michael@0: cat $TEST_OUT
michael@0: echo "------- Server output End ----------"
michael@0:
michael@0: echo "Checking for errors in log file..."
michael@0: grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
michael@0: if [ $? -eq 0 ]; then
michael@0: grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
michael@0: if [ $? -eq 0 ]; then
michael@0: echo "Skiping test: no support for the cipher $cipher on server side"
michael@0: continue
michael@0: fi
michael@0:
michael@0: grep -i "SERVER ERROR:" $TEST_OUT
michael@0: ret=$?
michael@0: if [ $ret -eq 0 ]; then
michael@0: echo "Found problems. Reseting exit code to failure."
michael@0:
michael@0: ret=1
michael@0: else
michael@0: ret=0
michael@0: fi
michael@0: else
michael@0: echo "Script was not executed. Reseting exit code to failure."
michael@0: ret=11
michael@0: fi
michael@0:
michael@0: html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
michael@0: " produced a returncode of $ret, expected is 0"
michael@0: rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
michael@0: done < ${SSLCOV}
michael@0: kill_selfserv
michael@0:
michael@0: P_R_SERVERDIR=$OR_P_R_SERVERDIR
michael@0: P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
michael@0:
michael@0: rm -f ${TEST_IN} ${TEST_OUT}
michael@0: html "
"
michael@0: }
michael@0:
michael@0: ########################################################################
michael@0: # local shell function to perform SSL Authentication tests of nss server
michael@0: # by invoking remove test client on web server side
michael@0: # Invoked only if reverse testing is supported by web server.
michael@0: # Params:
michael@0: # $1 - remote web server host
michael@0: # $2 - open port to connect to invoke CGI script
michael@0: # $3 - host where selfserv is running(name of the host nss tests
michael@0: # are running)
michael@0: # $4 - port where selfserv is running
michael@0: # $5 - selfserv nss db location
michael@0: # No return value
michael@0: #
michael@0: ssl_iopr_auth_ext_client()
michael@0: {
michael@0: host=$1
michael@0: port=$2
michael@0: sslHost=$3
michael@0: sslPort=$4
michael@0: serDbDir=$5
michael@0:
michael@0: html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
michael@0:
michael@0: setValidCert
michael@0: ret=$?
michael@0: if [ $res -ne 0 ]; then
michael@0: html_failed "Fail to find valid test cert(ws: $host)"
michael@0: return $ret
michael@0: fi
michael@0:
michael@0: OR_P_R_SERVERDIR=$P_R_SERVERDIR
michael@0: P_R_SERVERDIR=${serDbDir}
michael@0: OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
michael@0: P_R_CLIENTDIR=${serDbDir}
michael@0:
michael@0: SSLAUTH_TMP=${TMP}/authin.tl.tmp
michael@0:
michael@0: grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
michael@0:
michael@0: while read ecc value sparam cparam testname; do
michael@0: [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
michael@0:
michael@0: echo "Server params: $sparam"
michael@0: sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
michael@0: start_selfserv
michael@0:
michael@0: TEST_IN=${TMP}/$HOST_IN.tmp.$$
michael@0: TEST_OUT=${TMP}/$HOST.tmp.$$
michael@0: rm -f $TEST_IN $TEST_OUT 2>/dev/null
michael@0:
michael@0: echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
michael@0: echo >> $TEST_IN
michael@0:
michael@0: echo "------- Request ----------------------"
michael@0: cat $TEST_IN
michael@0: echo "------- Command ----------------------"
michael@0: echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
michael@0: -h $host \< $TEST_IN \>\> $TEST_OUT
michael@0:
michael@0: ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
michael@0: -h $host <$TEST_IN > $TEST_OUT
michael@0:
michael@0: echo "------- Server output Begin ----------"
michael@0: cat $TEST_OUT
michael@0: echo "------- Server output End ----------"
michael@0:
michael@0: echo "Checking for errors in log file..."
michael@0: grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
michael@0: if [ $? -eq 0 ]; then
michael@0: echo "Checking for error in log file..."
michael@0: grep -i "SERVER ERROR:" $TEST_OUT
michael@0: ret=$?
michael@0: if [ $ret -eq 0 ]; then
michael@0: echo "Found problems. Reseting exit code to failure."
michael@0: ret=1
michael@0: else
michael@0: ret=0
michael@0: fi
michael@0: else
michael@0: echo "Script was not executed. Reseting exit code to failure."
michael@0: ret=11
michael@0: fi
michael@0:
michael@0: html_msg $ret $value "${testname}. Server params: $sparam"\
michael@0: "produced a returncode of $ret, expected is $value"
michael@0: kill_selfserv
michael@0: rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
michael@0: done < ${SSLAUTH_TMP}
michael@0:
michael@0: P_R_SERVERDIR=$OR_P_R_SERVERDIR
michael@0: P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
michael@0:
michael@0: rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
michael@0: html "
"
michael@0: }
michael@0:
michael@0: #########################################################################
michael@0: # local shell function to perform SSL CRL testing of nss server
michael@0: # by invoking remote test client on web server side
michael@0: # Invoked only if reverse testing is supported by web server.
michael@0: # Params:
michael@0: # $1 - remote web server host
michael@0: # $2 - open port to connect to invoke CGI script
michael@0: # $3 - host where selfserv is running(name of the host nss tests
michael@0: # are running)
michael@0: # $4 - port where selfserv is running
michael@0: # $5 - selfserv nss db location
michael@0: # No return value
michael@0: #
michael@0: ssl_iopr_crl_ext_client()
michael@0: {
michael@0: host=$1
michael@0: port=$2
michael@0: sslHost=$3
michael@0: sslPort=$4
michael@0: serDbDir=$5
michael@0:
michael@0: html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
michael@0:
michael@0: OR_P_R_SERVERDIR=$P_R_SERVERDIR
michael@0: P_R_SERVERDIR=${serDbDir}
michael@0: OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
michael@0: P_R_CLIENTDIR=$serDbDir
michael@0:
michael@0: SSLAUTH_TMP=${TMP}/authin.tl.tmp
michael@0: grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
michael@0:
michael@0: while read ecc value sparam _cparam testname; do
michael@0: [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
michael@0: sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz"
michael@0: start_selfserv
michael@0:
michael@0: for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
michael@0:
michael@0: is_selfserv_alive
michael@0:
michael@0: TEST_IN=${TMP}/${HOST}_IN.tmp.$$
michael@0: TEST_OUT=${TMP}/$HOST.tmp.$$
michael@0: rm -f $TEST_IN $TEST_OUT 2>/dev/null
michael@0:
michael@0: echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
michael@0: echo >> $TEST_IN
michael@0:
michael@0: echo "------- Request ----------------------"
michael@0: cat $TEST_IN
michael@0: echo "------- Command ----------------------"
michael@0: echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
michael@0: -h ${host} \< $TEST_IN \>\> $TEST_OUT
michael@0:
michael@0: ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
michael@0: -h ${host} <$TEST_IN > $TEST_OUT
michael@0: echo "------- Request ----------------------"
michael@0: cat $TEST_IN
michael@0: echo "------- Server output Begin ----------"
michael@0: cat $TEST_OUT
michael@0: echo "------- Server output End ----------"
michael@0:
michael@0: echo "Checking for errors in log file..."
michael@0: grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
michael@0: if [ $? -eq 0 ]; then
michael@0: grep -i "SERVER ERROR:" $TEST_OUT
michael@0: ret=$?
michael@0: if [ $ret -eq 0 ]; then
michael@0: echo "Found problems. Reseting exit code to failure."
michael@0: ret=1
michael@0: else
michael@0: ret=0
michael@0: fi
michael@0: else
michael@0: echo "Script was not executed. Reseting exit code to failure."
michael@0: ret=11
michael@0: fi
michael@0:
michael@0: if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
michael@0: modvalue=1
michael@0: testAddMsg="revoked"
michael@0: else
michael@0: testAddMsg="not revoked"
michael@0: modvalue=0
michael@0: fi
michael@0:
michael@0: html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
michael@0: "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
michael@0: rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
michael@0: done
michael@0: kill_selfserv
michael@0: done < ${SSLAUTH_TMP}
michael@0:
michael@0: P_R_SERVERDIR=$OR_P_R_SERVERDIR
michael@0: P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
michael@0:
michael@0: rm -f ${SSLAUTH_TMP}
michael@0: html "
"
michael@0: }
michael@0:
michael@0: #####################################################################
michael@0: # Initial point for running ssl test againt multiple hosts involved in
michael@0: # interoperability testing. Called from nss/tests/ssl/ssl.sh
michael@0: # It will only proceed with test run for a specific host if environment variable
michael@0: # IOPR_HOSTADDR_LIST was set, had the host name in the list
michael@0: # and all needed file were successfully downloaded and installed for the host.
michael@0: #
michael@0: # Returns 1 if interoperability testing is off, 0 otherwise.
michael@0: #
michael@0: ssl_iopr_run() {
michael@0: if [ "$IOPR" -ne 1 ]; then
michael@0: return 1
michael@0: fi
michael@0: cd ${CLIENTDIR}
michael@0:
michael@0: ORIG_ECC_CERT=${NO_ECC_CERTS}
michael@0: NO_ECC_CERTS=1 # disable ECC for interoperability tests
michael@0:
michael@0: NSS_SSL_ENABLE_RENEGOTIATION=u
michael@0: export NSS_SSL_ENABLE_RENEGOTIATION
michael@0:
michael@0: num=1
michael@0: IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0: while [ "$IOPR_HOST_PARAM" ]; do
michael@0: IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
michael@0: IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
michael@0: [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
michael@0:
michael@0: . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
michael@0: RES=$?
michael@0:
michael@0: if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
michael@0: num=`expr $num + 1`
michael@0: IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0: continue
michael@0: fi
michael@0:
michael@0: #=======================================================
michael@0: # Check if server is capable to run ssl tests
michael@0: #
michael@0: [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;
michael@0:
michael@0: # Testing directories defined by webserver.
michael@0: echo "Testing ssl interoperability.
michael@0: Client: local(tstclnt).
michael@0: Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
michael@0:
michael@0: for sslTestType in ${supportedTests_new}; do
michael@0: if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
michael@0: continue
michael@0: fi
michael@0: ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
michael@0: ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
michael@0: ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
michael@0: ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
michael@0: ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
michael@0: ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
michael@0: done
michael@0:
michael@0:
michael@0: # Testing selfserv with client located at the webserver.
michael@0: echo "Testing ssl interoperability.
michael@0: Client: remote($IOPR_HOSTADDR:$PORT)
michael@0: Server: local(selfserv)"
michael@0: ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
michael@0: ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
michael@0: ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
michael@0: ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
michael@0: ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
michael@0: ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
michael@0: echo "================================================"
michael@0: echo "Done testing interoperability with $IOPR_HOSTADDR"
michael@0: num=`expr $num + 1`
michael@0: IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0: done
michael@0: NO_ECC_CERTS=${ORIG_ECC_CERTS}
michael@0: return 0
michael@0: }
michael@0: