diff options
author | nelsonb%netscape.com <devnull@localhost> | 2003-10-19 05:36:29 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2003-10-19 05:36:29 +0000 |
commit | 07b3b9f703c766495031a868c27811a6205e6dd7 (patch) | |
tree | 98c516ef9cf389197e1a9f4b5ff9ba2504b73c2a | |
parent | fe4b916ce2f078162a0f46f78307d0a7daead252 (diff) | |
download | nss-hg-07b3b9f703c766495031a868c27811a6205e6dd7.tar.gz |
Add new -N option, which completely suppresses the initialization and useNSS_3_8_3_BETA1
of the SSL server session ID cache. Used to test the fix for bug 222726.
r=wchang0222
-rw-r--r-- | security/nss/cmd/selfserv/selfserv.c | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 41f1efe8b..18afd800f 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -198,7 +198,7 @@ Usage(const char *progName) { fprintf(stderr, -"Usage: %s -n rsa_nickname -p port [-3DRTbmrvx] [-w password] [-t threads]\n" +"Usage: %s -n rsa_nickname -p port [-3DNRTbmrvx] [-w password] [-t threads]\n" " [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n" " [-L [seconds]] [-M maxProcs] [-l]\n" "-3 means disable SSL v3\n" @@ -216,6 +216,7 @@ Usage(const char *progName) "-x means use export policy.\n" "-L seconds means log statistics every 'seconds' seconds (default=30).\n" "-M maxProcs tells how many processes to run in a multi-process server\n" +"-N means do NOT use the server session cache. Incompatible with -M.\n" "-t threads -- specify the number of threads to use for connections.\n" "-i pid_file file to write the process id of selfserve\n" "-c ciphers Letter(s) chosen from the following list\n" @@ -617,6 +618,8 @@ PRBool useModelSocket = PR_FALSE; PRBool disableSSL3 = PR_FALSE; PRBool disableTLS = PR_FALSE; PRBool disableRollBack = PR_FALSE; +PRBool NoReuse = PR_FALSE; +PRBool hasSidCache = PR_FALSE; static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; @@ -1250,6 +1253,13 @@ server_main( } } + if (NoReuse) { + rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1); + if (rv < 0) { + errExit("SSL_OptionSet SSL_NO_CACHE"); + } + } + /* This cipher is not on by default. The Acceptance test * would like it to be. Turn this cipher on. */ @@ -1460,7 +1470,7 @@ main(int argc, char **argv) ** numbers, then capital letters, then lower case, alphabetical. */ optstate = PL_CreateOptState(argc, argv, - "2:3DL:M:RTbc:d:f:hi:lmn:op:rt:vw:xy"); + "2:3DL:M:NRTbc:d:f:hi:lmn:op:rt:vw:xy"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch(optstate->option) { @@ -1486,6 +1496,8 @@ main(int argc, char **argv) if (maxProcs > MAX_PROCS) maxProcs = MAX_PROCS; break; + case 'N': NoReuse = PR_TRUE; break; + case 'R': disableRollBack = PR_TRUE; break; case 'T': disableTLS = PR_TRUE; break; @@ -1571,6 +1583,11 @@ main(int argc, char **argv) exit(7); } + if (NoReuse && maxProcs > 1) { + fprintf(stderr, "-M and -N options are mutually exclusive.\n"); + exit(14); + } + if (pidFile) { FILE *tmpfile=fopen(pidFile,"w+"); @@ -1610,12 +1627,14 @@ main(int argc, char **argv) rv = SSL_InheritMPServerSIDCache(envString); if (rv != SECSuccess) errExit("SSL_InheritMPServerSIDCache"); + hasSidCache = PR_TRUE; } else if (maxProcs > 1) { /* we're going to be the parent in a multi-process server. */ listen_sock = getBoundListenSocket(port); rv = SSL_ConfigMPServerSIDCache(NUM_SID_CACHE_ENTRIES, 0, 0, tmp); if (rv != SECSuccess) errExit("SSL_ConfigMPServerSIDCache"); + hasSidCache = PR_TRUE; beAGoodParent(argc, argv, maxProcs, listen_sock); exit(99); /* should never get here */ } else { @@ -1624,9 +1643,13 @@ main(int argc, char **argv) prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE); if (prStatus != PR_SUCCESS) errExit("PR_SetFDInheritable"); - rv = SSL_ConfigServerSessionIDCache(NUM_SID_CACHE_ENTRIES, 0, 0, tmp); - if (rv != SECSuccess) - errExit("SSL_ConfigServerSessionIDCache"); + if (!NoReuse) { + rv = SSL_ConfigServerSessionIDCache(NUM_SID_CACHE_ENTRIES, + 0, 0, tmp); + if (rv != SECSuccess) + errExit("SSL_ConfigServerSessionIDCache"); + hasSidCache = PR_TRUE; + } } lm = PR_NewLogModule("TestCase"); @@ -1739,8 +1762,9 @@ main(int argc, char **argv) free(nickName); free(passwd); - SSL_ShutdownServerSessionIDCache(); - + if (hasSidCache) { + SSL_ShutdownServerSessionIDCache(); + } if (NSS_Shutdown() != SECSuccess) { SECU_PrintError(progName, "NSS_Shutdown"); PR_Cleanup(); |