Fix for bug 359302. Remove SSLSample . r=nelson

13 files changed, 0 insertions, 2587 deletions

diff --git a/security/nss/cmd/SSLsample/Makefile b/security/nss/cmd/SSLsample/Makefile
deleted file mode 100644
index f62d2a3d0..000000000
--- a/security/nss/cmd/SSLsample/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#! gmake
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-# do these once for each target program
-all default export libs program install release_export::
-	$(MAKE) -f make.client $@
-	$(MAKE) -f make.server $@
-
-# only do these things once for the whole directory
-depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show::
-	$(MAKE) -f make.client $@
-
-
diff --git a/security/nss/cmd/SSLsample/README b/security/nss/cmd/SSLsample/README
deleted file mode 100644
index 5672cfac8..000000000
--- a/security/nss/cmd/SSLsample/README
+++ /dev/null
@@ -1,35 +0,0 @@
-These sample programs can be built in either of two ways:
-1) is the NSS source tree, using the coreconf build system, and 
-2) stand alone (as part of the NSS distribution).
-
-The following makefiles are used only when building in the NSS source tree
-using coreconf.  These are NOT part of the distribution.
-
-Makefile
-client.mn
-server.mn
-config.mk
-make.client
-make.server
-
-The following source files are common to both build environments and are
-part of the distribution.
-
-NSPRerrs.h
-SECerrs.h
-SSLerrs.h
-client.c
-getopt.c
-server.c
-sslerror.h
-
-In the NSS 2.0 distribution, the sample code and makefiles are in a 
-directory named "samples".  The directories relevant to building 
-in the distributed tree are:
-
-./samples
-./include/dbm
-./include/nspr
-./include/security
-./lib
-
diff --git a/security/nss/cmd/SSLsample/client.c b/security/nss/cmd/SSLsample/client.c
deleted file mode 100644
index d496371e9..000000000
--- a/security/nss/cmd/SSLsample/client.c
+++ /dev/null
@@ -1,456 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/****************************************************************************
- *  SSL client program that sets up a connection to SSL server, transmits   *
- *  some data and then reads the reply                                      *
- ****************************************************************************/ 
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include "prerror.h"
-
-#include "pk11func.h"
-#include "secitem.h"
-
-
-#include <stdlib.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "prio.h"
-#include "prnetdb.h"
-#include "nss.h"
-
-#include "sslsample.h"
-
-#define RD_BUF_SIZE (60 * 1024)
-
-extern int ssl2CipherSuites[];
-extern int ssl3CipherSuites[];
-
-GlobalThreadMgr threadMGR;
-char *certNickname = NULL;
-char *hostName = NULL;
-char *password = NULL;
-unsigned short port = 0;
-
-static void
-Usage(const char *progName)
-{
-	fprintf(stderr, 
-	  "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
-	  "          [-w dbpasswd] [-C cipher(s)] hostname\n",
-	progName);
-	exit(1);
-}
-
-PRFileDesc *
-setupSSLSocket(PRNetAddr *addr)
-{
-	PRFileDesc         *tcpSocket;
-	PRFileDesc         *sslSocket;
-	PRSocketOptionData	socketOption;
-	PRStatus            prStatus;
-	SECStatus           secStatus;
-
-#if 0
-retry:
-#endif
-
-	tcpSocket = PR_NewTCPSocket();
-	if (tcpSocket == NULL) {
-		errWarn("PR_NewTCPSocket");
-	}
-
-	/* Make the socket blocking. */
-	socketOption.option	            = PR_SockOpt_Nonblocking;
-	socketOption.value.non_blocking = PR_FALSE;
-
-	prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
-	if (prStatus != PR_SUCCESS) {
-		errWarn("PR_SetSocketOption");
-		goto loser;
-	} 
-
-#if 0
-	/* Verify that a connection can be made to the socket. */
-	prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT);
-	if (prStatus != PR_SUCCESS) {
-		PRErrorCode err = PR_GetError();
-		if (err == PR_CONNECT_REFUSED_ERROR) {
-			PR_Close(tcpSocket);
-			PR_Sleep(PR_MillisecondsToInterval(10));
-			fprintf(stderr, "Connection to port refused, retrying.\n");
-			goto retry;
-		}
-		errWarn("PR_Connect");
-		goto loser;
-	}
-#endif
-
-	/* Import the socket into the SSL layer. */
-	sslSocket = SSL_ImportFD(NULL, tcpSocket);
-	if (!sslSocket) {
-		errWarn("SSL_ImportFD");
-		goto loser;
-	}
-
-	/* Set configuration options. */
-	secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_SECURITY");
-		goto loser;
-	}
-
-	secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
-		goto loser;
-	}
-
-	/* Set SSL callback routines. */
-	secStatus = SSL_GetClientAuthDataHook(sslSocket,
-	                          (SSLGetClientAuthData)myGetClientAuthData,
-	                          (void *)certNickname);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_GetClientAuthDataHook");
-		goto loser;
-	}
-
-	secStatus = SSL_AuthCertificateHook(sslSocket,
-	                                   (SSLAuthCertificate)myAuthCertificate,
-                                       (void *)CERT_GetDefaultCertDB());
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_AuthCertificateHook");
-		goto loser;
-	}
-
-	secStatus = SSL_BadCertHook(sslSocket, 
-	                           (SSLBadCertHandler)myBadCertHandler, NULL);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_BadCertHook");
-		goto loser;
-	}
-
-	secStatus = SSL_HandshakeCallback(sslSocket, 
-	                                  myHandshakeCallback,
-	                                  NULL);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_HandshakeCallback");
-		goto loser;
-	}
-
-	return sslSocket;
-
-loser:
-
-	PR_Close(tcpSocket);
-	return NULL;
-}
-
-
-const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
-
-SECStatus
-handle_connection(PRFileDesc *sslSocket, int connection)
-{
-	int	     countRead = 0;
-	PRInt32  numBytes;
-	char    *readBuffer;
-
-	readBuffer = PORT_Alloc(RD_BUF_SIZE);
-	if (!readBuffer) {
-		exitErr("PORT_Alloc");
-	}
-
-	/* compose the http request here. */
-
-	numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
-	if (numBytes <= 0) {
-		errWarn("PR_Write");
-		PR_Free(readBuffer);
-		readBuffer = NULL;
-		return SECFailure;
-	}
-
-	/* read until EOF */
-	while (PR_TRUE) {
-		numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
-		if (numBytes == 0) {
-			break;	/* EOF */
-		}
-		if (numBytes < 0) {
-			errWarn("PR_Read");
-			break;
-		}
-		countRead += numBytes;
-		fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n", 
-			connection, numBytes, countRead );
-		readBuffer[numBytes] = '\0';
-		fprintf(stderr, "************\n%s\n************\n", readBuffer);
-	}
-
-	printSecurityInfo(sslSocket);
-	
-	PR_Free(readBuffer);
-	readBuffer = NULL;
-
-	/* Caller closes the socket. */
-
-	fprintf(stderr, 
-	        "***** Connection %d read %d bytes total.\n", 
-	        connection, countRead);
-
-	return SECSuccess;	/* success */
-}
-
-/* one copy of this function is launched in a separate thread for each
-** connection to be made.
-*/
-SECStatus
-do_connects(void *a, int connection)
-{
-	PRNetAddr  *addr = (PRNetAddr *)a;
-	PRFileDesc *sslSocket;
-	PRHostEnt   hostEntry;
-	char        buffer[PR_NETDB_BUF_SIZE];
-	PRStatus    prStatus;
-	PRIntn      hostenum;
-	SECStatus   secStatus;
-
-	/* Set up SSL secure socket. */
-	sslSocket = setupSSLSocket(addr);
-	if (sslSocket == NULL) {
-		errWarn("setupSSLSocket");
-		return SECFailure;
-	}
-
-	secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_SetPKCS11PinArg");
-		return secStatus;
-	}
-
-	secStatus = SSL_SetURL(sslSocket, hostName);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_SetURL");
-		return secStatus;
-	}
-
-	/* Prepare and setup network connection. */
-	prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
-	if (prStatus != PR_SUCCESS) {
-		errWarn("PR_GetHostByName");
-		return SECFailure;
-	}
-
-	hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
-	if (hostenum == -1) {
-		errWarn("PR_EnumerateHostEnt");
-		return SECFailure;
-	}
-
-	prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
-	if (prStatus != PR_SUCCESS) {
-		errWarn("PR_Connect");
-		return SECFailure;
-	}
-
-	/* Established SSL connection, ready to send data. */
-#if 0
-	secStatus = SSL_ForceHandshake(sslSocket);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_ForceHandshake");
-		return secStatus;
-	}
-#endif
-
-	secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_ResetHandshake");
-		prStatus = PR_Close(sslSocket);
-		if (prStatus != PR_SUCCESS) {
-			errWarn("PR_Close");
-		}
-		return secStatus;
-	}
-
-	secStatus = handle_connection(sslSocket, connection);
-	if (secStatus != SECSuccess) {
-		errWarn("handle_connection");
-		return secStatus;
-	}
-
-	PR_Close(sslSocket);
-	return SECSuccess;
-}
-
-void
-client_main(unsigned short      port, 
-            int	                connections, 
-            const char *        hostName)
-{
-	int			i;
-	SECStatus	secStatus;
-	PRStatus    prStatus;
-	PRInt32     rv;
-	PRNetAddr	addr;
-	PRHostEnt   hostEntry;
-	char        buffer[256];
-
-	/* Setup network connection. */
-	prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry);
-	if (prStatus != PR_SUCCESS) {
-		exitErr("PR_GetHostByName");
-	}
-
-	rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
-	if (rv < 0) {
-		exitErr("PR_EnumerateHostEnt");
-	}
-
-	secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
-	if (secStatus != SECSuccess) {
-		exitErr("launch_thread");
-	}
-
-	if (connections > 1) {
-		/* wait for the first connection to terminate, then launch the rest. */
-		reap_threads(&threadMGR);
-		/* Start up the connections */
-		for (i = 2; i <= connections; ++i) {
-			secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
-			if (secStatus != SECSuccess) {
-				errWarn("launch_thread");
-			}
-		}
-	}
-
-	reap_threads(&threadMGR);
-	destroy_thread_data(&threadMGR);
-}
-
-int
-main(int argc, char **argv)
-{
-	char *               certDir      = ".";
-	char *               progName     = NULL;
-	int					 connections  = 1;
-	char *               cipherString = NULL;
-	SECStatus            secStatus;
-	PLOptState *         optstate;
-	PLOptStatus          status;
-
-	/* Call the NSPR initialization routines */
-	PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
-	progName = PL_strdup(argv[0]);
-
-	hostName = NULL;
-	optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:");
-	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
-		switch(optstate->option) {
-		case 'C' : cipherString = PL_strdup(optstate->value); break;
-		case 'c' : connections = PORT_Atoi(optstate->value);  break;
-		case 'd' : certDir = PL_strdup(optstate->value);      break;
-		case 'n' : certNickname = PL_strdup(optstate->value); break;
-		case 'p' : port = PORT_Atoi(optstate->value);         break;
-		case 'w' : password = PL_strdup(optstate->value);     break;
-		case '\0': hostName = PL_strdup(optstate->value);     break;
-		default  : Usage(progName);
-		}
-	}
-
-	if (port == 0 || hostName == NULL)
-		Usage(progName);
-
-	if (certDir == NULL) {
-		certDir = PR_smprintf("%s/.netscape", getenv("HOME"));
-	}
-
-	/* Set our password function callback. */
-	PK11_SetPasswordFunc(myPasswd);
-
-	/* Initialize the NSS libraries. */
-	secStatus = NSS_Init(certDir);
-	if (secStatus != SECSuccess) {
-		exitErr("NSS_Init");
-	}
-
-	/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
-	NSS_SetDomesticPolicy();
-	SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
-
-	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
-	if (cipherString) {
-	    int ndx;
-
-	    /* disable all the ciphers, then enable the ones we want. */
-	    disableAllSSLCiphers();
-
-	    while (0 != (ndx = *cipherString++)) {
-		int *cptr;
-		int  cipher;
-
-		if (! isalpha(ndx))
-		    Usage(progName);
-		cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
-		for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
-		    /* do nothing */;
-		if (cipher) {
-		    SSL_CipherPrefSetDefault(cipher, PR_TRUE);
-		}
-	    }
-	}
-
-	client_main(port, connections, hostName);
-
-	if (NSS_Shutdown() != SECSuccess) {
-            exit(1);
-        }
-	PR_Cleanup();
-	return 0;
-}
-
diff --git a/security/nss/cmd/SSLsample/client.mn b/security/nss/cmd/SSLsample/client.mn
deleted file mode 100644
index 064b7750f..000000000
--- a/security/nss/cmd/SSLsample/client.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-MODULE = nss
-
-EXPORTS = 
-
-CSRCS =  client.c \
-	sslsample.c \
-	$(NULL)
-
-PROGRAM = client
-
-IMPORTS = nss/lib/nss
-
diff --git a/security/nss/cmd/SSLsample/gencerts b/security/nss/cmd/SSLsample/gencerts
deleted file mode 100755
index 61f13e5fa..000000000
--- a/security/nss/cmd/SSLsample/gencerts
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/sh
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-# Directory for db's, use in all subsequent -d flags.
-rm -rf SampleCertDBs
-mkdir SampleCertDBs
-
-# Password to use.
-echo sample > passfile
-
-# Generate the db files, using the above password.
-certutil -N -d SampleCertDBs -f passfile
-
-# Generate the CA cert.  This cert is self-signed and only useful for
-# test purposes.  Set the trust bits to allow it to sign SSL client/server
-# certs.
-certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
-            -s "CN=My Sample Root CA, O=My Organization" \
-            -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
-            -d SampleCertDBs -f passfile
-
-# Generate the server cert.  This cert is signed by the CA cert generated
-# above.  The CN must be hostname.domain.[com|org|net|...].
-certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
-            -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
-            -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
-            -d SampleCertDBs -f passfile
-
-# Generate the client cert.  This cert is signed by the CA cert generated
-# above.
-certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
-            -s "CN=My Client Cert, O=Client Organization" \
-            -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
-            -d SampleCertDBs -f passfile
-
-# Verify the certificates.
-certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
-certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
-
-# Remove unneccessary files.
-rm -f passfile
-rm -f tempcert*
-
-# You are now ready to run your client/server!  Example command lines:
-# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
-# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com
diff --git a/security/nss/cmd/SSLsample/make.client b/security/nss/cmd/SSLsample/make.client
deleted file mode 100644
index 4bf4c40cd..000000000
--- a/security/nss/cmd/SSLsample/make.client
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include client.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-#CC = cc 
-
-
diff --git a/security/nss/cmd/SSLsample/make.server b/security/nss/cmd/SSLsample/make.server
deleted file mode 100644
index ce90a2f86..000000000
--- a/security/nss/cmd/SSLsample/make.server
+++ /dev/null
@@ -1,80 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include server.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
diff --git a/security/nss/cmd/SSLsample/server.c b/security/nss/cmd/SSLsample/server.c
deleted file mode 100644
index bf4c9075b..000000000
--- a/security/nss/cmd/SSLsample/server.c
+++ /dev/null
@@ -1,821 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/****************************************************************************
- *  SSL server program listens on a port, accepts client connection, reads  *
- *  request and responds to it                                              *
- ****************************************************************************/
-
-/* Generic header files */
-
-#include <stdio.h>
-#include <string.h>
-
-/* NSPR header files */
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "prerror.h"
-#include "prnetdb.h"
-
-/* NSS header files */
-
-#include "pk11func.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "certt.h"
-#include "nss.h"
-#include "secder.h"
-#include "key.h"
-#include "sslproto.h"
-
-/* Custom header files */
-
-#include "sslsample.h"
-
-#ifndef PORT_Sprintf
-#define PORT_Sprintf sprintf
-#endif
-
-#define REQUEST_CERT_ONCE 1
-#define REQUIRE_CERT_ONCE 2
-#define REQUEST_CERT_ALL  3
-#define REQUIRE_CERT_ALL  4
-
-/* Global variables */
-GlobalThreadMgr   threadMGR;
-char             *password = NULL;
-CERTCertificate  *cert = NULL;
-SECKEYPrivateKey *privKey = NULL;
-int               stopping;
-
-static void
-Usage(const char *progName)
-{
-	fprintf(stderr, 
-
-"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n"
-"					[-c ciphers] [-d dbdir] \n"
-"-3 means disable SSL v3\n"
-"-r means request certificate on first handshake.\n"
-"-f means require certificate on first handshake.\n"
-"-R means request certificate on all handshakes.\n"
-"-F means require certificate on all handshakes.\n"
-"-c ciphers   Letter(s) chosen from the following list\n"
-"A	  SSL2 RC4 128 WITH MD5\n"
-"B	  SSL2 RC4 128 EXPORT40 WITH MD5\n"
-"C	  SSL2 RC2 128 CBC WITH MD5\n"
-"D	  SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
-"E	  SSL2 DES 64 CBC WITH MD5\n"
-"F	  SSL2 DES 192 EDE3 CBC WITH MD5\n"
-"\n"
-"c	  SSL3 RSA WITH RC4 128 MD5\n"
-"d	  SSL3 RSA WITH 3DES EDE CBC SHA\n"
-"e	  SSL3 RSA WITH DES CBC SHA\n"
-"f	  SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g	  SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
-"i	  SSL3 RSA WITH NULL MD5\n"
-"j	  SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-"k	  SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l	  SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m	  SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
-	progName);
-	exit(1);
-}
-
-/* Function:  readDataFromSocket()
- *
- * Purpose:  Parse an HTTP request by reading data from a GET or POST.
- *
- */
-SECStatus
-readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName)
-{
-	char  *post;
-	int    numBytes = 0;
-	int    newln    = 0;  /* # of consecutive newlns */
-
-	/* Read data while it comes in from the socket. */
-	while (PR_TRUE) {
-		buffer->index = 0;
-		newln = 0;
-
-		/* Read the buffer. */
-		numBytes = PR_Read(sslSocket, &buffer->data[buffer->index], 
-		                   buffer->remaining);
-		if (numBytes <= 0) {
-			errWarn("PR_Read");
-			return SECFailure;
-		}
-		buffer->dataEnd = buffer->dataStart + numBytes;
-
-		/* Parse the input, starting at the beginning of the buffer.
-		 * Stop when we detect two consecutive \n's (or \r\n's) 
-		 * as this signifies the end of the GET or POST portion.
-		 * The posted data follows.
-		 */
-		while (buffer->index < buffer->dataEnd && newln < 2) {
-			int octet = buffer->data[buffer->index++];
-			if (octet == '\n') {
-				newln++;
-			} else if (octet != '\r') {
-				newln = 0;
-			}
-		}
-
-		/* Came to the end of the buffer, or second newline.
-		 * If we didn't get an empty line ("\r\n\r\n"), then keep on reading.
-		 */
-		if (newln < 2) 
-			continue;
-
-		/* we're at the end of the HTTP request.
-		 * If the request is a POST, then there will be one more
-		 * line of data.
-		 * This parsing is a hack, but ok for SSL test purposes.
-		 */
-		post = PORT_Strstr(buffer->data, "POST ");
-		if (!post || *post != 'P') 
-			break;
-
-		/* It's a post, so look for the next and final CR/LF. */
-		/* We should parse content length here, but ... */
-		while (buffer->index < buffer->dataEnd && newln < 3) {
-			int octet = buffer->data[buffer->index++];
-			if (octet == '\n') {
-				newln++;
-			}
-		}
-
-		if (newln == 3)
-			break;
-	}
-
-	/* Have either (a) a complete get, (b) a complete post, (c) EOF */
-
-	/*  Execute a "GET " operation. */
-	if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) {
-		int fnLength;
-
-		/* File name is the part after "GET ". */
-		fnLength = strcspn(buffer->data + 5, " \r\n");
-		*fileName = (char *)PORT_Alloc(fnLength + 1);
-		PORT_Strncpy(*fileName, buffer->data + 5, fnLength);
-		(*fileName)[fnLength] = '\0';
-	}
-
-	return SECSuccess;
-}
-
-/* Function:  authenticateSocket()
- *
- * Purpose:  Configure a socket for SSL.
- *
- *
- */
-PRFileDesc * 
-setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
-{
-	PRFileDesc *sslSocket;
-	SSLKEAType  certKEA;
-	int         certErr = 0;
-	SECStatus   secStatus;
-
-	/* Set the appropriate flags. */
-
-	sslSocket = SSL_ImportFD(NULL, tcpSocket);
-	if (sslSocket == NULL) {
-		errWarn("SSL_ImportFD");
-		goto loser;
-	}
-   
-	secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet SSL_SECURITY");
-		goto loser;
-	}
-
-	secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER");
-		goto loser;
-	}
-
-	secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, 
-	                       (requestCert >= REQUEST_CERT_ONCE));
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
-		goto loser;
-	}
-
-	secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, 
-	                       (requestCert == REQUIRE_CERT_ONCE));
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
-		goto loser;
-	}
-
-	/* Set the appropriate callback routines. */
-
-	secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate, 
-	                                    CERT_GetDefaultCertDB());
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_AuthCertificateHook");
-		goto loser;
-	}
-
-	secStatus = SSL_BadCertHook(sslSocket, 
-	                            (SSLBadCertHandler)myBadCertHandler, &certErr);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_BadCertHook");
-		goto loser;
-	}
-
-	secStatus = SSL_HandshakeCallback(sslSocket,
-	                                  myHandshakeCallback,
-									  NULL);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_HandshakeCallback");
-		goto loser;
-	}
-
-	secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_HandshakeCallback");
-		goto loser;
-	}
-
-	certKEA = NSS_FindCertKEAType(cert);
-
-	secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_ConfigSecureServer");
-		goto loser;
-	}
-
-	return sslSocket;
-
-loser:
-
-	PR_Close(tcpSocket);
-	return NULL;
-}
-
-/* Function:  authenticateSocket()
- *
- * Purpose:  Perform client authentication on the socket.
- *
- */
-SECStatus
-authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
-{
-	CERTCertificate *cert;
-	SECStatus secStatus;
-
-	/* Returns NULL if client authentication is not enabled or if the
-	 * client had no certificate. */
-	cert = SSL_PeerCertificate(sslSocket);
-	if (cert) {
-		/* Client had a certificate, so authentication is through. */
-		CERT_DestroyCertificate(cert);
-		return SECSuccess;
-	}
-
-	/* Request client to authenticate itself. */
-	secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
-		return SECFailure;
-	}
-
-	/* If desired, require client to authenticate itself.  Note
-	 * SSL_REQUEST_CERTIFICATE must also be on, as above.  */
-	secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
-		return SECFailure;
-	}
-
-	/* Having changed socket configuration parameters, redo handshake. */
-	secStatus = SSL_ReHandshake(sslSocket, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_ReHandshake");
-		return SECFailure;
-	}
-
-	/* Force the handshake to complete before moving on. */
-	secStatus = SSL_ForceHandshake(sslSocket);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_ForceHandshake");
-		return SECFailure;
-	}
-
-	return SECSuccess;
-}
-
-/* Function:  writeDataToSocket
- *
- * Purpose:  Write the client's request back to the socket.  If the client
- *           requested a file, dump it to the socket.
- *
- */
-SECStatus
-writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName)
-{
-	int headerLength;
-	int numBytes;
-	char messageBuffer[120];
-	PRFileDesc *local_file_fd = NULL;
-	char header[] = "<html><body><h1>Sample SSL server</h1><br><br>";
-	char filehd[] = "<h2>The file you requested:</h2><br>";
-	char reqhd[]  = "<h2>This is your request:</h2><br>";
-	char link[]   = "Try getting a <a HREF=\"../testfile\">file</a><br>";
-	char footer[] = "<br><h2>End of request.</h2><br></body></html>";
-
-	headerLength = PORT_Strlen(defaultHeader);
-
-	/* Write a header to the socket. */
-	numBytes = PR_Write(sslSocket, header, PORT_Strlen(header));
-	if (numBytes < 0) {
-		errWarn("PR_Write");
-		goto loser;
-	}
-
-	if (fileName) {
-		PRFileInfo  info;
-		PRStatus    prStatus;
-
-		/* Try to open the local file named.	
-		 * If successful, then write it to the client.
-		 */
-		prStatus = PR_GetFileInfo(fileName, &info);
-		if (prStatus != PR_SUCCESS ||
-		    info.type != PR_FILE_FILE ||
-		    info.size < 0) {
-			PORT_Free(fileName);
-			/* Maybe a GET not sent from client.c? */
-			goto writerequest;
-		}
-
-		local_file_fd = PR_Open(fileName, PR_RDONLY, 0);
-		if (local_file_fd == NULL) {
-			PORT_Free(fileName);
-			goto writerequest;
-		}
-
-		/* Write a header to the socket. */
-		numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd));
-		if (numBytes < 0) {
-			errWarn("PR_Write");
-			goto loser;
-		}
-
-		/* Transmit the local file prepended by the default header
-		 * across the socket.
-		 */
-		numBytes = PR_TransmitFile(sslSocket, local_file_fd, 
-		                           defaultHeader, headerLength,
-		                           PR_TRANSMITFILE_KEEP_OPEN,
-		                           PR_INTERVAL_NO_TIMEOUT);
-
-		/* Error in transmission. */
-		if (numBytes < 0) {
-			errWarn("PR_TransmitFile");
-			/*
-			i = PORT_Strlen(errString);
-			PORT_Memcpy(buf, errString, i);
-			*/
-		/* Transmitted bytes successfully. */
-		} else {
-			numBytes -= headerLength;
-			fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
-			        numBytes, fileName);
-		}
-
-		PORT_Free(fileName);
-		PR_Close(local_file_fd);
-	}
-
-writerequest:
-
-	/* Write a header to the socket. */
-	numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd));
-	if (numBytes < 0) {
-		errWarn("PR_Write");
-		goto loser;
-	}
-
-	/* Write the buffer data to the socket. */
-	if (buffer->index <= 0) {
-		/* Reached the EOF.  Report incomplete transaction to socket. */
-		PORT_Sprintf(messageBuffer,
-		             "GET or POST incomplete after %d bytes.\r\n",
-		             buffer->dataEnd);
-		numBytes = PR_Write(sslSocket, messageBuffer, 
-		                    PORT_Strlen(messageBuffer));
-		if (numBytes < 0) {
-			errWarn("PR_Write");
-			goto loser;
-		}
-	} else {
-		/* Display the buffer data. */
-		fwrite(buffer->data, 1, buffer->index, stdout);
-		/* Write the buffer data to the socket. */
-		numBytes = PR_Write(sslSocket, buffer->data, buffer->index);
-		if (numBytes < 0) {
-			errWarn("PR_Write");
-			goto loser;
-		}
-		/* Display security information for the socket. */
-		printSecurityInfo(sslSocket);
-		/* Write any discarded data out to the socket. */
-		if (buffer->index < buffer->dataEnd) {
-			PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n", 
-			             buffer->dataEnd - buffer->index);
-			numBytes = PR_Write(sslSocket, buffer->data, 
-			                    PORT_Strlen(buffer->data));
-			if (numBytes < 0) {
-				errWarn("PR_Write");
-				goto loser;
-			}
-		}
-	}
-
-	/* Write a footer to the socket. */
-	numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer));
-	if (numBytes < 0) {
-		errWarn("PR_Write");
-		goto loser;
-	}
-
-	/* Write a link to the socket. */
-	numBytes = PR_Write(sslSocket, link, PORT_Strlen(link));
-	if (numBytes < 0) {
-		errWarn("PR_Write");
-		goto loser;
-	}
-
-	/* Complete the HTTP transaction. */
-	numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9);
-	if (numBytes < 0) {
-		errWarn("PR_Write");
-		goto loser;
-	}
-
-	/* Do a nice shutdown if asked. */
-	if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
-		stopping = 1;
-	}
-	return SECSuccess;
-
-loser:
-
-	/* Do a nice shutdown if asked. */
-	if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
-		stopping = 1;
-	}
-	return SECFailure;
-}
-
-/* Function:  int handle_connection()
- *
- * Purpose:  Thread to handle a connection to a socket.
- *
- */
-SECStatus
-handle_connection(void *tcp_sock, int requestCert)
-{
-	PRFileDesc *       tcpSocket = (PRFileDesc *)tcp_sock;
-	PRFileDesc *       sslSocket = NULL;
-	SECStatus          secStatus = SECFailure;
-	PRStatus           prStatus;
-	PRSocketOptionData socketOption;
-	DataBuffer         buffer;
-	char *             fileName = NULL;
-
-	/* Initialize the data buffer. */
-	memset(buffer.data, 0, BUFFER_SIZE);
-	buffer.remaining = BUFFER_SIZE;
-	buffer.index = 0;
-	buffer.dataStart = 0;
-	buffer.dataEnd = 0;
-
-	/* Make sure the socket is blocking. */
-	socketOption.option             = PR_SockOpt_Nonblocking;
-	socketOption.value.non_blocking = PR_FALSE;
-	PR_SetSocketOption(tcpSocket, &socketOption);
-
-	sslSocket = setupSSLSocket(tcpSocket, requestCert);
-	if (sslSocket == NULL) {
-		errWarn("setupSSLSocket");
-		goto cleanup;
-	}
-
-	secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE);
-	if (secStatus != SECSuccess) {
-		errWarn("SSL_ResetHandshake");
-		goto cleanup;
-	}
-
-	/* Read data from the socket, parse it for HTTP content.
-	 * If the user is requesting/requiring authentication, authenticate
-	 * the socket.  Then write the result back to the socket.  */
-	fprintf(stdout, "\nReading data from socket...\n\n");
-	secStatus = readDataFromSocket(sslSocket, &buffer, &fileName);
-	if (secStatus != SECSuccess) {
-		goto cleanup;
-	}
-	if (requestCert >= REQUEST_CERT_ALL) {
-		fprintf(stdout, "\nAuthentication requested.\n\n");
-		secStatus = authenticateSocket(sslSocket, 
-		                               (requestCert == REQUIRE_CERT_ALL));
-		if (secStatus != SECSuccess) {
-			goto cleanup;
-		}
-	}
-
-	fprintf(stdout, "\nWriting data to socket...\n\n");
-	secStatus = writeDataToSocket(sslSocket, &buffer, fileName);
-
-cleanup:
-
-	/* Close down the socket. */
-	prStatus = PR_Close(tcpSocket);
-	if (prStatus != PR_SUCCESS) {
-		errWarn("PR_Close");
-	}
-
-	return secStatus;
-}
-
-/* Function:  int accept_connection()
- *
- * Purpose:  Thread to accept a connection to the socket.
- *
- */
-SECStatus
-accept_connection(void *listener, int requestCert)
-{
-	PRFileDesc *listenSocket = (PRFileDesc*)listener;
-	PRNetAddr   addr;
-	PRStatus    prStatus;
-
-	/* XXX need an SSL socket here? */
-	while (!stopping) {
-		PRFileDesc *tcpSocket;
-		SECStatus	result;
-
-		fprintf(stderr, "\n\n\nAbout to call accept.\n");
-
-		/* Accept a connection to the socket. */
-		tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT);
-		if (tcpSocket == NULL) {
-			errWarn("PR_Accept");
-			break;
-		}
-
-		/* Accepted the connection, now handle it. */
-		result = launch_thread(&threadMGR, handle_connection, 
-		                       tcpSocket, requestCert);
-
-		if (result != SECSuccess) {
-			prStatus = PR_Close(tcpSocket);
-			if (prStatus != PR_SUCCESS) {
-				exitErr("PR_Close");
-			}
-			break;
-		}
-	}
-
-	fprintf(stderr, "Closing listen socket.\n");
-
-	prStatus = PR_Close(listenSocket);
-	if (prStatus != PR_SUCCESS) {
-		exitErr("PR_Close");
-	}
-	return SECSuccess;
-}
-
-/* Function:  void server_main()
- *
- * Purpose:  This is the server's main function.  It configures a socket
- *			 and listens to it.
- *
- */
-void
-server_main(
-	unsigned short      port, 
-	int                 requestCert, 
-	SECKEYPrivateKey *  privKey,
-	CERTCertificate *   cert, 
-	PRBool              disableSSL3)
-{
-	SECStatus           secStatus;
-	PRStatus            prStatus;
-	PRFileDesc *        listenSocket;
-	PRNetAddr           addr;
-	PRSocketOptionData  socketOption;
-
-	/* Create a new socket. */
-	listenSocket = PR_NewTCPSocket();
-	if (listenSocket == NULL) {
-		exitErr("PR_NewTCPSocket");
-	}
-
-	/* Set socket to be blocking -
-	 * on some platforms the default is nonblocking.
-	 */
-	socketOption.option = PR_SockOpt_Nonblocking;
-	socketOption.value.non_blocking = PR_FALSE;
-
-	prStatus = PR_SetSocketOption(listenSocket, &socketOption);
-	if (prStatus != PR_SUCCESS) {
-		exitErr("PR_SetSocketOption");
-	}
-
-	/* This cipher is not on by default. The Acceptance test
-	 * would like it to be. Turn this cipher on.
-	 */
-	secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
-	if (secStatus != SECSuccess) {
-		exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
-	}
-
-	/* Configure the network connection. */
-	addr.inet.family = PR_AF_INET;
-	addr.inet.ip	 = PR_INADDR_ANY;
-	addr.inet.port	 = PR_htons(port);
-
-	/* Bind the address to the listener socket. */
-	prStatus = PR_Bind(listenSocket, &addr);
-	if (prStatus != PR_SUCCESS) {
-		exitErr("PR_Bind");
-	}
-
-	/* Listen for connection on the socket.  The second argument is
-	 * the maximum size of the queue for pending connections.
-	 */
-	prStatus = PR_Listen(listenSocket, 5);
-	if (prStatus != PR_SUCCESS) {
-		exitErr("PR_Listen");
-	}
-
-	/* Launch thread to handle connections to the socket. */
-	secStatus = launch_thread(&threadMGR, accept_connection, 
-                              listenSocket, requestCert);
-	if (secStatus != SECSuccess) {
-		PR_Close(listenSocket);
-	} else {
-		reap_threads(&threadMGR);
-		destroy_thread_data(&threadMGR);
-	}
-}
-
-/* Function: int main()
- *
- * Purpose:  Parses command arguments and configures SSL server.
- *
- */
-int
-main(int argc, char **argv)
-{
-	char *              progName      = NULL;
-	char *              nickName      = NULL;
-	char *              cipherString  = NULL;
-	char *              dir           = ".";
-	int                 requestCert   = 0;
-	unsigned short      port          = 0;
-	SECStatus           secStatus;
-	PRBool              disableSSL3   = PR_FALSE;
-	PLOptState *        optstate;
-	PLOptStatus         status;
-
-	/* Zero out the thread manager. */
-	PORT_Memset(&threadMGR, 0, sizeof(threadMGR));
-
-	progName = PL_strdup(argv[0]);
-
-	optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:");
-	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
-		switch(optstate->option) {
-		case '3': disableSSL3 = PR_TRUE;                      break;
-		case 'F': requestCert = REQUIRE_CERT_ALL;             break;
-		case 'R': requestCert = REQUEST_CERT_ALL;             break;
-		case 'c': cipherString = PL_strdup(optstate->value);  break;
-		case 'd': dir = PL_strdup(optstate->value);           break;
-		case 'f': requestCert = REQUIRE_CERT_ONCE;            break;
-		case 'n': nickName = PL_strdup(optstate->value);      break;
-		case 'p': port = PORT_Atoi(optstate->value);          break;
-		case 'r': requestCert = REQUEST_CERT_ONCE;            break;
-		case 'w': password = PL_strdup(optstate->value);      break;
-		default:
-		case '?': Usage(progName);
-		}
-	}
-
-	if (nickName == NULL || port == 0)
-		Usage(progName);
-
-	/* Call the NSPR initialization routines. */
-	PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
-	/* Set the cert database password callback. */
-	PK11_SetPasswordFunc(myPasswd);
-
-	/* Initialize NSS. */
-	secStatus = NSS_Init(dir);
-	if (secStatus != SECSuccess) {
-		exitErr("NSS_Init");
-	}
-
-	/* Set the policy for this server (REQUIRED - no default). */
-	secStatus = NSS_SetDomesticPolicy();
-	if (secStatus != SECSuccess) {
-		exitErr("NSS_SetDomesticPolicy");
-	}
-
-	/* XXX keep this? */
-	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
-	if (cipherString) {
-	    int ndx;
-
-	    /* disable all the ciphers, then enable the ones we want. */
-	    disableAllSSLCiphers();
-
-	    while (0 != (ndx = *cipherString++)) {
-		int *cptr;
-		int  cipher;
-
-		if (! isalpha(ndx))
-			Usage(progName);
-		cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
-		for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) 
-		    /* do nothing */;
-		if (cipher) {
-		    SECStatus status;
-		    status = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
-		    if (status != SECSuccess) 
-			errWarn("SSL_CipherPrefSetDefault()");
-		}
-	    }
-	}
-
-	/* Get own certificate and private key. */
-	cert = PK11_FindCertFromNickname(nickName, password);
-	if (cert == NULL) {
-		exitErr("PK11_FindCertFromNickname");
-	}
-
-	privKey = PK11_FindKeyByAnyCert(cert, password);
-	if (privKey == NULL) {
-		exitErr("PK11_FindKeyByAnyCert");
-	}
-
-	/* Configure the server's cache for a multi-process application
-	 * using default timeout values (24 hrs) and directory location (/tmp). 
-	 */
-	SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
-
-	/* Launch server. */
-	server_main(port, requestCert, privKey, cert, disableSSL3);
-
-	/* Shutdown NSS and exit NSPR gracefully. */
-	if (NSS_Shutdown() != SECSuccess) {
-            exit(1);
-        }
-	PR_Cleanup();
-	return 0;
-}
diff --git a/security/nss/cmd/SSLsample/server.mn b/security/nss/cmd/SSLsample/server.mn
deleted file mode 100644
index 2c29b587b..000000000
--- a/security/nss/cmd/SSLsample/server.mn
+++ /dev/null
@@ -1,48 +0,0 @@
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-MODULE  = nss
-
-EXPORTS = 
-
-CSRCS =  server.c	\
-	sslsample.c	\
-	$(NULL)
-
-PROGRAM  = server
-
diff --git a/security/nss/cmd/SSLsample/sslerror.h b/security/nss/cmd/SSLsample/sslerror.h
deleted file mode 100644
index aa64dc4d6..000000000
--- a/security/nss/cmd/SSLsample/sslerror.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include <stdio.h>
-#include <string.h>
-#include "nspr.h"
-
-struct tuple_str {
-    PRErrorCode	 errNum;
-    const char * errString;
-};
-
-typedef struct tuple_str tuple_str;
-
-#define ER2(a,b)   {a, b},
-#define ER3(a,b,c) {a, c},
-
-#include "secerr.h"
-#include "sslerr.h"
-
-const tuple_str errStrings[] = {
-
-/* keep this list in asceding order of error numbers */
-#include "SSLerrs.h"
-#include "SECerrs.h"
-#include "NSPRerrs.h"
-
-};
-
-const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
-
-/* Returns a UTF-8 encoded constant error string for "errNum".
- * Returns NULL of errNum is unknown.
- */
-const char *
-SSL_Strerror(PRErrorCode errNum) {
-    PRInt32 low  = 0;
-    PRInt32 high = numStrings - 1;
-    PRInt32 i;
-    PRErrorCode num;
-    static int initDone;
-
-    /* make sure table is in ascending order.
-     * binary search depends on it.
-     */
-    if (!initDone) {
-	PRErrorCode lastNum = (PRInt32)0x80000000;
-    	for (i = low; i <= high; ++i) {
-	    num = errStrings[i].errNum;
-	    if (num <= lastNum) {
-	    	fprintf(stderr, 
-"sequence error in error strings at item %d\n"
-"error %d (%s)\n"
-"should come after \n"
-"error %d (%s)\n",
-		        i, lastNum, errStrings[i-1].errString, 
-			num, errStrings[i].errString);
-	    }
-	    lastNum = num;
-	}
-	initDone = 1;
-    }
-
-    /* Do binary search of table. */
-    while (low + 1 < high) {
-    	i = (low + high) / 2;
-	num = errStrings[i].errNum;
-	if (errNum == num) 
-	    return errStrings[i].errString;
-        if (errNum < num)
-	    high = i;
-	else 
-	    low = i;
-    }
-    if (errNum == errStrings[low].errNum)
-    	return errStrings[low].errString;
-    if (errNum == errStrings[high].errNum)
-    	return errStrings[high].errString;
-    return NULL;
-}
diff --git a/security/nss/cmd/SSLsample/sslsample.c b/security/nss/cmd/SSLsample/sslsample.c
deleted file mode 100644
index ebe714981..000000000
--- a/security/nss/cmd/SSLsample/sslsample.c
+++ /dev/null
@@ -1,593 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "sslsample.h"
-#include "sslerror.h"
-
-/* Declare SSL cipher suites. */
-
-int ssl2CipherSuites[] = {
-	SSL_EN_RC4_128_WITH_MD5,              /* A */
-	SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
-	SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
-	SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
-	SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
-	SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
-	0
-};
-
-int ssl3CipherSuites[] = {
-	-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  a */
-	-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
-	SSL_RSA_WITH_RC4_128_MD5,               /* c */
-	SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
-	SSL_RSA_WITH_DES_CBC_SHA,               /* e */
-	SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
-	SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
-	-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,   * h */
-	SSL_RSA_WITH_NULL_MD5,                  /* i */
-	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
-	SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
-	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
-	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
-	0
-};
-
-/**************************************************************************
-** 
-** SSL callback routines.
-**
-**************************************************************************/
-
-/* Function: char * myPasswd()
- * 
- * Purpose: This function is our custom password handler that is called by
- * SSL when retreiving private certs and keys from the database. Returns a
- * pointer to a string that with a password for the database. Password pointer
- * should point to dynamically allocated memory that will be freed later.
- */
-char *
-myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
-{
-	char * passwd = NULL;
-
-	if ( (!retry) && arg ) {
-		passwd = PORT_Strdup((char *)arg);
-	}
-
-	return passwd;
-}
-
-/* Function: SECStatus myAuthCertificate()
- *
- * Purpose: This function is our custom certificate authentication handler.
- * 
- * Note: This implementation is essentially the same as the default 
- *       SSL_AuthCertificate().
- */
-SECStatus 
-myAuthCertificate(void *arg, PRFileDesc *socket, 
-                  PRBool checksig, PRBool isServer) 
-{
-
-	SECCertUsage        certUsage;
-	CERTCertificate *   cert;
-	void *              pinArg;
-	char *              hostName;
-	SECStatus           secStatus;
-
-	if (!arg || !socket) {
-		errWarn("myAuthCertificate");
-		return SECFailure;
-	}
-
-	/* Define how the cert is being used based upon the isServer flag. */
-
-	certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
-
-	cert = SSL_PeerCertificate(socket);
-	
-	pinArg = SSL_RevealPinArg(socket);
-
-	secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
-	                               cert,
-	                               checksig,
-	                               certUsage,
-	                               pinArg);
-
-	/* If this is a server, we're finished. */
-	if (isServer || secStatus != SECSuccess) {
-		CERT_DestroyCertificate(cert);
-		return secStatus;
-	}
-
-	/* Certificate is OK.  Since this is the client side of an SSL
-	 * connection, we need to verify that the name field in the cert
-	 * matches the desired hostname.  This is our defense against
-	 * man-in-the-middle attacks.
-	 */
-
-	/* SSL_RevealURL returns a hostName, not an URL. */
-	hostName = SSL_RevealURL(socket);
-
-	if (hostName && hostName[0]) {
-		secStatus = CERT_VerifyCertName(cert, hostName);
-	} else {
-		PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
-		secStatus = SECFailure;
-	}
-
-	if (hostName)
-		PR_Free(hostName);
-
-	CERT_DestroyCertificate(cert);
-	return secStatus;
-}
-
-/* Function: SECStatus myBadCertHandler()
- *
- * Purpose: This callback is called when the incoming certificate is not
- * valid. We define a certain set of parameters that still cause the
- * certificate to be "valid" for this session, and return SECSuccess to cause
- * the server to continue processing the request when any of these conditions
- * are met. Otherwise, SECFailure is return and the server rejects the 
- * request.
- */
-SECStatus 
-myBadCertHandler(void *arg, PRFileDesc *socket) 
-{
-
-    SECStatus	secStatus = SECFailure;
-    PRErrorCode	err;
-
-    /* log invalid cert here */
-
-    if (!arg) {
-		return secStatus;
-    }
-
-    *(PRErrorCode *)arg = err = PORT_GetError();
-
-    /* If any of the cases in the switch are met, then we will proceed   */
-    /* with the processing of the request anyway. Otherwise, the default */	
-    /* case will be reached and we will reject the request.              */
-
-    switch (err) {
-    case SEC_ERROR_INVALID_AVA:
-    case SEC_ERROR_INVALID_TIME:
-    case SEC_ERROR_BAD_SIGNATURE:
-    case SEC_ERROR_EXPIRED_CERTIFICATE:
-    case SEC_ERROR_UNKNOWN_ISSUER:
-    case SEC_ERROR_UNTRUSTED_CERT:
-    case SEC_ERROR_CERT_VALID:
-    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
-    case SEC_ERROR_CRL_EXPIRED:
-    case SEC_ERROR_CRL_BAD_SIGNATURE:
-    case SEC_ERROR_EXTENSION_VALUE_INVALID:
-    case SEC_ERROR_CA_CERT_INVALID:
-    case SEC_ERROR_CERT_USAGES_INVALID:
-    case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
-		secStatus = SECSuccess;
-	break;
-    default:
-		secStatus = SECFailure;
-	break;
-    }
-
-	printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err));
-
-    return secStatus;
-}
-
-/* Function: SECStatus ownGetClientAuthData()
- *
- * Purpose: This callback is used by SSL to pull client certificate 
- * information upon server request.
- */
-SECStatus 
-myGetClientAuthData(void *arg,
-                    PRFileDesc *socket,
-                    struct CERTDistNamesStr *caNames,
-                    struct CERTCertificateStr **pRetCert,
-                    struct SECKEYPrivateKeyStr **pRetKey) 
-{
-
-    CERTCertificate *  cert;
-    SECKEYPrivateKey * privKey;
-    char *             chosenNickName = (char *)arg;
-    void *             proto_win      = NULL;
-    SECStatus          secStatus      = SECFailure;
-
-    proto_win = SSL_RevealPinArg(socket);
-
-    if (chosenNickName) {
-		cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
-		if (cert) {
-		    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
-		    if (privKey) {
-				secStatus = SECSuccess;
-		    } else {
-				CERT_DestroyCertificate(cert);
-		    }
-		}
-    } else { /* no nickname given, automatically find the right cert */
-	CERTCertNicknames *names;
-	int                i;
-
-	names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), 
-				      SEC_CERT_NICKNAMES_USER, proto_win);
-
-	if (names != NULL) {
-	    for(i = 0; i < names->numnicknames; i++ ) {
-
-		cert = PK11_FindCertFromNickname(names->nicknames[i], 
-						 proto_win);
-		if (!cert) {
-		    continue;
-		}
-
-		/* Only check unexpired certs */
-		if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
-		      != secCertTimeValid ) {
-		    CERT_DestroyCertificate(cert);
-		    continue;
-		}
-
-		secStatus = NSS_CmpCertChainWCANames(cert, caNames);
-		if (secStatus == SECSuccess) {
-		    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
-		    if (privKey) {
-			break;
-		    }
-		    secStatus = SECFailure;
-		    break;
-		}
-	    } /* for loop */
-	    CERT_FreeNicknames(names);
-	}
-    }
-
-    if (secStatus == SECSuccess) {
-		*pRetCert = cert;
-		*pRetKey  = privKey;
-    }
-
-    return secStatus;
-}
-
-/* Function: SECStatus myHandshakeCallback()
- *
- * Purpose: Called by SSL to inform application that the handshake is
- * complete. This function is mostly used on the server side of an SSL
- * connection, although it is provided for a client as well.
- * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake 
- * is used to initiate a handshake.
- *
- * A typical scenario would be:
- *
- * 1. Server accepts an SSL connection from the client without client auth.
- * 2. Client sends a request.
- * 3. Server determines that to service request it needs to authenticate the
- * client and initiates another handshake requesting client auth.
- * 4. While handshake is in progress, server can do other work or spin waiting
- * for the handshake to complete.
- * 5. Server is notified that handshake has been successfully completed by
- * the custom handshake callback function and it can service the client's
- * request.
- *
- * Note: This function is not implemented in this sample, as we are using
- * blocking sockets.
- */
-void
-myHandshakeCallback(PRFileDesc *socket, void *arg) 
-{
-    printf("Handshake has completed, ready to send data securely.\n");
-}
-
-
-/**************************************************************************
-** 
-** Routines for disabling SSL ciphers.
-**
-**************************************************************************/
-
-void
-disableAllSSLCiphers(void)
-{
-    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
-    int             i            = SSL_NumImplementedCiphers;
-    SECStatus       rv;
-
-    /* disable all the SSL3 cipher suites */
-    while (--i >= 0) {
-	PRUint16 suite = cipherSuites[i];
-        rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
-	if (rv != SECSuccess) {
-	    printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
-	    	   suite, i);
-	    errWarn("SSL_CipherPrefSetDefault");
-	    exit(2);
-	}
-    }
-}
-
-/**************************************************************************
-** 
-** Error and information routines.
-**
-**************************************************************************/
-
-void
-errWarn(char *function)
-{
-	PRErrorCode  errorNumber = PR_GetError();
-	const char * errorString = SSL_Strerror(errorNumber);
-
-	printf("Error in function %s: %d\n - %s\n",
-			function, errorNumber, errorString);
-}
-
-void
-exitErr(char *function)
-{
-	errWarn(function);
-	/* Exit gracefully. */
-	/* ignoring return value of NSS_Shutdown as code exits with 1*/
-	(void) NSS_Shutdown();
-	PR_Cleanup();
-	exit(1);
-}
-
-void 
-printSecurityInfo(PRFileDesc *fd)
-{
-	char * cp;	/* bulk cipher name */
-	char * ip;	/* cert issuer DN */
-	char * sp;	/* cert subject DN */
-	int    op;	/* High, Low, Off */
-	int    kp0;	/* total key bits */
-	int    kp1;	/* secret key bits */
-	int    result;
-	SSL3Statistics * ssl3stats = SSL_GetStatistics();
-
-	result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
-	if (result != SECSuccess)
-		return;
-	printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
-		   "subject DN: %s\n"
-	   "issuer	DN: %s\n", cp, kp1, kp0, op, sp, ip);
-	PR_Free(cp);
-	PR_Free(ip);
-	PR_Free(sp);
-
-	printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
-		ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
-	ssl3stats->hch_sid_cache_not_ok);
-
-}
-
-
-/**************************************************************************
-** Begin thread management routines and data.
-**************************************************************************/
-
-void
-thread_wrapper(void * arg)
-{
-	GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
-	perThread *slot = &threadMGR->threads[threadMGR->index];
-
-	/* wait for parent to finish launching us before proceeding. */
-	PR_Lock(threadMGR->threadLock);
-	PR_Unlock(threadMGR->threadLock);
-
-	slot->rv = (* slot->startFunc)(slot->a, slot->b);
-
-	PR_Lock(threadMGR->threadLock);
-	slot->running = rs_zombie;
-
-	/* notify the thread exit handler. */
-	PR_NotifyCondVar(threadMGR->threadEndQ);
-
-	PR_Unlock(threadMGR->threadLock);
-}
-
-SECStatus
-launch_thread(GlobalThreadMgr *threadMGR,
-              startFn         *startFunc,
-              void            *a,
-              int              b)
-{
-	perThread *slot;
-	int        i;
-
-	if (!threadMGR->threadStartQ) {
-		threadMGR->threadLock   = PR_NewLock();
-		threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
-		threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
-	}
-	PR_Lock(threadMGR->threadLock);
-	while (threadMGR->numRunning >= MAX_THREADS) {
-		PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
-	}
-	for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running == rs_idle) 
-			break;
-	}
-	if (i >= threadMGR->numUsed) {
-		if (i >= MAX_THREADS) {
-			/* something's really wrong here. */
-			PORT_Assert(i < MAX_THREADS);
-			PR_Unlock(threadMGR->threadLock);
-			return SECFailure;
-		}
-		++(threadMGR->numUsed);
-		PORT_Assert(threadMGR->numUsed == i + 1);
-		slot = &threadMGR->threads[i];
-	}
-
-	slot->a = a;
-	slot->b = b;
-	slot->startFunc = startFunc;
-
-	threadMGR->index = i;
-
-	slot->prThread = PR_CreateThread(PR_USER_THREAD,
-	                                 thread_wrapper, threadMGR,
-	                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-	                                 PR_JOINABLE_THREAD, 0);
-
-	if (slot->prThread == NULL) {
-		PR_Unlock(threadMGR->threadLock);
-		printf("Failed to launch thread!\n");
-		return SECFailure;
-	} 
-
-	slot->inUse   = 1;
-	slot->running = 1;
-	++(threadMGR->numRunning);
-	PR_Unlock(threadMGR->threadLock);
-	printf("Launched thread in slot %d \n", threadMGR->index);
-
-	return SECSuccess;
-}
-
-SECStatus 
-reap_threads(GlobalThreadMgr *threadMGR)
-{
-	perThread * slot;
-	int			i;
-
-	if (!threadMGR->threadLock)
-		return 0;
-	PR_Lock(threadMGR->threadLock);
-	while (threadMGR->numRunning > 0) {
-	    PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
-	    for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running == rs_zombie)  {
-		    /* Handle cleanup of thread here. */
-		    printf("Thread in slot %d returned %d\n", i, slot->rv);
-
-		    /* Now make sure the thread has ended OK. */
-		    PR_JoinThread(slot->prThread);
-		    slot->running = rs_idle;
-		    --threadMGR->numRunning;
-
-		    /* notify the thread launcher. */
-		    PR_NotifyCondVar(threadMGR->threadStartQ);
-		}
-	    }
-	}
-
-	/* Safety Sam sez: make sure count is right. */
-	for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running != rs_idle)  {
-			fprintf(stderr, "Thread in slot %d is in state %d!\n", 
-			                 i, slot->running);
-		}
-	}
-	PR_Unlock(threadMGR->threadLock);
-	return 0;
-}
-
-void
-destroy_thread_data(GlobalThreadMgr *threadMGR)
-{
-	PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
-
-	if (threadMGR->threadEndQ) {
-		PR_DestroyCondVar(threadMGR->threadEndQ);
-		threadMGR->threadEndQ = NULL;
-	}
-	if (threadMGR->threadStartQ) {
-		PR_DestroyCondVar(threadMGR->threadStartQ);
-		threadMGR->threadStartQ = NULL;
-	}
-	if (threadMGR->threadLock) {
-		PR_DestroyLock(threadMGR->threadLock);
-		threadMGR->threadLock = NULL;
-	}
-}
-
-/**************************************************************************
-** End	 thread management routines.
-**************************************************************************/
-
-void 
-lockedVars_Init( lockedVars * lv)
-{
-	lv->count	= 0;
-	lv->waiters = 0;
-	lv->lock	= PR_NewLock();
-	lv->condVar = PR_NewCondVar(lv->lock);
-}
-
-void
-lockedVars_Destroy( lockedVars * lv)
-{
-	PR_DestroyCondVar(lv->condVar);
-	lv->condVar = NULL;
-
-	PR_DestroyLock(lv->lock);
-	lv->lock = NULL;
-}
-
-void
-lockedVars_WaitForDone(lockedVars * lv)
-{
-	PR_Lock(lv->lock);
-	while (lv->count > 0) {
-		PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
-	}
-	PR_Unlock(lv->lock);
-}
-
-int	/* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
-{
-	int rv;
-
-	PR_Lock(lv->lock);
-	rv = lv->count += addend;
-	if (rv <= 0) {
-	PR_NotifyCondVar(lv->condVar);
-	}
-	PR_Unlock(lv->lock);
-	return rv;
-}
diff --git a/security/nss/cmd/SSLsample/sslsample.h b/security/nss/cmd/SSLsample/sslsample.h
deleted file mode 100644
index 2146aacb9..000000000
--- a/security/nss/cmd/SSLsample/sslsample.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef SSLSAMPLE_H
-#define SSLSAMPLE_H
-
-/* Generic header files */
-
-#include <stdio.h>
-#include <string.h>
-
-/* NSPR header files */
-
-#include "nspr.h"
-#include "prerror.h"
-#include "prnetdb.h"
-
-/* NSS header files */
-
-#include "pk11func.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "certt.h"
-#include "nss.h"
-#include "secder.h"
-#include "key.h"
-#include "sslproto.h"
-
-/* Custom header files */
-
-/*
-#include "sslerror.h"
-*/
-
-#define BUFFER_SIZE 10240
-
-/* Declare SSL cipher suites. */
-
-extern int cipherSuites[];
-extern int ssl2CipherSuites[];
-extern int ssl3CipherSuites[];
-
-/* Data buffer read from a socket. */
-typedef struct DataBufferStr {
-	char data[BUFFER_SIZE];
-	int  index;
-	int  remaining;
-	int  dataStart;
-	int  dataEnd;
-} DataBuffer;
-
-/* SSL callback routines. */
-
-char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
-
-SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
-                            PRBool checksig, PRBool isServer);
-
-SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
-
-void myHandshakeCallback(PRFileDesc *socket, void *arg);
-
-SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
-                              struct CERTDistNamesStr *caNames,
-                              struct CERTCertificateStr **pRetCert,
-                              struct SECKEYPrivateKeyStr **pRetKey);
-
-/* Disable all v2/v3 SSL ciphers. */
-
-void disableAllSSLCiphers(void);
-
-
-/* Error and information utilities. */
-
-void errWarn(char *function);
-
-void exitErr(char *function);
-
-void printSecurityInfo(PRFileDesc *fd);
-
-/* Some simple thread management routines. */
-
-#define MAX_THREADS 32
-
-typedef SECStatus startFn(void *a, int b);
-
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
-
-typedef struct perThreadStr {
-	PRFileDesc *a;
-	int         b;
-	int         rv;
-	startFn    *startFunc;
-	PRThread   *prThread;
-	PRBool      inUse;
-	runState    running;
-} perThread;
-
-typedef struct GlobalThreadMgrStr {
-	PRLock	  *threadLock;
-	PRCondVar *threadStartQ;
-	PRCondVar *threadEndQ;
-	perThread  threads[MAX_THREADS];
-	int        index;
-	int        numUsed;
-	int        numRunning;
-} GlobalThreadMgr;
-
-void thread_wrapper(void * arg);
-
-SECStatus launch_thread(GlobalThreadMgr *threadMGR, 
-                        startFn *startFunc, void *a, int b);
-
-SECStatus reap_threads(GlobalThreadMgr *threadMGR);
-
-void destroy_thread_data(GlobalThreadMgr *threadMGR);
-
-/* Management of locked variables. */
-
-struct lockedVarsStr {
-	PRLock *    lock;
-	int         count;
-	int         waiters;
-	PRCondVar * condVar;
-};
-
-typedef struct lockedVarsStr lockedVars;
-
-void lockedVars_Init(lockedVars *lv);
-
-void lockedVars_Destroy(lockedVars *lv);
-
-void lockedVars_WaitForDone(lockedVars *lv);
-
-int lockedVars_AddToCount(lockedVars *lv, int addend);
-
-/* Buffer stuff. */
-
-static const char stopCmd[] = { "GET /stop " };
-static const char defaultHeader[] = {
-	"HTTP/1.0 200 OK\r\n"
-	"Server: SSL sample server\r\n"
-	"Content-type: text/plain\r\n"
-	"\r\n"
-};
-
-#endif
diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn
index 88ef9f7f4..d1b83e595 100644
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -72,7 +72,6 @@ DIRS = lib  \
  signver \
  shlibsign \
  smimetools  \
- SSLsample \
  ssltap  \
  strsclnt \
  symkeyutil \