diff options
| author | cvs2hg <devnull@localhost> | 2007-04-26 09:09:19 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2007-04-26 09:09:19 +0000 |
| commit | e6a315a08c0196d10b379fbc6b2af896603b2c56 (patch) | |
| tree | b62c629fad5d551869ab1bcc97e3ab814097a612 | |
| parent | eb80f08d1c38cd2795aeec05189f15d55ffb8fb0 (diff) | |
| parent | ae6e945fbd7e4077507213a52b743e899f2d3ea6 (diff) | |
| download | nss-hg-e6a315a08c0196d10b379fbc6b2af896603b2c56.tar.gz | |
fixup commit for tag 'MOZILLA_1_9a5_RC2'MOZILLA_1_9a5_RC2
| -rw-r--r-- | security/nss/tests/iopr/cert_iopr.sh | 420 | ||||
| -rw-r--r-- | security/nss/tests/iopr/ocsp_iopr.sh | 218 | ||||
| -rw-r--r-- | security/nss/tests/iopr/ssl_iopr.sh | 666 | ||||
| -rw-r--r-- | security/nss/tests/ocsp/ocsp.sh | 82 |
4 files changed, 0 insertions, 1386 deletions
diff --git a/security/nss/tests/iopr/cert_iopr.sh b/security/nss/tests/iopr/cert_iopr.sh deleted file mode 100644 index f3e4f6b48..000000000 --- a/security/nss/tests/iopr/cert_iopr.sh +++ /dev/null @@ -1,420 +0,0 @@ -#! /bin/sh -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -######################################################################## -# -# mozilla/security/nss/tests/iopr/cert_iopr.sh -# -# Certificate generating and handeling for NSS interoperability QA. This file -# is included from cert.sh -# -# needs to work on all Unix and Windows platforms -# -# special strings -# --------------- -# FIXME ... known problems, search for this string -# NOTE .... unexpected behavior -# -# FIXME - Netscape - NSS -######################################################################## - -IOPR_CERT_SOURCED=1 - -######################################################################## -# function wraps calls to pk12util, also: writes action and options -# to stdout. -# Params are the same as to pk12util. -# Returns pk12util status -# -pk12u() -{ - echo "${CU_ACTION} --------------------------" - - echo "pk12util $@" - pk12util $@ - RET=$? - - return $RET -} - -######################################################################## -# Initializes nss db directory and files if they don't exists -# Params: -# $1 - directory location -# -createDBDir() { - trgDir=$1 - - if [ -z "`ls $trgDir | grep db`" ]; then - CU_ACTION="Initializing DB at $dir" - certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1 - if [ "$RET" -ne 0 ]; then - return $RET - fi - fi -} -######################################################################## -# takes care of downloading config, cert and crl files from remote -# location. -# Params: -# $1 - name of the host file will be downloaded from -# $2 - path to the file as it appeared in url -# $3 - target directory the file will be saved at. -# Returns tstclnt status. -# -download_file() { - host=$1 - filePath=$2 - trgDir=$3 - - file=$trgDir/`basename $filePath` - - createDBDir $trgDir || return $RET - -# echo wget -O $file http://${host}${filePath} -# wget -O $file http://${host}${filePath} -# ret=$? - - req=$file.$$ - echo "GET $filePath HTTP/1.0" > $req - echo >> $req - - tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \ - -w ${R_PWFILE} -o < $req > $file - ret=$? - rm -f $_tmp; - return $ret -} - -######################################################################## -# Uses pk12util, certutil of cerlutil to import files to an nss db located -# at <dir>(the value of $1 parameter). Chooses a utility to use based on -# a file extension. Initializing a db if it does not exists. -# Params: -# $1 - db location directory -# $2 - file name to import -# $3 - nick name an object in the file will be associated with -# $4 - trust arguments -# Returns status of import -# -importFile() { - dir=$1\ - file=$2 - certName=$3 - certTrust=$4 - - [ ! -d $dir ] && mkdir -p $dir; - - createDBDir $dir || return $RET - - case `basename $file | sed 's/^.*\.//'` in - p12) - CU_ACTION="Importing p12 $file to DB at $dir" - pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr - [ $? -ne 0 ] && return 1 - CU_ACTION="Modifying trust for cert $certName at $dir" - certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" - return $? - ;; - - crl) - CU_ACTION="Importing crl $file to DB at $dir" - crlu -d ${dir} -I -n TestCA -i $file - return $? - ;; - - crt | cert) - CU_ACTION="Importing cert $certName with trust $certTrust to $dir" - certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \ - -i "$file" - return $? - ;; - - *) - echo "Unknown file extension: $file:" - return 1 - ;; - esac -} - - -######################################################################### -# Downloads and installs test certs and crl from a remote webserver. -# Generates server cert for reverse testing if reverse test run is turned on. -# Params: -# $1 - host name to download files from. -# $2 - directory at which CA cert will be installed and used for -# signing a server cert. -# $3 - path to a config file in webserver context. -# $4 - ssl server db location -# $5 - ssl client db location -# $5 - ocsp client db location -# -# Returns 0 upon success, otherwise, failed command error code. -# -download_install_certs() { - host=$1 - caDir=$2 - confPath=$3 - sslServerDir=$4 - sslClientDir=$5 - ocspClientDir=$6 - - [ ! -d "$caDir" ] && mkdir -p $caDir; - - #======================================================= - # Getting config file - # - download_file $host "$confPath/iopr_server.cfg" $caDir - RET=$? - if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then - html_failed "<TR><TD>Fail to download website config file(ws: $host)" - return 1 - fi - - . $caDir/iopr_server.cfg - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to source config file(ws: $host)" - return $RET - fi - - #======================================================= - # Getting CA file - # - - #----------------- !!!WARNING!!! ----------------------- - # Do NOT copy this scenario. CA should never accompany its - # cert with the private key when deliver cert to a customer. - #----------------- !!!WARNING!!! ----------------------- - - download_file $host $certDir/$caCertName.p12 $caDir - RET=$? - if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then - html_failed "<TR><TD>Fail to download $caCertName cert(ws: $host)" - return 1 - fi - tmpFiles="$caDir/$caCertName.p12" - - importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C" - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import $caCertName cert to CA DB(ws: $host)" - return $RET - fi - - CU_ACTION="Exporting Root CA cert(ws: $host)" - certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert - if [ "$RET" -ne 0 ]; then - Exit 7 "Fatal - failed to export $caCertName cert" - fi - - #======================================================= - # Check what tests we want to run - # - doSslTests=0; doOcspTests=0 - # XXX remove "_new" from variables below - [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1 - [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1 - - if [ $doSslTests -eq 1 ]; then - if [ "$reverseRunCGIScript" ]; then - [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir; - #======================================================= - # Import CA cert to server DB - # - importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \ - "TC,C,C" - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import server-client-CA cert to \ - server DB(ws: $host)" - return $RET - fi - - #======================================================= - # Creating server cert - # - CERTNAME=$HOSTADDR - - CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \ - L=Mountain View, ST=California, C=US" - certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\ - -o $sslServerDir/req 2>&1 - tmpFiles="$tmpFiles $sslServerDir/req" - - - CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)" - certu -C -c "$caCertName" -m `date +"%s"` -v 60 -d "${caDir}" \ - -i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \ - -f "${R_PWFILE}" 2>&1 - - importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",," - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import $CERTNAME cert to server\ - DB(ws: $host)" - return $RET - fi - tmpFiles="$tmpFiles $caDir/$CERTNAME.cert" - - #======================================================= - # Download and import CA crl to server DB - # - download_file $host "$certDir/$caCrlName.crl" $sslServerDir - RET=$? - if [ $? -ne 0 ]; then - html_failed "<TR><TD>Fail to download $caCertName crl\ - (ws: $host)" - return $RET - fi - tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl" - - importFile $sslServerDir $sslServerDir/TestCA.crl - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import TestCA crt to server\ - DB(ws: $host)" - return $RET - fi - fi # if [ "$reverseRunCGIScript" ] - - [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir; - #======================================================= - # Import CA cert to ssl client DB - # - importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \ - "TC,C,C" - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import server-client-CA cert to \ - server DB(ws: $host)" - return $RET - fi - fi - - if [ $doOcspTests -eq 1 ]; then - [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir; - #======================================================= - # Import CA cert to ocsp client DB - # - importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \ - "TC,C,C" - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import server-client-CA cert to \ - server DB(ws: $host)" - return $RET - fi - fi - - #======================================================= - # Import client certs to client DB - # - for fileName in $downloadFiles; do - certName=`echo $fileName | sed 's/\..*//'` - - if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then - clientDir=$ocspClientDir - elif [ $doSslTests -eq 1 ]; then - clientDir=$sslClientDir - else - continue - fi - - download_file $host "$certDir/$fileName" $clientDir - RET=$? - if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then - html_failed "<TR><TD>Fail to download $certName cert(ws: $host)" - return $RET - fi - tmpFiles="$tmpFiles $clientDir/$fileName" - - importFile $clientDir $clientDir/$fileName $certName ",," - RET=$? - if [ $RET -ne 0 ]; then - html_failed "<TR><TD>Fail to import $certName cert to client DB\ - (ws: $host)" - return $RET - fi - done - - rm -f $tmpFiles - - return 0 -} - - -######################################################################### -# Initial point for downloading config, cert, crl files for multiple hosts -# involved in interoperability testing. Called from nss/tests/cert/cert.sh -# It will only proceed with downloading if environment variable -# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space. -# -# Returns 1 if interoperability testing is off, 0 otherwise. -# -cert_iopr_setup() { - - if [ "$IOPR" -ne 1 ]; then - return 1 - fi - num=1 - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '` - while [ "$IOPR_HOST_PARAM" ]; do - IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` - IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` - [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443 - IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'` - [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr" - - echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\ - $IOPR_CONF_PATH" - - download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \ - ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \ - ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \ - ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} - if [ $? -ne 0 ]; then - echo "wsFlags=\"NOIOPR $wsParam\"" >> \ - ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg - fi - num=`expr $num + 1` - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` - done - - return 0 -} diff --git a/security/nss/tests/iopr/ocsp_iopr.sh b/security/nss/tests/iopr/ocsp_iopr.sh deleted file mode 100644 index 2aadb06e4..000000000 --- a/security/nss/tests/iopr/ocsp_iopr.sh +++ /dev/null @@ -1,218 +0,0 @@ -#! /bin/sh -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -######################################################################## -# -# mozilla/security/nss/tests/iopr/ocsp_iopr.sh -# -# NSS SSL interoperability QA. This file is included from ssl.sh -# -# needs to work on all Unix and Windows platforms -# -# special strings -# --------------- -# FIXME ... known problems, search for this string -# NOTE .... unexpected behavior -# -# FIXME - Netscape - NSS -######################################################################## -IOPR_OCSP_SOURCED=1 - -######################################################################## -# The funtion works with variables defined in interoperability -# configuration file that gets downloaded from a webserver. -# The function sets test parameters defind for a particular type -# of testing. -# -# No return value -# -setTestParam() { - type=$1 - testParam=`eval 'echo $'${type}Param` - testDescription=`eval 'echo $'${type}Descr` - testProto=`eval 'echo $'${type}Proto` - testPort=`eval 'echo $'${type}Port` - testResponder=`eval 'echo $'${type}ResponderCert` - testValidCertNames=`eval 'echo $'${type}ValidCertNames` - testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames` - testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames` -} - -######################################################################## -# The funtion checks status of a cert using ocspclnt. -# Params: -# dbDir - nss cert db location -# cert - cert in question -# respUrl - responder url is available -# defRespCert - trusted responder cert -# -# Return values: -# 0 - test passed, 1 - otherwise. -# -ocsp_get_cert_status() { - dbDir=$1 - cert=$2 - respUrl=$3 - defRespCert=$4 - - if [ -n "$respUrl" -o -n "$defRespCert" ]; then - if [ -z "$respUrl" -o -z "$defRespCert" ]; then - html_failed "<TR><TD>Incorrect test params" - return 1 - fi - clntParam="-l $respUrl -t $defRespCert" - fi - - outFile=$dbDir/ocsptest.out.$$ - echo "ocspclnt -d $dbDir -S $cert $clntParam" - ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1 - ret=$? - echo "ocspclnt output:" - cat $outFile - [ -z "`grep succeeded $outFile`" ] && ret=1 - - rm -f $outFile - return $ret -} - -######################################################################## -# The funtion checks status of a cert using ocspclnt. -# Params: -# testType - type of the test based on type of used responder -# servName - FQDM of the responder server -# dbDir - nss cert db location -# -# No return value -# -ocsp_iopr() { - testType=$1 - servName=$2 - dbDir=$3 - - setTestParam $testType - if [ "`echo $testParam | grep NOCOV`" != "" ]; then - echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \ - "run by server configuration" - return 0 - fi - - html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \ - "Test Type: $testDescription" - - if [ -n "$testResponder" ]; then - responderUrl="$testProto://$servName:$testPort" - else - responderUrl="" - fi - - for certName in $testValidCertNames; do - ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder" - html_msg $? 0 "Getting status of a valid cert ($certName)" \ - "produced a returncode of $ret, expected is 0." - done - - for certName in $testRevokedCertNames; do - ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder" - html_msg $? 1 "Getting status of a unvalid cert ($certName)" \ - "produced a returncode of $ret, expected is 1." - done - - for certName in $testStatUnknownCertNames; do - ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder" - html_msg $? 1 "Getting status of a cert with unknown status " \ - "($certName) produced a returncode of $ret, expected is 1." - done -} - - -##################################################################### -# Initial point for running ocsp test againt multiple hosts involved in -# interoperability testing. Called from nss/tests/ocsp/ocsp.sh -# It will only proceed with test run for a specific host if environment variable -# IOPR_HOSTADDR_LIST was set, had the host name in the list -# and all needed file were successfully downloaded and installed for the host. -# -# Returns 1 if interoperability testing is off, 0 otherwise. -# -ocsp_iopr_run() { - NO_ECC_CERTS=1 # disable ECC for interoperability tests - - if [ "$IOPR" -ne 1 ]; then - return 1 - fi - cd ${CLIENTDIR} - - num=1 - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` - while [ "$IOPR_HOST_PARAM" ]; do - IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` - IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` - [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443 - - . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg - RES=$? - - num=`expr $num + 1` - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` - - if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then - continue - fi - - #======================================================= - # Check what server is configured to run ssl tests - # - [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue; - - # Testing directories defined by webserver. - echo "Testing ocsp interoperability. - Client: local(tstclnt). - Responder: remote($IOPR_HOSTADDR)" - - for ocspTestType in ${supportedTests_new}; do - if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then - continue - fi - ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \ - ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} - done - echo "================================================" - echo "Done testing ocsp interoperability with $IOPR_HOSTADDR" - done - NO_ECC_CERTS=0 - return 0 -} - diff --git a/security/nss/tests/iopr/ssl_iopr.sh b/security/nss/tests/iopr/ssl_iopr.sh deleted file mode 100644 index f8c97185c..000000000 --- a/security/nss/tests/iopr/ssl_iopr.sh +++ /dev/null @@ -1,666 +0,0 @@ -#! /bin/sh -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -######################################################################## -# -# mozilla/security/nss/tests/iopr/ssl_iopr.sh -# -# NSS SSL interoperability QA. This file is included from ssl.sh -# -# needs to work on all Unix and Windows platforms -# -# special strings -# --------------- -# FIXME ... known problems, search for this string -# NOTE .... unexpected behavior -# -# FIXME - Netscape - NSS -######################################################################## -IOPR_SSL_SOURCED=1 - -######################################################################## -# The functions works with variables defined in interoperability -# configuration file that was downloaded from a webserver. -# It tries to find unrevoked cert based on value of variable -# "SslClntValidCertName" defined in the configuration file. -# Params NONE. -# Returns 0 if found, 1 otherwise. -# -setValidCert() { - testUser=$SslClntValidCertName - [ -z "$testUser" ] && return 1 - return 0 -} - -######################################################################## -# The funtions works with variables defined in interoperability -# configuration file that was downloaded from a webserver. -# The function sets port, url, param and description test parameters -# that was defind for a particular type of testing. -# Params: -# $1 - supported types of testing. Currently have maximum -# of two: forward and reverse. But more can be defined. -# No return value -# -setTestParam() { - type=$1 - sslPort=`eval 'echo $'${type}Port` - sslUrl=`eval 'echo $'${type}Url` - testParam=`eval 'echo $'${type}Param` - testDescription=`eval 'echo $'${type}Descr` - [ -z "$sslPort" ] && sslPort=443 - [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html" - [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html" -} - - -####################################################################### -# local shell function to perform SSL Cipher Suite Coverage tests -# in interoperability mode. Tests run against web server by using nss -# test client -# Params: -# $1 - supported type of testing. -# $2 - testing host -# $3 - nss db location -# No return value -# -ssl_iopr_cov_ext_server() -{ - testType=$1 - host=$2 - dbDir=$3 - - setTestParam $testType - if [ "`echo $testParam | grep NOCOV`" != "" ]; then - echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \ - "run by server configuration" - return 0 - fi - - html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \ - "$BYPASS_STRING $NORM_EXT): $testDescription" - - setValidCert; ret=$? - if [ $ret -ne 0 ]; then - html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" - return $ret - fi - - SSL_REQ_FILE=${TMP}/sslreq.dat.$$ - echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE - echo >> $SSL_REQ_FILE - - while read ecc tls param testname therest; do - [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \ - "$ecc" = "ECC" ] && continue; - - echo "$SCRIPTNAME: running $testname ----------------------------" - TLS_FLAG=-T - if [ "$tls" = "TLS" ]; then - TLS_FLAG="" - fi - - resFile=${TMP}/$HOST.tmpRes.$$ - rm $resFile 2>/dev/null - - echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\" - echo " -n $testUser -w nss ${CLIEN_OPTIONS} -f \\" - echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile" - - tstclnt -w nss -p ${sslPort} -h ${host} -c ${param} \ - ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -w nss \ - -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1 - ret=$? - grep "ACCESS=OK" $resFile - test $? -eq 0 -a $ret -eq 0 - ret=$? - [ $ret -ne 0 ] && cat ${TMP}/$HOST.tmp.$$ - rm -f $resFile 2>/dev/null - html_msg $ret 0 "${testname}" - done < ${SSLCOV} - rm -f $SSL_REQ_FILE 2>/dev/null - - html "</TABLE><BR>" -} - -####################################################################### -# local shell function to perform SSL Client Authentication tests -# in interoperability mode. Tests run against web server by using nss -# test client -# Params: -# $1 - supported type of testing. -# $2 - testing host -# $3 - nss db location -# No return value -# -ssl_iopr_auth_ext_server() -{ - testType=$1 - host=$2 - dbDir=$3 - - setTestParam $testType - if [ "`echo $testParam | grep NOAUTH`" != "" ]; then - echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \ - "run by server configuration" - return 0 - fi - - html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): - $testDescription" - - setValidCert;ret=$? - if [ $ret -ne 0 ]; then - html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" - return $ret - fi - - SSL_REQ_FILE=${TMP}/sslreq.dat.$$ - echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE - echo >> $SSL_REQ_FILE - - SSLAUTH_TMP=${TMP}/authin.tl.tmp - grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP} - - while read ecc value sparam cparam testname; do - [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; - - cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` - - echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\" - echo " -d ${dbDir} < ${SSL_REQ_FILE}" - - resFile=${TMP}/$HOST.tmp.$$ - rm $rsFile 2>/dev/null - - tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ - -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1 - ret=$? - grep "ACCESS=OK" $resFile - test $? -eq 0 -a $ret -eq 0 - ret=$? - [ $ret -ne 0 ] && cat $resFile - rm $resFile 2>/dev/null - - html_msg $ret $value "${testname}. Client params: $cparam"\ - "produced a returncode of $ret, expected is $value" - done < ${SSLAUTH_TMP} - rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} - - html "</TABLE><BR>" -} - -######################################################################## -# local shell function to perform SSL interoperability test with/out -# revoked certs tests. Tests run against web server by using nss -# test client -# Params: -# $1 - supported type of testing. -# $2 - testing host -# $3 - nss db location -# No return value -# -ssl_iopr_crl_ext_server() -{ - testType=$1 - host=$2 - dbDir=$3 - - setTestParam $testType - if [ "`echo $testParam | grep NOCRL`" != "" ]; then - echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \ - "run by server configuration" - return 0 - fi - - html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription" - - SSL_REQ_FILE=${TMP}/sslreq.dat.$$ - echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE - echo >> $SSL_REQ_FILE - - SSLAUTH_TMP=${TMP}/authin.tl.tmp - grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \ - grep -v none > ${SSLAUTH_TMP} - - while read ecc value sparam _cparam testname; do - [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; - - rev_modvalue=254 - for testUser in $SslClntValidCertName $SslClntRevokedCertName; do - cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` - - echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\" - echo " -f -d ${dbDir} ${cparam} < ${SSL_REQ_FILE}" - resFile=${TMP}/$HOST.tmp.$$ - rm -f $resFile 2>/dev/null - tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ - -d ${dbDir} < ${SSL_REQ_FILE} \ - > $resFile 2>&1 - ret=$? - grep "ACCESS=OK" $resFile - test $? -eq 0 -a $ret -eq 0 - ret=$? - [ $ret -ne 0 ] && ret=$rev_modvalue; - [ $ret -ne 0 ] && cat $resFile - rm -f $resFile 2>/dev/null - - if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then - modvalue=$rev_modvalue - testAddMsg="revoked" - else - testAddMsg="not revoked" - modvalue=$value - fi - html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ - "produced a returncode of $ret, expected is $modvalue" - done - done < ${SSLAUTH_TMP} - rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} - - html "</TABLE><BR>" -} - - -######################################################################## -# local shell function to perform SSL Cipher Coverage tests of nss server -# by invoking remote test client on web server side. -# Invoked only if reverse testing is supported by web server. -# Params: -# $1 - remote web server host -# $2 - open port to connect to invoke CGI script -# $3 - host where selfserv is running(name of the host nss tests -# are running) -# $4 - port where selfserv is running -# $5 - selfserv nss db location -# No return value -# -ssl_iopr_cov_ext_client() -{ - host=$1 - port=$2 - sslHost=$3 - sslPort=$4 - serDbDir=$5 - - html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" - - setValidCert - ret=$? - if [ $res -ne 0 ]; then - html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" - return $ret - fi - - # P_R_SERVERDIR switch require for selfserv to work. - # Will be restored after test - OR_P_R_SERVERDIR=$P_R_SERVERDIR - P_R_SERVERDIR=$serDbDir - OR_P_R_CLIENTDIR=$P_R_CLIENTDIR - P_R_CLIENTDIR=$serDbDir - testname="" - sparam="-vvvc ABCDEFcdefgijklmnvyz" - # Launch the server - start_selfserv - - while read ecc tls param cipher therest; do - [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; - echo "============= Beginning of the test ====================" - echo - - is_selfserv_alive - - TEST_IN=${TMP}/${HOST}_IN.tmp.$$ - TEST_OUT=${TMP}/$HOST.tmp.$$ - rm -f $TEST_IN $TEST_OUT 2>/dev/null - - echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN - echo >> $TEST_IN - - echo "------- Request ----------------------" - cat $TEST_IN - echo "------- Command ----------------------" - echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ - -h $host \< $TEST_IN \>\> $TEST_OUT - - tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ - -h $host <$TEST_IN > $TEST_OUT - - echo "------- Server output Begin ----------" - cat $TEST_OUT - echo "------- Server output End ----------" - - echo "Checking for errors in log file..." - grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null - if [ $? -eq 0 ]; then - grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null - if [ $? -eq 0 ]; then - echo "Skiping test: no support for the cipher $cipher on server side" - continue - fi - - grep -i "SERVER ERROR:" $TEST_OUT - ret=$? - if [ $ret -eq 0 ]; then - echo "Found problems. Reseting exit code to failure." - - ret=1 - else - ret=0 - fi - else - echo "Script was not executed. Reseting exit code to failure." - ret=11 - fi - - html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \ - " produced a returncode of $ret, expected is 0" - rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null - done < ${SSLCOV} - kill_selfserv - - P_R_SERVERDIR=$OR_P_R_SERVERDIR - - rm -f ${TEST_IN} ${TEST_OUT} - html "</TABLE><BR>" -} - -######################################################################## -# local shell function to perform SSL Authentication tests of nss server -# by invoking remove test client on web server side -# Invoked only if reverse testing is supported by web server. -# Params: -# $1 - remote web server host -# $2 - open port to connect to invoke CGI script -# $3 - host where selfserv is running(name of the host nss tests -# are running) -# $4 - port where selfserv is running -# $5 - selfserv nss db location -# No return value -# -ssl_iopr_auth_ext_client() -{ - host=$1 - port=$2 - sslHost=$3 - sslPort=$4 - serDbDir=$5 - - html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" - - setValidCert - ret=$? - if [ $res -ne 0 ]; then - html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" - return $ret - fi - - OR_P_R_SERVERDIR=$P_R_SERVERDIR - P_R_SERVERDIR=${serDbDir} - OR_P_R_CLIENTDIR=$P_R_CLIENTDIR - P_R_CLIENTDIR=$serDbDir - - SSLAUTH_TMP=${TMP}/authin.tl.tmp - - grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} - - while read ecc value sparam cparam testname; do - [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; - - echo "Server params: $sparam" - sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz" - start_selfserv - - TEST_IN=${TMP}/$HOST_IN.tmp.$$ - TEST_OUT=${TMP}/$HOST.tmp.$$ - rm -f $TEST_IN $TEST_OUT 2>/dev/null - - echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN - echo >> $TEST_IN - - echo "------- Request ----------------------" - cat $TEST_IN - echo "------- Command ----------------------" - echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ - -h $host \< $TEST_IN \>\> $TEST_OUT - - tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ - -h $host <$TEST_IN > $TEST_OUT - - echo "------- Server output Begin ----------" - cat $TEST_OUT - echo "------- Server output End ----------" - - echo "Checking for errors in log file..." - grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null - if [ $? -eq 0 ]; then - echo "Checking for error in log file..." - grep -i "SERVER ERROR:" $TEST_OUT - ret=$? - if [ $ret -eq 0 ]; then - echo "Found problems. Reseting exit code to failure." - ret=1 - else - ret=0 - fi - else - echo "Script was not executed. Reseting exit code to failure." - ret=11 - fi - - html_msg $ret $value "${testname}. Server params: $sparam"\ - "produced a returncode of $ret, expected is $value" - kill_selfserv - rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null - done < ${SSLAUTH_TMP} - P_R_SERVERDIR=$OR_P_R_SERVERDIR - - rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT} - html "</TABLE><BR>" -} - -######################################################################### -# local shell function to perform SSL CRL testing of nss server -# by invoking remote test client on web server side -# Invoked only if reverse testing is supported by web server. -# Params: -# $1 - remote web server host -# $2 - open port to connect to invoke CGI script -# $3 - host where selfserv is running(name of the host nss tests -# are running) -# $4 - port where selfserv is running -# $5 - selfserv nss db location -# No return value -# -ssl_iopr_crl_ext_client() -{ - host=$1 - port=$2 - sslHost=$3 - sslPort=$4 - serDbDir=$5 - - html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" - - OR_P_R_SERVERDIR=$P_R_SERVERDIR - P_R_SERVERDIR=${serDbDir} - OR_P_R_CLIENTDIR=$P_R_CLIENTDIR - P_R_CLIENTDIR=$serDbDir - - SSLAUTH_TMP=${TMP}/authin.tl.tmp - grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} - - while read ecc value sparam _cparam testname; do - [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; - sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz" - start_selfserv - - for testUser in $SslClntValidCertName $SslClntRevokedCertName; do - - is_selfserv_alive - - TEST_IN=${TMP}/${HOST}_IN.tmp.$$ - TEST_OUT=${TMP}/$HOST.tmp.$$ - rm -f $TEST_IN $TEST_OUT 2>/dev/null - - echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN - echo >> $TEST_IN - - echo "------- Request ----------------------" - cat $TEST_IN - echo "------- Command ----------------------" - echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ - -h ${host} \< $TEST_IN \>\> $TEST_OUT - - tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ - -h ${host} <$TEST_IN > $TEST_OUT - echo "------- Request ----------------------" - cat $TEST_IN - echo "------- Server output Begin ----------" - cat $TEST_OUT - echo "------- Server output End ----------" - - echo "Checking for errors in log file..." - grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null - if [ $? -eq 0 ]; then - grep -i "SERVER ERROR:" $TEST_OUT - ret=$? - if [ $ret -eq 0 ]; then - echo "Found problems. Reseting exit code to failure." - ret=1 - else - ret=0 - fi - else - echo "Script was not executed. Reseting exit code to failure." - ret=11 - fi - - if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then - modvalue=1 - testAddMsg="revoked" - else - testAddMsg="not revoked" - modvalue=0 - fi - - html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ - "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)" - rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null - done - kill_selfserv - done < ${SSLAUTH_TMP} - P_R_SERVERDIR=$OR_P_R_SERVERDIR - - rm -f ${SSLAUTH_TMP} - html "</TABLE><BR>" -} - -##################################################################### -# Initial point for running ssl test againt multiple hosts involved in -# interoperability testing. Called from nss/tests/ssl/ssl.sh -# It will only proceed with test run for a specific host if environment variable -# IOPR_HOSTADDR_LIST was set, had the host name in the list -# and all needed file were successfully downloaded and installed for the host. -# -# Returns 1 if interoperability testing is off, 0 otherwise. -# -ssl_iopr_run() { - NO_ECC_CERTS=1 # disable ECC for interoperability tests - - if [ "$IOPR" -ne 1 ]; then - return 1 - fi - cd ${CLIENTDIR} - - num=1 - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` - while [ "$IOPR_HOST_PARAM" ]; do - IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` - IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` - [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443 - - . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg - RES=$? - - if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then - num=`expr $num + 1` - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` - continue - fi - - #======================================================= - # Check if server is capable to run ssl tests - # - [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue; - - # Testing directories defined by webserver. - echo "Testing ssl interoperability. - Client: local(tstclnt). - Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)" - - for sslTestType in ${supportedTests_new}; do - if [ -z "`echo $sslTestType | grep -i ssl`" ]; then - continue - fi - ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \ - ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} - ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \ - ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} - ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \ - ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} - done - - - # Testing selfserv with client located at the webserver. - echo "Testing ssl interoperability. - Client: remote($IOPR_HOSTADDR:$PORT) - Server: local(selfserv)" - ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ - ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} - ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ - ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} - ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ - ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} - echo "================================================" - echo "Done testing interoperability with $IOPR_HOSTADDR" - num=`expr $num + 1` - IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` - done - NO_ECC_CERTS=0 - return 0 -} - diff --git a/security/nss/tests/ocsp/ocsp.sh b/security/nss/tests/ocsp/ocsp.sh deleted file mode 100644 index 8efe737a7..000000000 --- a/security/nss/tests/ocsp/ocsp.sh +++ /dev/null @@ -1,82 +0,0 @@ -#! /bin/sh -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -######################################################################## -# -# mozilla/security/nss/tests/ocsp/ocsp.sh -# -# Script to test NSS OCSP -# -# needs to work on all Unix and Windows platforms -# -# special strings -# --------------- -# FIXME ... known problems, search for this string -# NOTE .... unexpected behavior -# -######################################################################## - -############################## ssl_init ################################ -# local shell function to initialize this script -######################################################################## -ocsp_init() -{ - SCRIPTNAME=ocsp.sh # sourced - $0 would point to all.sh - - if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for - CLEANUP="${SCRIPTNAME}" # cleaning this script will do it - fi - - if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then - cd ../common - . ./init.sh - fi - if [ -z "${IOPR_OCSP_SOURCED}" ]; then - . ../iopr/ocsp_iopr.sh - fi - if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here - cd ../cert - . ./cert.sh - fi - SCRIPTNAME=ocsp.sh - echo "$SCRIPTNAME: OCSP tests ===============================" - - cd ${CLIENTDIR} -} - -################## main ################################################# -ocsp_init -ocsp_iopr_run |