diff options
| author | Kai Engert <kaie@kuix.de> | 2013-08-23 20:19:17 +0200 |
|---|---|---|
| committer | Kai Engert <kaie@kuix.de> | 2013-08-23 20:19:17 +0200 |
| commit | 228dc418404939848a65a6bc13f12cf96dbf2c11 (patch) | |
| tree | 12f5f2b11eb0d55e213c7b435f385efecc3e692e | |
| parent | fa0b0eabcc6a1e61b7d3c7556c05b1ae6aab8a77 (diff) | |
| download | nss-hg-228dc418404939848a65a6bc13f12cf96dbf2c11.tar.gz | |
Bug 908617, Add tstclnt option to enforce the use of either IPv4 or IPv6, and use it to work around a test failure. r=emaldona
| -rw-r--r-- | cmd/tstclnt/tstclnt.c | 19 | ||||
| -rw-r--r-- | tests/ocsp/ocsp.sh | 32 |
2 files changed, 31 insertions, 20 deletions
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index cd07457ae..1c073ac80 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -235,6 +235,8 @@ static void PrintParameterUsage(void) fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M"); fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers"); fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y"); + fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4"); + fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6"); } static void Usage(const char *progName) @@ -806,6 +808,8 @@ int main(int argc, char **argv) PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; + PRBool allowIPv4 = PR_TRUE; + PRBool allowIPv6 = PR_TRUE; PRBool pingServerFirst = PR_FALSE; int pingTimeoutSeconds = -1; PRBool clientSpeaksFirst = PR_FALSE; @@ -846,12 +850,15 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "BFM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BFM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': default : Usage(progName); break; + case '4': allowIPv6 = PR_FALSE; if (!allowIPv4) Usage(progName); break; + case '6': allowIPv4 = PR_FALSE; if (!allowIPv6) Usage(progName); break; + case 'B': bypassPKCS11 = 1; break; case 'F': if (serverCertAuth.testFreshStatusFromSideChannel) { @@ -988,9 +995,13 @@ int main(int argc, char **argv) } do { enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, portno, &addr); - } while (enumPtr != NULL && - addr.raw.family != PR_AF_INET && - addr.raw.family != PR_AF_INET6); + if (enumPtr) { + if (addr.raw.family == PR_AF_INET && allowIPv4) + break; + if (addr.raw.family == PR_AF_INET6 && allowIPv6) + break; + } + } while (enumPtr); PR_FreeAddrInfo(addrInfo); if (enumPtr == NULL) { SECU_PrintError(progName, "error looking up host address"); diff --git a/tests/ocsp/ocsp.sh b/tests/ocsp/ocsp.sh index d6603eda0..7626f6d89 100644 --- a/tests/ocsp/ocsp.sh +++ b/tests/ocsp/ocsp.sh @@ -53,44 +53,44 @@ ocsp_stapling() { TESTNAME="startssl valid, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF} html_msg $? 0 "$TESTNAME" TESTNAME="startssl revoked, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF} html_msg $? 3 "$TESTNAME" TESTNAME="comodo trial test expired revoked, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF} html_msg $? 1 "$TESTNAME" TESTNAME="thawte (expired) valid, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF} html_msg $? 1 "$TESTNAME" TESTNAME="thawte (expired) revoked, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF} html_msg $? 1 "$TESTNAME" TESTNAME="digicert valid, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF} html_msg $? 0 "$TESTNAME" TESTNAME="digicert revoked, supports OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF} html_msg $? 3 "$TESTNAME" TESTNAME="live valid, supports OCSP stapling" @@ -101,8 +101,8 @@ ocsp_stapling() TESTNAME="startssl valid, doesn't support OCSP stapling" echo "$SCRIPTNAME: $TESTNAME" - echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}" - ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF} + echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}" + ${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF} html_msg $? 2 "$TESTNAME" TESTNAME="cacert untrusted, doesn't support OCSP stapling" |