diff options
author | relyea%netscape.com <devnull@localhost> | 2000-05-16 17:50:52 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2000-05-16 17:50:52 +0000 |
commit | b304901db21f8e57c49fedda1c6b149b31a73041 (patch) | |
tree | 60633e91521675ea614e8d7826141df10b914ff6 | |
parent | c6f8aa18bb8e654cb72746051f590fc7f028196d (diff) | |
download | nss-hg-b304901db21f8e57c49fedda1c6b149b31a73041.tar.gz |
Add a mini-framework to allow us to test NSS releases without using tet.
-rwxr-xr-x | security/nss/tests/all.sh | 35 | ||||
-rwxr-xr-x | security/nss/tests/common/arch.sh | 296 | ||||
-rw-r--r-- | security/nss/tests/common/init.sh | 59 | ||||
-rw-r--r-- | security/nss/tests/common/results_header.html | 6 | ||||
-rwxr-xr-x | security/nss/tests/ssl/ssl.sh | 263 | ||||
-rw-r--r-- | security/nss/tests/ssl/sslauth.txt | 21 | ||||
-rw-r--r-- | security/nss/tests/ssl/sslcov.txt | 37 | ||||
-rw-r--r-- | security/nss/tests/ssl/sslreq.txt | 3 | ||||
-rw-r--r-- | security/nss/tests/ssl/sslstress.txt | 14 |
9 files changed, 734 insertions, 0 deletions
diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh new file mode 100755 index 000000000..168254c8a --- /dev/null +++ b/security/nss/tests/all.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# Run all our tests +# +CURDIR=`pwd` +TESTS="ssl" +cd common +. init.sh +export MOZILLA_ROOT +export COMMON +export DIST +export SECURITY_ROOT +export TESTDIR +export OBJDIR +export HOSTDIR + +LOGFILE=${HOSTDIR}/output.log +export LOGFILE +touch ${LOGFILE} +tail -f ${LOGFILE} & +TAILPID=$! +trap "kill ${TAILPID}; exit" 2 +for i in ${TESTS} +do + echo "Running Tests for $i" +# +# All tells the test suite to run through all their tests. +# file tells the test suite that the output is going to a log, so any +# forked() children need to redirect their output to prevent them from +# being over written. + + (cd ${CURDIR}/$i ; ./${i}.sh all file >> ${LOGFILE} 2>&1) +# cd ${CURDIR}/$i ; ./${i}.sh +done +kill ${TAILPID} diff --git a/security/nss/tests/common/arch.sh b/security/nss/tests/common/arch.sh new file mode 100755 index 000000000..16820a699 --- /dev/null +++ b/security/nss/tests/common/arch.sh @@ -0,0 +1,296 @@ +#!/bin/sh +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# Master "Core Components" macros for getting the OS architecture # +####################################################################### + +# +# Macros for getting the OS architecture +# +if [ -s "${USE_64}" ]; then + A64BIT_TAG=_64 +else + A64BIT_TAG= +fi + +#OS_ARCH := $(subst /,_,$(shell uname -s)) +OS_ARCH=`uname -s | sed -e 's;/;_;'` + +# +# Attempt to differentiate between sparc and x86 Solaris +# + +#OS_TEST := $(shell uname -m) +OS_TEST=`uname -m` +if [ ${OS_TEST} = "i86pc" ]; then + OS_RELEASE=`uname -r`"_"${OS_TEST} +else + OS_RELEASE=`uname -r` +fi + +# +# Force the IRIX64 machines to use IRIX. +# +if [ ${OS_ARCH} = "IRIX64" ]; then + OS_ARCH="IRIX" +fi + +# +# Force the newer BSDI versions to use the old arch name. +# + +if [ ${OS_ARCH} = "BSD_OS" ]; then + OS_ARCH=BSD_386 +fi + +# +# Catch Deterim if SVR4 is NCR or UNIXWARE +# + +if [ ${OS_ARCH} = "UNIX_SV" ]; then + if grep NCR /etc/bcheckrc ; then + OS_ARCH=NCR + else + # Make UnixWare something human readable + OS_ARCH=UNIXWARE + fi + + # Get the OS release number, not 4.2 + OS_RELEASE=`uname -v` +fi + +if [ ${OS_ARCH} = "UNIX_System_V" ]; then + OS_ARCH=NEC +fi + +if [ ${OS_ARCH} = "AIX" ]; then + OS_MAJOR=`uname -v` + OS_MINOR=`uname -r` + OS_RELEASE=${OS_MAJOR}.${OS_MINOR} +fi + +# +# Distinguish between OSF1 V4.0B and V4.0D +# + +if [ ${OS_ARCH}${OS_RELEASE} = "OSF1V4.0" ]; then + OS_VERSION=`uname -v` + if [ ${OS_VERSION} = "564" ]; then + OS_RELEASE=V4.0B + fi + if [ ${OS_VERSION} = "878" ]; then + OS_RELEASE=V4.0D + fi +fi + +# +# SINIX changes name to ReliantUNIX with 5.43 +# + +if [ ${OS_ARCH} = "ReliantUNIX-N" ]; then + OS_ARCH=ReliantUNIX + OS_RELEASE=5.4 +fi + +if [ ${OS_ARCH} = "SINIX-N" ]; then + OS_ARCH=ReliantUNIX + OS_RELEASE=5.4 +fi + +# +# Handle FreeBSD 2.2-STABLE and Linux 2.0.30-osfmach3 +# + +#if [(,$(filter-out Linux FreeBSD,${OS_ARCH})) +#OS_RELEASE := $(shell echo $(OS_RELEASE) | sed 's/-.*//') +#endif + +if [ ${OS_ARCH} = "Linux" ]; then + OS_RELEASE=`basename ${OS_RELEASE}` +fi + +####################################################################### +# Master "Core Components" macros for getting the OS target # +####################################################################### + +# +# Note: OS_TARGET should be specified on the command line for gmake. +# When OS_TARGET=WIN95 is specified, then a Windows 95 target is built. +# The difference between the Win95 target and the WinNT target is that +# the WinNT target uses Windows NT specific features not available +# in Windows 95. The Win95 target will run on Windows NT, but (supposedly) +# at lesser performance (the Win95 target uses threads; the WinNT target +# uses fibers). +# +# When OS_TARGET=WIN16 is specified, then a Windows 3.11 (16bit) target +# is built. See: win16_3.11.mk for lots more about the Win16 target. +# +# If OS_TARGET is not specified, it defaults to ${OS_ARCH}, i.e., no +# cross-compilation. +# + +# +# The following hack allows one to build on a WIN95 machine (as if +# s/he were cross-compiling on a WINNT host for a WIN95 target). +# It also accomodates for MKS's uname.exe. If you never intend +# to do development on a WIN95 machine, you don't need this. It doesn't +# work any more anyway. +# +if [ ${OS_ARCH} = "WIN95" ]; then + OS_ARCH=WINNT + OS_TARGET=WIN95 +fi +if [ ${OS_ARCH} = "Windows_95" ]; then + OS_ARCH=Windows_NT + OS_TARGET=WIN95 +fi + +# +# On WIN32, we also define the variable CPU_ARCH. +# + +if [ ${OS_ARCH} = "WINNT" ]; then + CPU_ARCH=`uname -p` + if [ ${CPU_ARCH} = "I386" ]; then + CPU_ARCH=x386 + fi +else +# +# If uname -s returns "Windows_NT", we assume that we are using +# the uname.exe in MKS toolkit. +# +# The -r option of MKS uname only returns the major version number. +# So we need to use its -v option to get the minor version number. +# Moreover, it doesn't have the -p option, so we need to use uname -m. +# +if [ ${OS_ARCH} = "Windows_NT" ]; then + OS_ARCH=WINNT + OS_MINOR_RELEASE=`uname -v` + if [ ${OS_MINOR_RELEASE} = "00" ]; then + OS_MINOR_RELEASE=0 + fi + OS_RELEASE=${OS_RELEASE}.${OS_MINOR_RELEASE} + CPU_ARCH=`uname -m` + # + # MKS's uname -m returns "586" on a Pentium machine. + # + #ifneq (,$(findstring 86,$(CPU_ARCH))) + if (echo $CPU_ARCH | grep 86) ; then + CPU_ARCH=x386 + fi +fi +fi + +OS_TARGET=${OS_TARGET-${OS_ARCH}} + +if [ ${OS_TARGET} = "WIN95" ]; then + OS_RELEASE=4.0 +fi + +if [ ${OS_TARGET} = "WIN16" ]; then + OS_RELEASE= +# OS_RELEASE = _3.11 +fi + +# +# This variable is used to get OS_CONFIG.mk. +# + +OS_CONFIG=${OS_TARGET}${OS_RELEASE} + +# +# OBJDIR_TAG depends on the predefined variable BUILD_OPT, +# to distinguish between debug and release builds. +# + +if [ -s "${BUILD_OPT}" ]; then + if [ ${OS_TARGET} = "WIN16" ]; then + OBJDIR_TAG=_O + else + OBJDIR_TAG=${A64BIT_TAG}_OPT + fi +else + if [ -s "${BUILD_IDG}" ]; then + if [ ${OS_TARGET} = "WIN16" ]; then + OBJDIR_TAG=_I + else + OBJDIR_TAG=${A64BIT_TAG}_IDG + fi + else + if [ ${OS_TARGET} = WIN16 ]; then + OBJDIR_TAG=_D + else + OBJDIR_TAG=${A64BIT_TAG}_DBG + fi + fi +fi + +# +# The following flags are defined in the individual $(OS_CONFIG).mk +# files. +# +# CPU_TAG is defined if the CPU is not the most common CPU. +# COMPILER_TAG is defined if the compiler is not the native compiler. +# IMPL_STRATEGY may be defined too. +# + +# Name of the binary code directories +#ifeq (${OS_ARCH}, WINNT) +# ifeq ($(CPU_ARCH),x386) +## OBJDIR_NAME=$(OS_CONFIG)$(OBJDIR_TAG).OBJ +# else +# OBJDIR_NAME=$(OS_CONFIG)$(CPU_ARCH)$(OBJDIR_TAG).OBJ +# endif +#else +#endif + +OBJDIR_NAME=${OS_CONFIG}${CPU_TAG}${COMPILER_TAG}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}'.OBJ' + +#export OS_CONFIG OS_ARCH OBJDIR_NAME OS_RELEASE OBJDIR_TAG + +if [ ${OS_ARCH} = "WINNT" ]; then +if [ ${OS_TARGET} != "WIN16" ]; then +if [ ! -s "${BUILD_OPT}" ]; then +# +# Define USE_DEBUG_RTL if you want to use the debug runtime library +# (RTL) in the debug build +# +if [ -s "${USE_DEBUG_RTL}" ]; then + OBJDIR_NAME=${OS_CONFIG}${CPU_TAG}${COMPILER_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}.OBJD +fi +fi +fi +fi + +echo ${OBJDIR_NAME} diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh new file mode 100644 index 000000000..fe5c5020e --- /dev/null +++ b/security/nss/tests/common/init.sh @@ -0,0 +1,59 @@ +#! /bin/sh +# +# Initialize a bunch of variables that may tests would be interested in +# +# +mozilla_root=`(cd ../../../..; pwd)` +common=`(cd ../common; pwd)` +MOZILLA_ROOT=${SECURITY_ROOT-$mozilla_root} +COMMON=${TEST_COMMON-$common} +DIST=${DIST-${MOZILLA_ROOT}/dist} +SECURITY_ROOT=${DIST-${MOZILLA_ROOT}/security/nss} +TESTDIR=${TESTDIR-${MOZILLA_ROOT}/tests_results/security} +. ../common/arch.sh +OBJDIR=${OBJDIR_NAME} +PATH=${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:$PATH +export PATH +LD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib +export LD_LIBRARY_PATH +echo "Creating ${TESTDIR}" +if [ ! -d ${TESTDIR} ]; then + mkdir -p ${TESTDIR} +fi + +if [ ! -s "${HOSTDIR}" ]; then + version=1 + if [ -f ${TESTDIR}/${HOST} ]; then + version=`cat ${TESTDIR}/${HOST}` + fi + expr $version + 1 > ${TESTDIR}/${HOST} + + HOSTDIR=${TESTDIR}/${HOST}'.'$version +fi + +if [ ! -d ${HOSTDIR} ]; then + mkdir -p ${HOSTDIR} +fi + +RESULTS=${HOSTDIR}/results.html +if [ ! -f "${RESULTS}" ]; then + + cp ${COMMON}/results_header.html ${RESULTS} + echo "<H4>Platform: ${OBJDIR}<BR>" >> ${RESULTS} + echo "Test Run: ${HOST}.$version</H4>" >> ${RESULTS} + echo "<HR><BR>" >> ${RESULTS} +fi + +echo "********************************************" +echo " Platform: ${OBJDIR}" +echo " Results: ${HOST}.$version" +echo "********************************************" + +KILL="kill" +if [ ${OS_ARCH} = "Linux" ]; then + KILL="kill -kill" +fi + +export KILL + + diff --git a/security/nss/tests/common/results_header.html b/security/nss/tests/common/results_header.html new file mode 100644 index 000000000..c09685b11 --- /dev/null +++ b/security/nss/tests/common/results_header.html @@ -0,0 +1,6 @@ +<HTML> +<HEAD> +<TITLE>Test Report for NSS</TITLE> +</HEAD> +<BODY BGCOLOR="#FFFFFF"> +<CENTER><H3>Test Report for NSS</H3></CENTER> diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh new file mode 100755 index 000000000..0600769a0 --- /dev/null +++ b/security/nss/tests/ssl/ssl.sh @@ -0,0 +1,263 @@ +#! /bin/ksh +# +# This is just a quick script so we can still run our testcases. +# Longer term we need a scriptable test environment.. +# +. ../common/init.sh +CURDIR=`pwd` +PORT=${PORT-8443} + +# Test case files +SSLCOV=${CURDIR}/sslcov.txt +SSLAUTH=${CURDIR}/sslauth.txt +SSLSTRESS=${CURDIR}/sslstress.txt +REQUEST_FILE=${CURDIR}/sslreq.txt + +#temparary files +PWFILE=/tmp/tests.pw.$$ +CERTSCRIPT=/tmp/tests.certs.$$ +NOISE_FILE=/tmp/tests.noise.$$ +SERVEROUTFILE=/tmp/tests.server.$$ + +TEMPFILES="${PWFILE} ${CERTSCRIPT} ${SERVEROUTFILE} ${NOISE_FILE}" + +none=1 +coverage=0 +auth=0 +stress=0 +fileout=0 + +for i in $* +do + case $i in + [aA][lL]*) + none=0; coverage=1; auth=1; stress=1;; + [aA][uU]*) + none=0; auth=1;; + [Cc]*) + none=0; coverage=1;; + [Ss]*) + none=0; stress=1;; + f) + fileout=1; + esac +done + +if [ $none -eq 1 ]; then + coverage=1 + auth=1 + stress=1 +fi + + +# +# should also try to kill any running server +# +trap "rm -f ${TEMPFILES}; exit" 2 3 + + +# Generate noise for our CA cert. +# +# NOTE: these keys are only suitable for testing, as this whole thing bypasses +# the entropy gathering. Don't use this method to generate keys and certs for +# product use or deployment. +# +ps -efl > ${NOISE_FILE} 2>&1 +ps aux >> ${NOISE_FILE} 2>&1 +netstat >> ${NOISE_FILE} 2>&1 +date >> ${NOISE_FILE} 2>&1 + +# +# build the TEMP CA used for testing purposes +# +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} +CADIR=${HOSTDIR}/CA +echo "********************** Creating a CA Certificate **********************" +if [ ! -d ${CADIR} ]; then + mkdir -p ${CADIR} +fi +cd ${CADIR} +echo nss > ${PWFILE} +echo " certutil -N -d . -f ${PWFILE}" +certutil -N -d . -f ${PWFILE} + +echo 5 > ${CERTSCRIPT} +echo 9 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo y >> ${CERTSCRIPT} +echo 3 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo 5 >> ${CERTSCRIPT} +echo 6 >> ${CERTSCRIPT} +echo 7 >> ${CERTSCRIPT} +echo 9 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE}" +certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT} + +if [ $? -ne 0 ]; then + echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} +else + echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} +fi + +echo "**************** Creating Client CA Issued Certificate ****************" +netstat >> ${NOISE_FILE} 2>&1 +date >> ${NOISE_FILE} 2>&1 +CLIENTDIR=${HOSTDIR}/client +if [ ! -d ${CLIENTDIR} ]; then + mkdir -p ${CLIENTDIR} +fi +cd ${CLIENTDIR} +cp ${CADIR}/*.db . +echo "certutil -S -n \"TestUser\" -s \"CN=Test User, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -t \"u,u,u\" -c "TestCA" -m 3 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}" +certutil -S -n "TestUser" -s "CN=Test User, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "u,u,u" -c "TestCA" -m 3 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE} +if [ $? -ne 0 ]; then + echo "<TR><TD>Creating client Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} +else + echo "<TR><TD>Creating client Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} +fi + +echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****" +netstat >> ${NOISE_FILE} 2>&1 +date >> ${NOISE_FILE} 2>&1 +SERVERDIR=${HOSTDIR}/server +if [ ! -d ${SERVERDIR} ]; then + mkdir -p ${SERVERDIR} +fi +cd ${SERVERDIR} +cp ../CA/*.db . +echo "certutil -S -n \"${HOST}.${DOMSUF}\" -s \"CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -t \"Pu,Pu,Pu\" -c "TestCA" -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}" +certutil -S -n "${HOST}.${DOMSUF}" -s "CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" -t "Pu,Pu,Pu" -c "TestCA" -m 1 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE} +if [ $? -ne 0 ]; then + echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} +else + echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} +fi +echo "</TABLE><BR>" >> ${RESULTS} + +rm -f ${TEMPFILES} + + +# OK now lets run the tests.... +if [ $coverage -eq 1 ]; then +echo "********************* SSL Cipher Coverage ****************************" +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Cipher Coverage</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} +cd ${CLIENTDIR} + cat ${SSLCOV} | while read tls param testname +do + if [ $tls != "#" ]; then + echo "********************* $testname ****************************" + TLS_FLAG=-T + if [ $tls = "TLS" ]; then + TLS_FLAG="" + fi + sparam="" + if [ ${param} = "i" ]; then + sparam='-c i' + fi + if [ ${fileout} -eq 1 ]; then + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 & + else + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} & + fi + SERVERPID=$! + sleep 10 + + tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f -d . < ${REQUEST_FILE} + if [ $? -ne 0 ]; then + echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} + else + echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} + fi + ${KILL} ${SERVERPID} + wait ${SERVERPID} + if [ ${fileout} -eq 1 ]; then + cat ${SERVEROUTFILE} + fi + fi +done + +echo "</TABLE><BR>" >> ${RESULTS} +fi + +if [ $auth -eq 1 ]; then +echo "********************* SSL Client Auth ****************************" +cd ${CLIENTDIR} +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Client Authentication</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} + +cat ${SSLAUTH} | while read value sparam cparam testname +do + if [ $value != "#" ]; then + echo "***** $testname ****" + sparam=`echo $sparam | sed -e 's;_; ;g'` + cparam=`echo $cparam | sed -e 's;_; ;g'` + echo "selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &" + if [ ${fileout} -eq 1 ]; then + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 & + else + selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} & + fi + SERVERPID=$! + sleep 10 + pwd + echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam}" + tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam} < ${REQUEST_FILE} + if [ $? -ne $value ]; then + echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} + else + echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} + fi + ${KILL} ${SERVERPID} + wait ${SERVERPID} + if [ ${fileout} -eq 1 ]; then + cat ${SERVEROUTFILE} + fi + fi +done + +echo "</TABLE><BR>" >> ${RESULTS} +fi + + +if [ $stress -eq 1 ]; then +echo "********************* Stress Test ****************************" +cd ${CLIENTDIR} +echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Stress Test</TH></TR>" >> ${RESULTS} +echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} + +cat ${SSLSTRESS} | while read value sparam cparam testname +do + if [ $value != "#" ]; then + echo "********************* $testname ****************************" + sparam=`echo $sparam | sed -e 's;_; ;g'` + cparam=`echo $cparam | sed -e 's;_; ;g'` + if [ ${fileout} -eq 1 ]; then + selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 & + else + selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} & + fi + SERVERPID=$! + sleep 10 + + strsclnt -p ${PORT} ${HOST} -d . -w nss $cparam + if [ $? -ne $value ]; then + echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} + else + echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} + fi + ${KILL} ${SERVERPID} + wait ${SERVERPID} + if [ ${fileout} -eq 1 ]; then + cat ${SERVEROUTFILE} + fi + fi +done + +echo "</TABLE><BR>" >> ${RESULTS} +fi + +rm -f ${TEMPFILES} diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt new file mode 100644 index 000000000..e6beda10f --- /dev/null +++ b/security/nss/tests/ssl/sslauth.txt @@ -0,0 +1,21 @@ +# +# This file defines the tests for client auth. +# +# expected +# return server client Test Case name +# value params params +# ------ ------ ------ --------------- + 0 -r -w_nss TLS Request don't require client auth (client does not provide auth) + 0 -r -n_TestUser_-w_bogus TLS Request don't require client auth (bad password) + 0 -r -n_TestUser_-w_nss TLS Request don't require client auth (client auth) + 0 -r_-r -w_nss TLS Require client auth (client does not provide auth) +# this one should fail + 254 -r_-r -n_TestUser_-w_bogus TLS Require client auth (bad password) + 0 -r_-r -n_TestUser_-w_nss TLS Require client auth (client auth) + 0 -r -T_-w_nss SSL3 Request don't require client auth (client does not provide auth) + 0 -r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password) + 0 -r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth) + 0 -r_-r -T_-w_nss SSL3 Require client auth (client does not provide auth) +# this one should fail + 254 -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password) + 0 -r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth (client auth) diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt new file mode 100644 index 000000000..8df8f4f2c --- /dev/null +++ b/security/nss/tests/ssl/sslcov.txt @@ -0,0 +1,37 @@ +# +# This file enables test coverage of the various SSL ciphers +# +# NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We +# mix up the enable functions so we can tests boths paths. +# +# Enable Cipher Test Name +# TLS +# + noTLS A SSL2 RC4 128 WITH MD5 + TLS B SSL2 RC4 128 EXPORT40 WITH MD5 + TLS C SSL2 RC2 128 CBC WITH MD5 + noTLS D SSL2 RC2 128 CBC EXPORT40 WITH MD5 + TLS E SSL2 DES 64 CBC WITH MD5 + noTLS F SSL2 DES 192 EDE3 CBC WITH MD5 + noTLS c SSL3 RSA WITH RC4 128 MD5 + noTLS d SSL3 RSA WITH 3DES EDE CBC SHA + noTLS e SSL3 RSA WITH DES CBC SHA + noTLS f SSL3 RSA EXPORT WITH RC4 40 MD5 + noTLS g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5 + noTLS j SSL3 RSA FIPS WITH 3DES EDE CBC SHA + noTLS k SSL3 RSA FIPS WITH DES CBC SHA + noTLS l SSL3 RSA EXPORT WITH DES CBC SHA (new) + noTLS m SSL3 RSA EXPORT WITH RC4 56 SHA (new) + TLS c TLS RSA WITH RC4 128 MD5 + TLS d TLS RSA WITH 3DES EDE CBC SHA + TLS e TLS RSA WITH DES CBC SHA + TLS f TLS RSA EXPORT WITH RC4 40 MD5 + TLS g TLS RSA EXPORT WITH RC2 CBC 40 MD5 + TLS j TLS RSA FIPS WITH 3DES EDE CBC SHA + TLS k TLS RSA FIPS WITH DES CBC SHA + TLS l TLS RSA EXPORT WITH DES CBC SHA (new) + TLS m TLS RSA EXPORT WITH RC4 56 SHA (new) +# The NULL ciphers have to be last because we need to restart selfserve +# (NULL is not enabled by default) + TLS i TLS RSA WITH NULL MD5 + noTLS i SSL3 RSA WITH NULL MD5 diff --git a/security/nss/tests/ssl/sslreq.txt b/security/nss/tests/ssl/sslreq.txt new file mode 100644 index 000000000..16a750fbf --- /dev/null +++ b/security/nss/tests/ssl/sslreq.txt @@ -0,0 +1,3 @@ +GET / HTTP/1.0 + + diff --git a/security/nss/tests/ssl/sslstress.txt b/security/nss/tests/ssl/sslstress.txt new file mode 100644 index 000000000..456431355 --- /dev/null +++ b/security/nss/tests/ssl/sslstress.txt @@ -0,0 +1,14 @@ +# +# This file defines the tests for client auth. +# +# expected +# return server client Test Case name +# value params params +# ------ ------ ------ --------------- + 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5 + 0 _ -c_1000_-C_A Stress SSL3 RC4 128 with MD5 +# 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5 +# +# add client auth versions here... +# +# 0 -r -n_"Test_User"_-w_bogus TLS Request don't require client auth (bad password) |