diff options
-rw-r--r-- | cmd/selfserv/selfserv.c | 14 | ||||
-rwxr-xr-x | tests/ssl/ssl.sh | 61 |
2 files changed, 12 insertions, 63 deletions
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index f18d4a15d..e3dccf144 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -2494,13 +2494,6 @@ main(int argc, char **argv) break; } - /* Call the NSS initialization routines */ - rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY); - if (rv != SECSuccess) { - fputs("NSS_Init failed.\n", stderr); - exit(8); - } - /* The -b (bindOnly) option is only used by the ssl.sh test * script on Linux to determine whether a previous selfserv * process has fully died and freed the port. (Bug 129701) @@ -2610,6 +2603,13 @@ main(int argc, char **argv) /* set our password function */ PK11_SetPasswordFunc(SECU_GetModulePassword); + /* Call the NSS initialization routines */ + rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY); + if (rv != SECSuccess) { + fputs("NSS_Init failed.\n", stderr); + exit(8); + } + /* all SSL3 cipher suites are enabled by default. */ if (cipherString) { char *cstringSaved = cipherString; diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh index 580fe16e0..4f5bb55bf 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh @@ -682,8 +682,7 @@ ssl_crl_ssl() setup_policy() { policy="$1" - outdir="$2" - OUTFILE="${outdir}/pkcs11.txt" + OUTFILE=${P_R_CLIENTDIR}/pkcs11.txt cat > "$OUTFILE" << ++EOF++ library= name=NSS Internal PKCS #11 Module @@ -699,7 +698,7 @@ NSS=trustOrder=100 ++EOF++ echo "******************************Testing with: " - cat "$OUTFILE" + cat ${P_R_CLIENTDIR}/pkcs11.txt echo "******************************" } @@ -746,7 +745,7 @@ ssl_policy() # load the policy policy=`echo ${policy} | sed -e 's;_; ;g'` - setup_policy "$policy" ${P_R_CLIENTDIR} + setup_policy "$policy" echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}" @@ -800,7 +799,7 @@ ssl_policy_listsuites() cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav # Disallow all explicitly - setup_policy "disallow=all" ${P_R_CLIENTDIR} + setup_policy "disallow=all" RET_EXP=1 list_enabled_suites | grep '^TLS_' RET=$? @@ -808,7 +807,7 @@ ssl_policy_listsuites() "produced a returncode of $RET, expected is $RET_EXP" # Disallow RSA in key exchange explicitly - setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_CLIENTDIR} + setup_policy "disallow=rsa/ssl-key-exchange" RET_EXP=1 list_enabled_suites | grep '^TLS_RSA_' RET=$? @@ -820,55 +819,6 @@ ssl_policy_listsuites() html "</TABLE><BR>" } -############################## ssl_policy_selfserv ##################### -# local shell function to perform SSL Policy tests, using selfserv -######################################################################## -ssl_policy_selfserv() -{ - #verbose="-v" - html_head "SSL POLICY SELFSERV $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE" - - testname="" - sparam="$CIPHER_SUITES" - - if [ ! -f "${P_R_SERVERDIR}/pkcs11.txt" ] ; then - html_failed "${SCRIPTNAME}: ${P_R_SERVERDIR} is not initialized" - return 1; - fi - - echo "Saving pkcs11.txt" - cp ${P_R_SERVERDIR}/pkcs11.txt ${P_R_SERVERDIR}/pkcs11.txt.sav - - # Disallow RSA in key exchange explicitly - setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_SERVERDIR} - - start_selfserv # Launch the server - - VMIN="ssl3" - VMAX="tls1.2" - - # Try to connect to the server with a ciphersuite using RSA in key exchange - echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" - echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}" - - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - RET_EXP=254 - ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ - -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - RET=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - - html_msg $RET $RET_EXP "${testname}" \ - "produced a returncode of $RET, expected is $RET_EXP" - - cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt - - kill_selfserv - html "</TABLE><BR>" -} - ############################# is_revoked ############################### # local shell function to check if certificate is revoked ######################################################################## @@ -1256,7 +1206,6 @@ ssl_run_tests() "policy") if [ "${TEST_MODE}" = "SHARED_DB" ] ; then ssl_policy_listsuites - ssl_policy_selfserv ssl_policy fi ;; |