summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cmd/selfserv/selfserv.c14
-rwxr-xr-xtests/ssl/ssl.sh61
2 files changed, 12 insertions, 63 deletions
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
index f18d4a15d..e3dccf144 100644
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -2494,13 +2494,6 @@ main(int argc, char **argv)
break;
}
- /* Call the NSS initialization routines */
- rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
- if (rv != SECSuccess) {
- fputs("NSS_Init failed.\n", stderr);
- exit(8);
- }
-
/* The -b (bindOnly) option is only used by the ssl.sh test
* script on Linux to determine whether a previous selfserv
* process has fully died and freed the port. (Bug 129701)
@@ -2610,6 +2603,13 @@ main(int argc, char **argv)
/* set our password function */
PK11_SetPasswordFunc(SECU_GetModulePassword);
+ /* Call the NSS initialization routines */
+ rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+ if (rv != SECSuccess) {
+ fputs("NSS_Init failed.\n", stderr);
+ exit(8);
+ }
+
/* all SSL3 cipher suites are enabled by default. */
if (cipherString) {
char *cstringSaved = cipherString;
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
index 580fe16e0..4f5bb55bf 100755
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -682,8 +682,7 @@ ssl_crl_ssl()
setup_policy()
{
policy="$1"
- outdir="$2"
- OUTFILE="${outdir}/pkcs11.txt"
+ OUTFILE=${P_R_CLIENTDIR}/pkcs11.txt
cat > "$OUTFILE" << ++EOF++
library=
name=NSS Internal PKCS #11 Module
@@ -699,7 +698,7 @@ NSS=trustOrder=100
++EOF++
echo "******************************Testing with: "
- cat "$OUTFILE"
+ cat ${P_R_CLIENTDIR}/pkcs11.txt
echo "******************************"
}
@@ -746,7 +745,7 @@ ssl_policy()
# load the policy
policy=`echo ${policy} | sed -e 's;_; ;g'`
- setup_policy "$policy" ${P_R_CLIENTDIR}
+ setup_policy "$policy"
echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
@@ -800,7 +799,7 @@ ssl_policy_listsuites()
cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav
# Disallow all explicitly
- setup_policy "disallow=all" ${P_R_CLIENTDIR}
+ setup_policy "disallow=all"
RET_EXP=1
list_enabled_suites | grep '^TLS_'
RET=$?
@@ -808,7 +807,7 @@ ssl_policy_listsuites()
"produced a returncode of $RET, expected is $RET_EXP"
# Disallow RSA in key exchange explicitly
- setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_CLIENTDIR}
+ setup_policy "disallow=rsa/ssl-key-exchange"
RET_EXP=1
list_enabled_suites | grep '^TLS_RSA_'
RET=$?
@@ -820,55 +819,6 @@ ssl_policy_listsuites()
html "</TABLE><BR>"
}
-############################## ssl_policy_selfserv #####################
-# local shell function to perform SSL Policy tests, using selfserv
-########################################################################
-ssl_policy_selfserv()
-{
- #verbose="-v"
- html_head "SSL POLICY SELFSERV $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
-
- testname=""
- sparam="$CIPHER_SUITES"
-
- if [ ! -f "${P_R_SERVERDIR}/pkcs11.txt" ] ; then
- html_failed "${SCRIPTNAME}: ${P_R_SERVERDIR} is not initialized"
- return 1;
- fi
-
- echo "Saving pkcs11.txt"
- cp ${P_R_SERVERDIR}/pkcs11.txt ${P_R_SERVERDIR}/pkcs11.txt.sav
-
- # Disallow RSA in key exchange explicitly
- setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_SERVERDIR}
-
- start_selfserv # Launch the server
-
- VMIN="ssl3"
- VMAX="tls1.2"
-
- # Try to connect to the server with a ciphersuite using RSA in key exchange
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
- echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
-
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- RET_EXP=254
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
- -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- RET=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
- html_msg $RET $RET_EXP "${testname}" \
- "produced a returncode of $RET, expected is $RET_EXP"
-
- cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt
-
- kill_selfserv
- html "</TABLE><BR>"
-}
-
############################# is_revoked ###############################
# local shell function to check if certificate is revoked
########################################################################
@@ -1256,7 +1206,6 @@ ssl_run_tests()
"policy")
if [ "${TEST_MODE}" = "SHARED_DB" ] ; then
ssl_policy_listsuites
- ssl_policy_selfserv
ssl_policy
fi
;;
View Lorry Controller Status