search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / tests / iopr / ssl_iopr.sh
blobf8c97185cdea6f60b44313219a3620caecb2c7d1
1 #! /bin/sh
2 #
3 # ***** BEGIN LICENSE BLOCK *****
4 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 #
6 # The contents of this file are subject to the Mozilla Public License Version
7 # 1.1 (the "License"); you may not use this file except in compliance with
8 # the License. You may obtain a copy of the License at
9 # http://www.mozilla.org/MPL/
10 #
11 # Software distributed under the License is distributed on an "AS IS" basis,
12 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 # for the specific language governing rights and limitations under the
14 # License.
15 #
16 # The Original Code is the Netscape security libraries.
17 #
18 # The Initial Developer of the Original Code is
19 # Netscape Communications Corporation.
20 # Portions created by the Initial Developer are Copyright (C) 1994-2000
21 # the Initial Developer. All Rights Reserved.
22 #
23 # Alternatively, the contents of this file may be used under the terms of
24 # either the GNU General Public License Version 2 or later (the "GPL"), or
25 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 # in which case the provisions of the GPL or the LGPL are applicable instead
27 # of those above. If you wish to allow use of your version of this file only
28 # under the terms of either the GPL or the LGPL, and not to allow others to
29 # use your version of this file under the terms of the MPL, indicate your
30 # decision by deleting the provisions above and replace them with the notice
31 # and other provisions required by the GPL or the LGPL. If you do not delete
32 # the provisions above, a recipient may use your version of this file under
33 # the terms of any one of the MPL, the GPL or the LGPL.
34 #
35 # ***** END LICENSE BLOCK *****
36
37 ########################################################################
38 #
39 # mozilla/security/nss/tests/iopr/ssl_iopr.sh
40 #
41 # NSS SSL interoperability QA. This file is included from ssl.sh
42 #
43 # needs to work on all Unix and Windows platforms
44 #
45 # special strings
46 # ---------------
47 # FIXME ... known problems, search for this string
48 # NOTE .... unexpected behavior
49 #
50 # FIXME - Netscape - NSS
51 ########################################################################
52 IOPR_SSL_SOURCED=1
53
54 ########################################################################
55 # The functions works with variables defined in interoperability
56 # configuration file that was downloaded from a webserver.
57 # It tries to find unrevoked cert based on value of variable
58 # "SslClntValidCertName" defined in the configuration file.
59 # Params NONE.
60 # Returns 0 if found, 1 otherwise.
61 #
62 setValidCert() {
63 testUser=$SslClntValidCertName
64 [ -z "$testUser" ] && return 1
65 return 0
66 }
67
68 ########################################################################
69 # The funtions works with variables defined in interoperability
70 # configuration file that was downloaded from a webserver.
71 # The function sets port, url, param and description test parameters
72 # that was defind for a particular type of testing.
73 # Params:
74 # $1 - supported types of testing. Currently have maximum
75 # of two: forward and reverse. But more can be defined.
76 # No return value
77 #
78 setTestParam() {
79 type=$1
80 sslPort=`eval 'echo $'${type}Port`
81 sslUrl=`eval 'echo $'${type}Url`
82 testParam=`eval 'echo $'${type}Param`
83 testDescription=`eval 'echo $'${type}Descr`
84 [ -z "$sslPort" ] && sslPort=443
85 [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
86 [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
87 }
88
89
90 #######################################################################
91 # local shell function to perform SSL Cipher Suite Coverage tests
92 # in interoperability mode. Tests run against web server by using nss
93 # test client
94 # Params:
95 # $1 - supported type of testing.
96 # $2 - testing host
97 # $3 - nss db location
98 # No return value
99 #
100 ssl_iopr_cov_ext_server()
101 {
102 testType=$1
103 host=$2
104 dbDir=$3
105
106 setTestParam $testType
107 if [ "`echo $testParam | grep NOCOV`" != "" ]; then
108 echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
109 "run by server configuration"
110 return 0
111 fi
112
113 html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
114 "$BYPASS_STRING $NORM_EXT): $testDescription"
115
116 setValidCert; ret=$?
117 if [ $ret -ne 0 ]; then
118 html_failed "<TR><TD>Fail to find valid test cert(ws: $host)"
119 return $ret
120 fi
121
122 SSL_REQ_FILE=${TMP}/sslreq.dat.$$
123 echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
124 echo >> $SSL_REQ_FILE
125
126 while read ecc tls param testname therest; do
127 [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
128 "$ecc" = "ECC" ] && continue;
129
130 echo "$SCRIPTNAME: running $testname ----------------------------"
131 TLS_FLAG=-T
132 if [ "$tls" = "TLS" ]; then
133 TLS_FLAG=""
134 fi
135
136 resFile=${TMP}/$HOST.tmpRes.$$
137 rm $resFile 2>/dev/null
138
139 echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
140 echo " -n $testUser -w nss ${CLIEN_OPTIONS} -f \\"
141 echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
142
143 tstclnt -w nss -p ${sslPort} -h ${host} -c ${param} \
144 ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -w nss \
145 -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1
146 ret=$?
147 grep "ACCESS=OK" $resFile
148 test $? -eq 0 -a $ret -eq 0
149 ret=$?
150 [ $ret -ne 0 ] && cat ${TMP}/$HOST.tmp.$$
151 rm -f $resFile 2>/dev/null
152 html_msg $ret 0 "${testname}"
153 done < ${SSLCOV}
154 rm -f $SSL_REQ_FILE 2>/dev/null
155
156 html "</TABLE><BR>"
157 }
158
159 #######################################################################
160 # local shell function to perform SSL Client Authentication tests
161 # in interoperability mode. Tests run against web server by using nss
162 # test client
163 # Params:
164 # $1 - supported type of testing.
165 # $2 - testing host
166 # $3 - nss db location
167 # No return value
168 #
169 ssl_iopr_auth_ext_server()
170 {
171 testType=$1
172 host=$2
173 dbDir=$3
174
175 setTestParam $testType
176 if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
177 echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
178 "run by server configuration"
179 return 0
180 fi
181
182 html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
183 $testDescription"
184
185 setValidCert;ret=$?
186 if [ $ret -ne 0 ]; then
187 html_failed "<TR><TD>Fail to find valid test cert(ws: $host)"
188 return $ret
189 fi
190
191 SSL_REQ_FILE=${TMP}/sslreq.dat.$$
192 echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
193 echo >> $SSL_REQ_FILE
194
195 SSLAUTH_TMP=${TMP}/authin.tl.tmp
196 grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}
197
198 while read ecc value sparam cparam testname; do
199 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
200
201 cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
202
203 echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
204 echo " -d ${dbDir} < ${SSL_REQ_FILE}"
205
206 resFile=${TMP}/$HOST.tmp.$$
207 rm $rsFile 2>/dev/null
208
209 tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
210 -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1
211 ret=$?
212 grep "ACCESS=OK" $resFile
213 test $? -eq 0 -a $ret -eq 0
214 ret=$?
215 [ $ret -ne 0 ] && cat $resFile
216 rm $resFile 2>/dev/null
217
218 html_msg $ret $value "${testname}. Client params: $cparam"\
219 "produced a returncode of $ret, expected is $value"
220 done < ${SSLAUTH_TMP}
221 rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
222
223 html "</TABLE><BR>"
224 }
225
226 ########################################################################
227 # local shell function to perform SSL interoperability test with/out
228 # revoked certs tests. Tests run against web server by using nss
229 # test client
230 # Params:
231 # $1 - supported type of testing.
232 # $2 - testing host
233 # $3 - nss db location
234 # No return value
235 #
236 ssl_iopr_crl_ext_server()
237 {
238 testType=$1
239 host=$2
240 dbDir=$3
241
242 setTestParam $testType
243 if [ "`echo $testParam | grep NOCRL`" != "" ]; then
244 echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
245 "run by server configuration"
246 return 0
247 fi
248
249 html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
250
251 SSL_REQ_FILE=${TMP}/sslreq.dat.$$
252 echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
253 echo >> $SSL_REQ_FILE
254
255 SSLAUTH_TMP=${TMP}/authin.tl.tmp
256 grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
257 grep -v none > ${SSLAUTH_TMP}
258
259 while read ecc value sparam _cparam testname; do
260 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
261
262 rev_modvalue=254
263 for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
264 cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
265
266 echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
267 echo " -f -d ${dbDir} ${cparam} < ${SSL_REQ_FILE}"
268 resFile=${TMP}/$HOST.tmp.$$
269 rm -f $resFile 2>/dev/null
270 tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
271 -d ${dbDir} < ${SSL_REQ_FILE} \
272 > $resFile 2>&1
273 ret=$?
274 grep "ACCESS=OK" $resFile
275 test $? -eq 0 -a $ret -eq 0
276 ret=$?
277 [ $ret -ne 0 ] && ret=$rev_modvalue;
278 [ $ret -ne 0 ] && cat $resFile
279 rm -f $resFile 2>/dev/null
280
281 if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
282 modvalue=$rev_modvalue
283 testAddMsg="revoked"
284 else
285 testAddMsg="not revoked"
286 modvalue=$value
287 fi
288 html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
289 "produced a returncode of $ret, expected is $modvalue"
290 done
291 done < ${SSLAUTH_TMP}
292 rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
293
294 html "</TABLE><BR>"
295 }
296
297
298 ########################################################################
299 # local shell function to perform SSL Cipher Coverage tests of nss server
300 # by invoking remote test client on web server side.
301 # Invoked only if reverse testing is supported by web server.
302 # Params:
303 # $1 - remote web server host
304 # $2 - open port to connect to invoke CGI script
305 # $3 - host where selfserv is running(name of the host nss tests
306 # are running)
307 # $4 - port where selfserv is running
308 # $5 - selfserv nss db location
309 # No return value
310 #
311 ssl_iopr_cov_ext_client()
312 {
313 host=$1
314 port=$2
315 sslHost=$3
316 sslPort=$4
317 serDbDir=$5
318
319 html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
320
321 setValidCert
322 ret=$?
323 if [ $res -ne 0 ]; then
324 html_failed "<TR><TD>Fail to find valid test cert(ws: $host)"
325 return $ret
326 fi
327
328 # P_R_SERVERDIR switch require for selfserv to work.
329 # Will be restored after test
330 OR_P_R_SERVERDIR=$P_R_SERVERDIR
331 P_R_SERVERDIR=$serDbDir
332 OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
333 P_R_CLIENTDIR=$serDbDir
334 testname=""
335 sparam="-vvvc ABCDEFcdefgijklmnvyz"
336 # Launch the server
337 start_selfserv
338
339 while read ecc tls param cipher therest; do
340 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
341 echo "============= Beginning of the test ===================="
342 echo
343
344 is_selfserv_alive
345
346 TEST_IN=${TMP}/${HOST}_IN.tmp.$$
347 TEST_OUT=${TMP}/$HOST.tmp.$$
348 rm -f $TEST_IN $TEST_OUT 2>/dev/null
349
350 echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
351 echo >> $TEST_IN
352
353 echo "------- Request ----------------------"
354 cat $TEST_IN
355 echo "------- Command ----------------------"
356 echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
357 -h $host \< $TEST_IN \>\> $TEST_OUT
358
359 tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
360 -h $host <$TEST_IN > $TEST_OUT
361
362 echo "------- Server output Begin ----------"
363 cat $TEST_OUT
364 echo "------- Server output End ----------"
365
366 echo "Checking for errors in log file..."
367 grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
368 if [ $? -eq 0 ]; then
369 grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
370 if [ $? -eq 0 ]; then
371 echo "Skiping test: no support for the cipher $cipher on server side"
372 continue
373 fi
374
375 grep -i "SERVER ERROR:" $TEST_OUT
376 ret=$?
377 if [ $ret -eq 0 ]; then
378 echo "Found problems. Reseting exit code to failure."
379
380 ret=1
381 else
382 ret=0
383 fi
384 else
385 echo "Script was not executed. Reseting exit code to failure."
386 ret=11
387 fi
388
389 html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
390 " produced a returncode of $ret, expected is 0"
391 rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
392 done < ${SSLCOV}
393 kill_selfserv
394
395 P_R_SERVERDIR=$OR_P_R_SERVERDIR
396
397 rm -f ${TEST_IN} ${TEST_OUT}
398 html "</TABLE><BR>"
399 }
400
401 ########################################################################
402 # local shell function to perform SSL Authentication tests of nss server
403 # by invoking remove test client on web server side
404 # Invoked only if reverse testing is supported by web server.
405 # Params:
406 # $1 - remote web server host
407 # $2 - open port to connect to invoke CGI script
408 # $3 - host where selfserv is running(name of the host nss tests
409 # are running)
410 # $4 - port where selfserv is running
411 # $5 - selfserv nss db location
412 # No return value
413 #
414 ssl_iopr_auth_ext_client()
415 {
416 host=$1
417 port=$2
418 sslHost=$3
419 sslPort=$4
420 serDbDir=$5
421
422 html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
423
424 setValidCert
425 ret=$?
426 if [ $res -ne 0 ]; then
427 html_failed "<TR><TD>Fail to find valid test cert(ws: $host)"
428 return $ret
429 fi
430
431 OR_P_R_SERVERDIR=$P_R_SERVERDIR
432 P_R_SERVERDIR=${serDbDir}
433 OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
434 P_R_CLIENTDIR=$serDbDir
435
436 SSLAUTH_TMP=${TMP}/authin.tl.tmp
437
438 grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
439
440 while read ecc value sparam cparam testname; do
441 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
442
443 echo "Server params: $sparam"
444 sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
445 start_selfserv
446
447 TEST_IN=${TMP}/$HOST_IN.tmp.$$
448 TEST_OUT=${TMP}/$HOST.tmp.$$
449 rm -f $TEST_IN $TEST_OUT 2>/dev/null
450
451 echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
452 echo >> $TEST_IN
453
454 echo "------- Request ----------------------"
455 cat $TEST_IN
456 echo "------- Command ----------------------"
457 echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
458 -h $host \< $TEST_IN \>\> $TEST_OUT
459
460 tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
461 -h $host <$TEST_IN > $TEST_OUT
462
463 echo "------- Server output Begin ----------"
464 cat $TEST_OUT
465 echo "------- Server output End ----------"
466
467 echo "Checking for errors in log file..."
468 grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
469 if [ $? -eq 0 ]; then
470 echo "Checking for error in log file..."
471 grep -i "SERVER ERROR:" $TEST_OUT
472 ret=$?
473 if [ $ret -eq 0 ]; then
474 echo "Found problems. Reseting exit code to failure."
475 ret=1
476 else
477 ret=0
478 fi
479 else
480 echo "Script was not executed. Reseting exit code to failure."
481 ret=11
482 fi
483
484 html_msg $ret $value "${testname}. Server params: $sparam"\
485 "produced a returncode of $ret, expected is $value"
486 kill_selfserv
487 rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
488 done < ${SSLAUTH_TMP}
489 P_R_SERVERDIR=$OR_P_R_SERVERDIR
490
491 rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
492 html "</TABLE><BR>"
493 }
494
495 #########################################################################
496 # local shell function to perform SSL CRL testing of nss server
497 # by invoking remote test client on web server side
498 # Invoked only if reverse testing is supported by web server.
499 # Params:
500 # $1 - remote web server host
501 # $2 - open port to connect to invoke CGI script
502 # $3 - host where selfserv is running(name of the host nss tests
503 # are running)
504 # $4 - port where selfserv is running
505 # $5 - selfserv nss db location
506 # No return value
507 #
508 ssl_iopr_crl_ext_client()
509 {
510 host=$1
511 port=$2
512 sslHost=$3
513 sslPort=$4
514 serDbDir=$5
515
516 html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
517
518 OR_P_R_SERVERDIR=$P_R_SERVERDIR
519 P_R_SERVERDIR=${serDbDir}
520 OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
521 P_R_CLIENTDIR=$serDbDir
522
523 SSLAUTH_TMP=${TMP}/authin.tl.tmp
524 grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
525
526 while read ecc value sparam _cparam testname; do
527 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
528 sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz"
529 start_selfserv
530
531 for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
532
533 is_selfserv_alive
534
535 TEST_IN=${TMP}/${HOST}_IN.tmp.$$
536 TEST_OUT=${TMP}/$HOST.tmp.$$
537 rm -f $TEST_IN $TEST_OUT 2>/dev/null
538
539 echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
540 echo >> $TEST_IN
541
542 echo "------- Request ----------------------"
543 cat $TEST_IN
544 echo "------- Command ----------------------"
545 echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
546 -h ${host} \< $TEST_IN \>\> $TEST_OUT
547
548 tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
549 -h ${host} <$TEST_IN > $TEST_OUT
550 echo "------- Request ----------------------"
551 cat $TEST_IN
552 echo "------- Server output Begin ----------"
553 cat $TEST_OUT
554 echo "------- Server output End ----------"
555
556 echo "Checking for errors in log file..."
557 grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
558 if [ $? -eq 0 ]; then
559 grep -i "SERVER ERROR:" $TEST_OUT
560 ret=$?
561 if [ $ret -eq 0 ]; then
562 echo "Found problems. Reseting exit code to failure."
563 ret=1
564 else
565 ret=0
566 fi
567 else
568 echo "Script was not executed. Reseting exit code to failure."
569 ret=11
570 fi
571
572 if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
573 modvalue=1
574 testAddMsg="revoked"
575 else
576 testAddMsg="not revoked"
577 modvalue=0
578 fi
579
580 html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
581 "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
582 rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
583 done
584 kill_selfserv
585 done < ${SSLAUTH_TMP}
586 P_R_SERVERDIR=$OR_P_R_SERVERDIR
587
588 rm -f ${SSLAUTH_TMP}
589 html "</TABLE><BR>"
590 }
591
592 #####################################################################
593 # Initial point for running ssl test againt multiple hosts involved in
594 # interoperability testing. Called from nss/tests/ssl/ssl.sh
595 # It will only proceed with test run for a specific host if environment variable
596 # IOPR_HOSTADDR_LIST was set, had the host name in the list
597 # and all needed file were successfully downloaded and installed for the host.
598 #
599 # Returns 1 if interoperability testing is off, 0 otherwise.
600 #
601 ssl_iopr_run() {
602 NO_ECC_CERTS=1 # disable ECC for interoperability tests
603
604 if [ "$IOPR" -ne 1 ]; then
605 return 1
606 fi
607 cd ${CLIENTDIR}
608
609 num=1
610 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
611 while [ "$IOPR_HOST_PARAM" ]; do
612 IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
613 IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
614 [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
615
616 . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
617 RES=$?
618
619 if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
620 num=`expr $num + 1`
621 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
622 continue
623 fi
624
625 #=======================================================
626 # Check if server is capable to run ssl tests
627 #
628 [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;
629
630 # Testing directories defined by webserver.
631 echo "Testing ssl interoperability.
632 Client: local(tstclnt).
633 Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
634
635 for sslTestType in ${supportedTests_new}; do
636 if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
637 continue
638 fi
639 ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
640 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
641 ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
642 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
643 ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
644 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
645 done
646
647
648 # Testing selfserv with client located at the webserver.
649 echo "Testing ssl interoperability.
650 Client: remote($IOPR_HOSTADDR:$PORT)
651 Server: local(selfserv)"
652 ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
653 ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
654 ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
655 ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
656 ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
657 ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
658 echo "================================================"
659 echo "Done testing interoperability with $IOPR_HOSTADDR"
660 num=`expr $num + 1`
661 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
662 done
663 NO_ECC_CERTS=0
664 return 0
665 }
666
Mozilla NSS module