| #! /bin/bash |
| # |
| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| |
| ######################################################################## |
| # |
| # mozilla/security/nss/tests/iopr/ssl_iopr.sh |
| # |
| # NSS SSL interoperability QA. This file is included from ssl.sh |
| # |
| # needs to work on all Unix and Windows platforms |
| # |
| # special strings |
| # --------------- |
| # FIXME ... known problems, search for this string |
| # NOTE .... unexpected behavior |
| ######################################################################## |
| IOPR_SSL_SOURCED=1 |
| |
| ######################################################################## |
| # The functions works with variables defined in interoperability |
| # configuration file that was downloaded from a webserver. |
| # It tries to find unrevoked cert based on value of variable |
| # "SslClntValidCertName" defined in the configuration file. |
| # Params NONE. |
| # Returns 0 if found, 1 otherwise. |
| # |
| setValidCert() { |
| testUser=$SslClntValidCertName |
| [ -z "$testUser" ] && return 1 |
| return 0 |
| } |
| |
| ######################################################################## |
| # The funtions works with variables defined in interoperability |
| # configuration file that was downloaded from a webserver. |
| # The function sets port, url, param and description test parameters |
| # that was defind for a particular type of testing. |
| # Params: |
| # $1 - supported types of testing. Currently have maximum |
| # of two: forward and reverse. But more can be defined. |
| # No return value |
| # |
| setTestParam() { |
| type=$1 |
| sslPort=`eval 'echo $'${type}Port` |
| sslUrl=`eval 'echo $'${type}Url` |
| testParam=`eval 'echo $'${type}Param` |
| testDescription=`eval 'echo $'${type}Descr` |
| [ -z "$sslPort" ] && sslPort=443 |
| [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html" |
| [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html" |
| } |
| |
| |
| ####################################################################### |
| # local shell function to perform SSL Cipher Suite Coverage tests |
| # in interoperability mode. Tests run against web server by using nss |
| # test client |
| # Params: |
| # $1 - supported type of testing. |
| # $2 - testing host |
| # $3 - nss db location |
| # No return value |
| # |
| ssl_iopr_cov_ext_server() |
| { |
| testType=$1 |
| host=$2 |
| dbDir=$3 |
| |
| setTestParam $testType |
| if [ "`echo $testParam | grep NOCOV`" != "" ]; then |
| echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \ |
| "run by server configuration" |
| return 0 |
| fi |
| |
| html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \ |
| "$BYPASS_STRING $NORM_EXT): $testDescription" |
| |
| setValidCert; ret=$? |
| if [ $ret -ne 0 ]; then |
| html_failed "Fail to find valid test cert(ws: $host)" |
| return $ret |
| fi |
| |
| SSL_REQ_FILE=${TMP}/sslreq.dat.$$ |
| echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE |
| echo >> $SSL_REQ_FILE |
| |
| while read ecc tls param testname therest; do |
| [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \ |
| "$ecc" = "ECC" ] && continue; |
| |
| echo "$SCRIPTNAME: running $testname ----------------------------" |
| TLS_FLAG=-T |
| if [ "$tls" = "TLS" ]; then |
| TLS_FLAG="" |
| fi |
| |
| resFile=${TMP}/$HOST.tmpRes.$$ |
| rm $resFile 2>/dev/null |
| |
| echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\" |
| echo " -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\" |
| echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile" |
| |
| ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \ |
| ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \ |
| -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1 |
| ret=$? |
| grep "ACCESS=OK" $resFile |
| test $? -eq 0 -a $ret -eq 0 |
| ret=$? |
| [ $ret -ne 0 ] && cat $resFile |
| rm -f $resFile 2>/dev/null |
| html_msg $ret 0 "${testname}" |
| done < ${SSLCOV} |
| rm -f $SSL_REQ_FILE 2>/dev/null |
| |
| html "</TABLE><BR>" |
| } |
| |
| ####################################################################### |
| # local shell function to perform SSL Client Authentication tests |
| # in interoperability mode. Tests run against web server by using nss |
| # test client |
| # Params: |
| # $1 - supported type of testing. |
| # $2 - testing host |
| # $3 - nss db location |
| # No return value |
| # |
| ssl_iopr_auth_ext_server() |
| { |
| testType=$1 |
| host=$2 |
| dbDir=$3 |
| |
| setTestParam $testType |
| if [ "`echo $testParam | grep NOAUTH`" != "" ]; then |
| echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \ |
| "run by server configuration" |
| return 0 |
| fi |
| |
| html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): |
| $testDescription" |
| |
| setValidCert;ret=$? |
| if [ $ret -ne 0 ]; then |
| html_failed "Fail to find valid test cert(ws: $host)" |
| return $ret |
| fi |
| |
| SSL_REQ_FILE=${TMP}/sslreq.dat.$$ |
| echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE |
| echo >> $SSL_REQ_FILE |
| |
| SSLAUTH_TMP=${TMP}/authin.tl.tmp |
| grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP} |
| |
| while read ecc value sparam cparam testname; do |
| [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; |
| |
| cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` |
| |
| echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\" |
| echo " -d ${dbDir} -v < ${SSL_REQ_FILE}" |
| |
| resFile=${TMP}/$HOST.tmp.$$ |
| rm $rsFile 2>/dev/null |
| |
| ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ |
| -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile 2>&1 |
| ret=$? |
| grep "ACCESS=OK" $resFile |
| test $? -eq 0 -a $ret -eq 0 |
| ret=$? |
| [ $ret -ne 0 ] && cat $resFile |
| rm $resFile 2>/dev/null |
| |
| html_msg $ret $value "${testname}. Client params: $cparam"\ |
| "produced a returncode of $ret, expected is $value" |
| done < ${SSLAUTH_TMP} |
| rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} |
| |
| html "</TABLE><BR>" |
| } |
| |
| ######################################################################## |
| # local shell function to perform SSL interoperability test with/out |
| # revoked certs tests. Tests run against web server by using nss |
| # test client |
| # Params: |
| # $1 - supported type of testing. |
| # $2 - testing host |
| # $3 - nss db location |
| # No return value |
| # |
| ssl_iopr_crl_ext_server() |
| { |
| testType=$1 |
| host=$2 |
| dbDir=$3 |
| |
| setTestParam $testType |
| if [ "`echo $testParam | grep NOCRL`" != "" ]; then |
| echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \ |
| "run by server configuration" |
| return 0 |
| fi |
| |
| html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription" |
| |
| SSL_REQ_FILE=${TMP}/sslreq.dat.$$ |
| echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE |
| echo >> $SSL_REQ_FILE |
| |
| SSLAUTH_TMP=${TMP}/authin.tl.tmp |
| grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \ |
| grep -v none > ${SSLAUTH_TMP} |
| |
| while read ecc value sparam _cparam testname; do |
| [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; |
| |
| rev_modvalue=254 |
| for testUser in $SslClntValidCertName $SslClntRevokedCertName; do |
| cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` |
| |
| echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\" |
| echo " -f -d ${dbDir} -v ${cparam} < ${SSL_REQ_FILE}" |
| resFile=${TMP}/$HOST.tmp.$$ |
| rm -f $resFile 2>/dev/null |
| ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ |
| -d ${dbDir} -v < ${SSL_REQ_FILE} \ |
| > $resFile 2>&1 |
| ret=$? |
| grep "ACCESS=OK" $resFile |
| test $? -eq 0 -a $ret -eq 0 |
| ret=$? |
| [ $ret -ne 0 ] && ret=$rev_modvalue; |
| [ $ret -ne 0 ] && cat $resFile |
| rm -f $resFile 2>/dev/null |
| |
| if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then |
| modvalue=$rev_modvalue |
| testAddMsg="revoked" |
| else |
| testAddMsg="not revoked" |
| modvalue=$value |
| fi |
| html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ |
| "produced a returncode of $ret, expected is $modvalue" |
| done |
| done < ${SSLAUTH_TMP} |
| rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} |
| |
| html "</TABLE><BR>" |
| } |
| |
| |
| ######################################################################## |
| # local shell function to perform SSL Cipher Coverage tests of nss server |
| # by invoking remote test client on web server side. |
| # Invoked only if reverse testing is supported by web server. |
| # Params: |
| # $1 - remote web server host |
| # $2 - open port to connect to invoke CGI script |
| # $3 - host where selfserv is running(name of the host nss tests |
| # are running) |
| # $4 - port where selfserv is running |
| # $5 - selfserv nss db location |
| # No return value |
| # |
| ssl_iopr_cov_ext_client() |
| { |
| host=$1 |
| port=$2 |
| sslHost=$3 |
| sslPort=$4 |
| serDbDir=$5 |
| |
| html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" |
| |
| setValidCert |
| ret=$? |
| if [ $res -ne 0 ]; then |
| html_failed "Fail to find valid test cert(ws: $host)" |
| return $ret |
| fi |
| |
| # P_R_SERVERDIR switch require for selfserv to work. |
| # Will be restored after test |
| OR_P_R_SERVERDIR=$P_R_SERVERDIR |
| P_R_SERVERDIR=$serDbDir |
| OR_P_R_CLIENTDIR=$P_R_CLIENTDIR |
| P_R_CLIENTDIR=$serDbDir |
| testname="" |
| sparam="-vvvc ABCDEFcdefgijklmnvyz" |
| # Launch the server |
| start_selfserv |
| |
| while read ecc tls param cipher therest; do |
| [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; |
| echo "============= Beginning of the test ====================" |
| echo |
| |
| is_selfserv_alive |
| |
| TEST_IN=${TMP}/${HOST}_IN.tmp.$$ |
| TEST_OUT=${TMP}/$HOST.tmp.$$ |
| rm -f $TEST_IN $TEST_OUT 2>/dev/null |
| |
| echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN |
| echo >> $TEST_IN |
| |
| echo "------- Request ----------------------" |
| cat $TEST_IN |
| echo "------- Command ----------------------" |
| echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ |
| -h $host \< $TEST_IN \>\> $TEST_OUT |
| |
| ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ |
| -h $host <$TEST_IN > $TEST_OUT |
| |
| echo "------- Server output Begin ----------" |
| cat $TEST_OUT |
| echo "------- Server output End ----------" |
| |
| echo "Checking for errors in log file..." |
| grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null |
| if [ $? -eq 0 ]; then |
| grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null |
| if [ $? -eq 0 ]; then |
| echo "Skiping test: no support for the cipher $cipher on server side" |
| continue |
| fi |
| |
| grep -i "SERVER ERROR:" $TEST_OUT |
| ret=$? |
| if [ $ret -eq 0 ]; then |
| echo "Found problems. Reseting exit code to failure." |
| |
| ret=1 |
| else |
| ret=0 |
| fi |
| else |
| echo "Script was not executed. Reseting exit code to failure." |
| ret=11 |
| fi |
| |
| html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \ |
| " produced a returncode of $ret, expected is 0" |
| rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null |
| done < ${SSLCOV} |
| kill_selfserv |
| |
| P_R_SERVERDIR=$OR_P_R_SERVERDIR |
| P_R_CLIENTDIR=$OR_P_R_CLIENTDIR |
| |
| rm -f ${TEST_IN} ${TEST_OUT} |
| html "</TABLE><BR>" |
| } |
| |
| ######################################################################## |
| # local shell function to perform SSL Authentication tests of nss server |
| # by invoking remove test client on web server side |
| # Invoked only if reverse testing is supported by web server. |
| # Params: |
| # $1 - remote web server host |
| # $2 - open port to connect to invoke CGI script |
| # $3 - host where selfserv is running(name of the host nss tests |
| # are running) |
| # $4 - port where selfserv is running |
| # $5 - selfserv nss db location |
| # No return value |
| # |
| ssl_iopr_auth_ext_client() |
| { |
| host=$1 |
| port=$2 |
| sslHost=$3 |
| sslPort=$4 |
| serDbDir=$5 |
| |
| html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" |
| |
| setValidCert |
| ret=$? |
| if [ $res -ne 0 ]; then |
| html_failed "Fail to find valid test cert(ws: $host)" |
| return $ret |
| fi |
| |
| OR_P_R_SERVERDIR=$P_R_SERVERDIR |
| P_R_SERVERDIR=${serDbDir} |
| OR_P_R_CLIENTDIR=$P_R_CLIENTDIR |
| P_R_CLIENTDIR=${serDbDir} |
| |
| SSLAUTH_TMP=${TMP}/authin.tl.tmp |
| |
| grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} |
| |
| while read ecc value sparam cparam testname; do |
| [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; |
| |
| echo "Server params: $sparam" |
| sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz" |
| start_selfserv |
| |
| TEST_IN=${TMP}/$HOST_IN.tmp.$$ |
| TEST_OUT=${TMP}/$HOST.tmp.$$ |
| rm -f $TEST_IN $TEST_OUT 2>/dev/null |
| |
| echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN |
| echo >> $TEST_IN |
| |
| echo "------- Request ----------------------" |
| cat $TEST_IN |
| echo "------- Command ----------------------" |
| echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ |
| -h $host \< $TEST_IN \>\> $TEST_OUT |
| |
| ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ |
| -h $host <$TEST_IN > $TEST_OUT |
| |
| echo "------- Server output Begin ----------" |
| cat $TEST_OUT |
| echo "------- Server output End ----------" |
| |
| echo "Checking for errors in log file..." |
| grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null |
| if [ $? -eq 0 ]; then |
| echo "Checking for error in log file..." |
| grep -i "SERVER ERROR:" $TEST_OUT |
| ret=$? |
| if [ $ret -eq 0 ]; then |
| echo "Found problems. Reseting exit code to failure." |
| ret=1 |
| else |
| ret=0 |
| fi |
| else |
| echo "Script was not executed. Reseting exit code to failure." |
| ret=11 |
| fi |
| |
| html_msg $ret $value "${testname}. Server params: $sparam"\ |
| "produced a returncode of $ret, expected is $value" |
| kill_selfserv |
| rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null |
| done < ${SSLAUTH_TMP} |
| |
| P_R_SERVERDIR=$OR_P_R_SERVERDIR |
| P_R_CLIENTDIR=$OR_P_R_CLIENTDIR |
| |
| rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT} |
| html "</TABLE><BR>" |
| } |
| |
| ######################################################################### |
| # local shell function to perform SSL CRL testing of nss server |
| # by invoking remote test client on web server side |
| # Invoked only if reverse testing is supported by web server. |
| # Params: |
| # $1 - remote web server host |
| # $2 - open port to connect to invoke CGI script |
| # $3 - host where selfserv is running(name of the host nss tests |
| # are running) |
| # $4 - port where selfserv is running |
| # $5 - selfserv nss db location |
| # No return value |
| # |
| ssl_iopr_crl_ext_client() |
| { |
| host=$1 |
| port=$2 |
| sslHost=$3 |
| sslPort=$4 |
| serDbDir=$5 |
| |
| html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" |
| |
| OR_P_R_SERVERDIR=$P_R_SERVERDIR |
| P_R_SERVERDIR=${serDbDir} |
| OR_P_R_CLIENTDIR=$P_R_CLIENTDIR |
| P_R_CLIENTDIR=$serDbDir |
| |
| SSLAUTH_TMP=${TMP}/authin.tl.tmp |
| grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} |
| |
| while read ecc value sparam _cparam testname; do |
| [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; |
| sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz" |
| start_selfserv |
| |
| for testUser in $SslClntValidCertName $SslClntRevokedCertName; do |
| |
| is_selfserv_alive |
| |
| TEST_IN=${TMP}/${HOST}_IN.tmp.$$ |
| TEST_OUT=${TMP}/$HOST.tmp.$$ |
| rm -f $TEST_IN $TEST_OUT 2>/dev/null |
| |
| echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN |
| echo >> $TEST_IN |
| |
| echo "------- Request ----------------------" |
| cat $TEST_IN |
| echo "------- Command ----------------------" |
| echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ |
| -h ${host} \< $TEST_IN \>\> $TEST_OUT |
| |
| ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ |
| -h ${host} <$TEST_IN > $TEST_OUT |
| echo "------- Request ----------------------" |
| cat $TEST_IN |
| echo "------- Server output Begin ----------" |
| cat $TEST_OUT |
| echo "------- Server output End ----------" |
| |
| echo "Checking for errors in log file..." |
| grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null |
| if [ $? -eq 0 ]; then |
| grep -i "SERVER ERROR:" $TEST_OUT |
| ret=$? |
| if [ $ret -eq 0 ]; then |
| echo "Found problems. Reseting exit code to failure." |
| ret=1 |
| else |
| ret=0 |
| fi |
| else |
| echo "Script was not executed. Reseting exit code to failure." |
| ret=11 |
| fi |
| |
| if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then |
| modvalue=1 |
| testAddMsg="revoked" |
| else |
| testAddMsg="not revoked" |
| modvalue=0 |
| fi |
| |
| html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ |
| "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)" |
| rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null |
| done |
| kill_selfserv |
| done < ${SSLAUTH_TMP} |
| |
| P_R_SERVERDIR=$OR_P_R_SERVERDIR |
| P_R_CLIENTDIR=$OR_P_R_CLIENTDIR |
| |
| rm -f ${SSLAUTH_TMP} |
| html "</TABLE><BR>" |
| } |
| |
| ##################################################################### |
| # Initial point for running ssl test againt multiple hosts involved in |
| # interoperability testing. Called from nss/tests/ssl/ssl.sh |
| # It will only proceed with test run for a specific host if environment variable |
| # IOPR_HOSTADDR_LIST was set, had the host name in the list |
| # and all needed file were successfully downloaded and installed for the host. |
| # |
| # Returns 1 if interoperability testing is off, 0 otherwise. |
| # |
| ssl_iopr_run() { |
| if [ "$IOPR" -ne 1 ]; then |
| return 1 |
| fi |
| cd ${CLIENTDIR} |
| |
| ORIG_ECC_CERT=${NO_ECC_CERTS} |
| NO_ECC_CERTS=1 # disable ECC for interoperability tests |
| |
| NSS_SSL_ENABLE_RENEGOTIATION=u |
| export NSS_SSL_ENABLE_RENEGOTIATION |
| |
| num=1 |
| IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` |
| while [ "$IOPR_HOST_PARAM" ]; do |
| IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` |
| IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` |
| [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443 |
| |
| . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg |
| RES=$? |
| |
| if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then |
| num=`expr $num + 1` |
| IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` |
| continue |
| fi |
| |
| #======================================================= |
| # Check if server is capable to run ssl tests |
| # |
| [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue; |
| |
| # Testing directories defined by webserver. |
| echo "Testing ssl interoperability. |
| Client: local(tstclnt). |
| Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)" |
| |
| for sslTestType in ${supportedTests_new}; do |
| if [ -z "`echo $sslTestType | grep -i ssl`" ]; then |
| continue |
| fi |
| ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \ |
| ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} |
| ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \ |
| ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} |
| ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \ |
| ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} |
| done |
| |
| |
| # Testing selfserv with client located at the webserver. |
| echo "Testing ssl interoperability. |
| Client: remote($IOPR_HOSTADDR:$PORT) |
| Server: local(selfserv)" |
| ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ |
| ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} |
| ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ |
| ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} |
| ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ |
| ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} |
| echo "================================================" |
| echo "Done testing interoperability with $IOPR_HOSTADDR" |
| num=`expr $num + 1` |
| IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` |
| done |
| NO_ECC_CERTS=${ORIG_ECC_CERTS} |
| return 0 |
| } |
| |