mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 305147: add -B (bypass SSL) and -s (disable SSL locking) to server and client commands; add bypass testing to SSL test suite.

This commit is contained in:
saul.edwards%sun.com 2005-09-09 04:50:07 +00:00
Родитель 4b56704437
Коммит d016e006b8
4 изменённых файлов: 147 добавлений и 36 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

28
security/nss/cmd/selfserv/selfserv.c
Просмотреть файл

@ -200,16 +200,17 @@ Usage(const char *progName)
{ {
fprintf(stderr, fprintf(stderr,
"Usage: %s -n rsa_nickname -p port [-3DNRSTbmrvx] [-w password] [-t threads]\n" "Usage: %s -n rsa_nickname -p port [-3BDENRSTblmrsvx] [-w password] [-t threads]\n"
#ifdef NSS_ENABLE_ECC #ifdef NSS_ENABLE_ECC
" [-i pid_file] [-c ciphers] [-d dbdir] [-e ec_nickname] \n" " [-i pid_file] [-c ciphers] [-d dbdir] [-e ec_nickname] \n"
" [-f fortezza_nickname] [-L [seconds]] [-M maxProcs] [-l] [-P dbprefix]\n" " [-f fortezza_nickname] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
#else #else
" [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n" " [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n"
" [-L [seconds]] [-M maxProcs] [-l] [-P dbprefix]\n" " [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
#endif /* NSS_ENABLE_ECC */ #endif /* NSS_ENABLE_ECC */
"-S means disable SSL v2\n" "-S means disable SSL v2\n"
"-3 means disable SSL v3\n" "-3 means disable SSL v3\n"
"-B bypasses the PKCS11 layer for SSL encryption and MACing\n"
"-D means disable Nagle delays in TCP\n" "-D means disable Nagle delays in TCP\n"
"-E means disable export ciphersuites and SSL step down key gen\n" "-E means disable export ciphersuites and SSL step down key gen\n"
"-T means disable TLS\n" "-T means disable TLS\n"
@ -221,6 +222,7 @@ Usage(const char *progName)
" 2 -r's mean request and require, cert on initial handshake.\n" " 2 -r's mean request and require, cert on initial handshake.\n"
" 3 -r's mean request, not require, cert on second handshake.\n" " 3 -r's mean request, not require, cert on second handshake.\n"
" 4 -r's mean request and require, cert on second handshake.\n" " 4 -r's mean request and require, cert on second handshake.\n"
"-s means disable SSL socket locking for performance\n"
"-v means verbose output\n" "-v means verbose output\n"
"-x means use export policy.\n" "-x means use export policy.\n"
"-L seconds means log statistics every 'seconds' seconds (default=30).\n" "-L seconds means log statistics every 'seconds' seconds (default=30).\n"
@ -687,6 +689,8 @@ PRBool disableRollBack = PR_FALSE;
PRBool NoReuse = PR_FALSE; PRBool NoReuse = PR_FALSE;
PRBool hasSidCache = PR_FALSE; PRBool hasSidCache = PR_FALSE;
PRBool disableStepDown = PR_FALSE; PRBool disableStepDown = PR_FALSE;
PRBool bypassPKCS11 = PR_FALSE;
PRBool disableLocking = PR_FALSE;
static const char stopCmd[] = { "GET /stop " }; static const char stopCmd[] = { "GET /stop " };
static const char getCmd[] = { "GET " }; static const char getCmd[] = { "GET " };
@ -1405,6 +1409,18 @@ server_main(
errExit("error disabling SSL StepDown "); errExit("error disabling SSL StepDown ");
} }
} }
if (bypassPKCS11) {
rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, PR_TRUE);
if (rv != SECSuccess) {
errExit("error enabling PKCS11 bypass ");
}
}
if (disableLocking) {
rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, PR_TRUE);
if (rv != SECSuccess) {
errExit("error disabling SSL socket locking ");
}
}
for (kea = kt_rsa; kea < kt_kea_size; kea++) { for (kea = kt_rsa; kea < kt_kea_size; kea++) {
if (cert[kea] != NULL) { if (cert[kea] != NULL) {
@ -1647,7 +1663,7 @@ main(int argc, char **argv)
** numbers, then capital letters, then lower case, alphabetical. ** numbers, then capital letters, then lower case, alphabetical.
*/ */
optstate = PL_CreateOptState(argc, argv, optstate = PL_CreateOptState(argc, argv,
"2:3DEL:M:NP:RSTbc:d:e:f:hi:lmn:op:rt:vw:xy"); "2:3BDEL:M:NP:RSTbc:d:e:f:hi:lmn:op:rst:vw:xy");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
++optionsFound; ++optionsFound;
switch(optstate->option) { switch(optstate->option) {
@ -1655,6 +1671,8 @@ main(int argc, char **argv)
case '3': disableSSL3 = PR_TRUE; break; case '3': disableSSL3 = PR_TRUE; break;
case 'B': bypassPKCS11 = PR_TRUE; break;
case 'D': noDelay = PR_TRUE; break; case 'D': noDelay = PR_TRUE; break;
case 'E': disableStepDown = PR_TRUE; break; case 'E': disableStepDown = PR_TRUE; break;
@ -1712,6 +1730,8 @@ main(int argc, char **argv)
case 'r': ++requestCert; break; case 'r': ++requestCert; break;
case 's': disableLocking = PR_TRUE; break;
case 't': case 't':
maxThreads = PORT_Atoi(optstate->value); maxThreads = PORT_Atoi(optstate->value);
if ( maxThreads > MAX_THREADS ) maxThreads = MAX_THREADS; if ( maxThreads > MAX_THREADS ) maxThreads = MAX_THREADS;

32
security/nss/cmd/strsclnt/strsclnt.c
Просмотреть файл

@ -176,6 +176,8 @@ static SSL3Statistics * ssl3stats;
static int failed_already = 0; static int failed_already = 0;
static PRBool disableSSL3 = PR_FALSE; static PRBool disableSSL3 = PR_FALSE;
static PRBool disableTLS = PR_FALSE; static PRBool disableTLS = PR_FALSE;
static PRBool bypassPKCS11 = PR_FALSE;
static PRBool disableLocking = PR_FALSE;
char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
@ -201,19 +203,21 @@ Usage(const char *progName)
{ {
fprintf(stderr, fprintf(stderr,
"Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n" "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
" [-3DTovq] [-2 filename] [-P fullhandshakespercentage | -N]\n" " [-3BDNTovqs] [-2 filename] [-P fullhandshakespercentage | -N]\n"
" [-w dbpasswd] [-C cipher(s)] [-t threads] hostname\n" " [-w dbpasswd] [-C cipher(s)] [-t threads] hostname\n"
" where -v means verbose\n" " where -v means verbose\n"
" -o flag is interpreted as follows:\n" " -o flag is interpreted as follows:\n"
" 1 -o means override the result of server certificate validation.\n" " 1 -o means override the result of server certificate validation.\n"
" 2 -o's mean skip server certificate validation altogether.\n" " 2 -o's mean skip server certificate validation altogether.\n"
" -3 means disable SSL3\n"
" -D means no TCP delays\n" " -D means no TCP delays\n"
" -q means quit when server gone (timeout rather than retry forever)\n" " -q means quit when server gone (timeout rather than retry forever)\n"
" -s means disable SSL socket locking\n"
" -N means no session reuse\n" " -N means no session reuse\n"
" -P means do a specified percentage of full handshakes (0-100)\n" " -P means do a specified percentage of full handshakes (0-100)\n"
" -3 means disable SSL3\n"
" -T means disable TLS\n" " -T means disable TLS\n"
" -U means enable throttling up threads\n", " -U means enable throttling up threads\n"
" -B bypasses the PKCS11 layer for SSL encryption and MACing\n",
progName); progName);
exit(1); exit(1);
} }
@ -1199,6 +1203,20 @@ client_main(
} }
} }
if (bypassPKCS11) {
rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, 1);
if (rv < 0) {
errExit("SSL_OptionSet SSL_BYPASS_PKCS11");
}
}
if (disableLocking) {
rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, 1);
if (rv < 0) {
errExit("SSL_OptionSet SSL_NO_LOCKS");
}
}
SSL_SetURL(model_sock, hostName); SSL_SetURL(model_sock, hostName);
SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
@ -1305,7 +1323,7 @@ main(int argc, char **argv)
progName = progName ? progName + 1 : tmp; progName = progName ? progName + 1 : tmp;
optstate = PL_CreateOptState(argc, argv, "2:3C:DNP:TUc:d:n:op:qt:vw:"); optstate = PL_CreateOptState(argc, argv, "2:3BC:DNP:TUc:d:n:op:qst:vw:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) { switch(optstate->option) {
@ -1313,6 +1331,8 @@ main(int argc, char **argv)
case '3': disableSSL3 = PR_TRUE; break; case '3': disableSSL3 = PR_TRUE; break;
case 'B': bypassPKCS11 = PR_TRUE; break;
case 'C': cipherString = optstate->value; break; case 'C': cipherString = optstate->value; break;
case 'D': NoDelay = PR_TRUE; break; case 'D': NoDelay = PR_TRUE; break;
@ -1337,6 +1357,8 @@ main(int argc, char **argv)
case 'q': QuitOnTimeout = PR_TRUE; break; case 'q': QuitOnTimeout = PR_TRUE; break;
case 's': disableLocking = PR_TRUE; break;
case 't': case 't':
tmpInt = PORT_Atoi(optstate->value); tmpInt = PORT_Atoi(optstate->value);
if (tmpInt > 0 && tmpInt < MAX_THREADS) if (tmpInt > 0 && tmpInt < MAX_THREADS)

28
security/nss/cmd/tstclnt/tstclnt.c
Просмотреть файл

@ -214,7 +214,7 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
static void Usage(const char *progName) static void Usage(const char *progName)
{ {
fprintf(stderr, fprintf(stderr,
"Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23Tfovx] \n" "Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvx] \n"
" [-c ciphers] [-w passwd] [-q]\n", progName); " [-c ciphers] [-w passwd] [-q]\n", progName);
fprintf(stderr, "%-20s Hostname to connect with\n", "-h host"); fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
fprintf(stderr, "%-20s Port number for SSL server\n", "-p port"); fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
@ -223,11 +223,14 @@ static void Usage(const char *progName)
"-d certdir"); "-d certdir");
fprintf(stderr, "%-20s Nickname of key and cert for client auth\n", fprintf(stderr, "%-20s Nickname of key and cert for client auth\n",
"-n nickname"); "-n nickname");
fprintf(stderr,
"%-20s Bypass PKCS11 layer for SSL encryption and MACing.\n", "-B");
fprintf(stderr, "%-20s Disable SSL v2.\n", "-2"); fprintf(stderr, "%-20s Disable SSL v2.\n", "-2");
fprintf(stderr, "%-20s Disable SSL v3.\n", "-3"); fprintf(stderr, "%-20s Disable SSL v3.\n", "-3");
fprintf(stderr, "%-20s Disable TLS (SSL v3.1).\n", "-T"); fprintf(stderr, "%-20s Disable TLS (SSL v3.1).\n", "-T");
fprintf(stderr, "%-20s Client speaks first. \n", "-f"); fprintf(stderr, "%-20s Client speaks first. \n", "-f");
fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o"); fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o");
fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s");
fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v"); fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
fprintf(stderr, "%-20s Use export policy.\n", "-x"); fprintf(stderr, "%-20s Use export policy.\n", "-x");
fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q"); fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
@ -448,6 +451,8 @@ int main(int argc, char **argv)
int disableSSL2 = 0; int disableSSL2 = 0;
int disableSSL3 = 0; int disableSSL3 = 0;
int disableTLS = 0; int disableTLS = 0;
int bypassPKCS11 = 0;
int disableLocking = 0;
int useExportPolicy = 0; int useExportPolicy = 0;
PRSocketOptionData opt; PRSocketOptionData opt;
PRNetAddr addr; PRNetAddr addr;
@ -466,7 +471,7 @@ int main(int argc, char **argv)
progName = strrchr(argv[0], '\\'); progName = strrchr(argv[0], '\\');
progName = progName ? progName+1 : argv[0]; progName = progName ? progName+1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "23Tfc:h:p:d:m:n:oqvw:x"); optstate = PL_CreateOptState(argc, argv, "23BTfc:h:p:d:m:n:oqsvw:x");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) { switch (optstate->option) {
case '?': case '?':
@ -476,6 +481,8 @@ int main(int argc, char **argv)
case '3': disableSSL3 = 1; break; case '3': disableSSL3 = 1; break;
case 'B': bypassPKCS11 = 1; break;
case 'T': disableTLS = 1; break; case 'T': disableTLS = 1; break;
case 'c': cipherString = strdup(optstate->value); break; case 'c': cipherString = strdup(optstate->value); break;
@ -503,6 +510,8 @@ int main(int argc, char **argv)
case 'q': pingServerFirst = PR_TRUE; break; case 'q': pingServerFirst = PR_TRUE; break;
case 's': disableLocking = 1; break;
case 'v': verbose++; break; case 'v': verbose++; break;
case 'w': case 'w':
@ -703,6 +712,21 @@ int main(int argc, char **argv)
return 1; return 1;
} }
/* enable PKCS11 bypass */
rv = SSL_OptionSet(s, SSL_BYPASS_PKCS11, bypassPKCS11);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling PKCS11 bypass");
return 1;
}
/* disable SSL socket locking */
rv = SSL_OptionSet(s, SSL_NO_LOCKS, disableLocking);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error disabling SSL socket locking");
return 1;
}
if (useCommandLinePassword) { if (useCommandLinePassword) {
SSL_SetPKCS11PinArg(s, password); SSL_SetPKCS11PinArg(s, password);
} }

95
security/nss/tests/ssl/ssl.sh
Просмотреть файл

@ -136,15 +136,17 @@ is_selfserv_alive()
######################################################################## ########################################################################
wait_for_selfserv() wait_for_selfserv()
{ {
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -q \\" echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
#echo "tstclnt -q started at `date`" #echo "tstclnt -q started at `date`"
tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
html_failed "<TR><TD> Wait for Server " html_failed "<TR><TD> Wait for Server "
echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} -q \\" echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
elif [ sparam = "-c ABCDEFabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then elif [ sparam = "-c ABCDEFabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then
html_passed "<TR><TD> Wait for Server" html_passed "<TR><TD> Wait for Server"
fi fi
@ -187,15 +189,15 @@ start_selfserv()
echo "$SCRIPTNAME: $testname ----" echo "$SCRIPTNAME: $testname ----"
fi fi
sparam=`echo $sparam | sed -e 's;_; ;g'` sparam=`echo $sparam | sed -e 's;_; ;g'`
echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \\" echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
echo " -w nss ${sparam} -i ${R_SERVERPID} $verbose &" echo " -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
echo "selfserv started at `date`" echo "selfserv started at `date`"
if [ ${fileout} -eq 1 ]; then if [ ${fileout} -eq 1 ]; then
selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \ selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
-w nss ${sparam} -i ${R_SERVERPID} $verbose \ -w nss ${sparam} -i ${R_SERVERPID} $verbose \
> ${SERVEROUTFILE} 2>&1 & > ${SERVEROUTFILE} 2>&1 &
else else
selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \ selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
-w nss ${sparam} -i ${R_SERVERPID} $verbose & -w nss ${sparam} -i ${R_SERVERPID} $verbose &
fi fi
# The PID $! returned by the MKS or Cygwin shell is not the PID of # The PID $! returned by the MKS or Cygwin shell is not the PID of
@ -219,7 +221,7 @@ start_selfserv()
######################################################################## ########################################################################
ssl_cov() ssl_cov()
{ {
html_head "SSL Cipher Coverage $NORM_EXT" html_head "SSL Cipher Coverage $NORM_EXT - $BYPASS_STRING"
testname="" testname=""
sparam="-c ABCDEFabcdefghijklmnvyz" sparam="-c ABCDEFabcdefghijklmnvyz"
@ -231,7 +233,7 @@ ssl_cov()
do do
p=`echo "$testname" | sed -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS p=`echo "$testname" | sed -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS
if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended Test" ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ "$tls" != "#" ] ; then elif [ "$tls" != "#" ] ; then
echo "$SCRIPTNAME: running $testname ----------------------------" echo "$SCRIPTNAME: running $testname ----------------------------"
@ -241,11 +243,11 @@ ssl_cov()
fi fi
is_selfserv_alive is_selfserv_alive
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} \\" echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} -f \ tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} -f \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1 >${TMP}/$HOST.tmp.$$ 2>&1
ret=$? ret=$?
@ -264,7 +266,7 @@ ssl_cov()
######################################################################## ########################################################################
ssl_auth() ssl_auth()
{ {
html_head "SSL Client Authentication $NORM_EXT" html_head "SSL Client Authentication $NORM_EXT - $BYPASS_STRING"
while read value sparam cparam testname while read value sparam cparam testname
do do
@ -272,10 +274,10 @@ ssl_auth()
cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
start_selfserv start_selfserv
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} \\" echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} \\"
echo " ${cparam} < ${REQUEST_FILE}" echo " ${cparam} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1 >${TMP}/$HOST.tmp.$$ 2>&1
ret=$? ret=$?
@ -297,12 +299,12 @@ ssl_auth()
######################################################################## ########################################################################
ssl_stress() ssl_stress()
{ {
html_head "SSL Stress Test $NORM_EXT" html_head "SSL Stress Test $NORM_EXT - $BYPASS_STRING"
while read value sparam cparam testname while read value sparam cparam testname
do do
p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS
if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended Test" ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ $value != "#" ]; then elif [ $value != "#" ]; then
cparam=`echo $cparam | sed -e 's;_; ;g'` cparam=`echo $cparam | sed -e 's;_; ;g'`
@ -312,10 +314,10 @@ ssl_stress()
ps -ef | grep selfserv ps -ef | grep selfserv
fi fi
echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} -w nss $cparam \\" echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \\"
echo " $verbose ${HOSTADDR}" echo " $verbose ${HOSTADDR}"
echo "strsclnt started at `date`" echo "strsclnt started at `date`"
strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} -w nss $cparam \ strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
$verbose ${HOSTADDR} $verbose ${HOSTADDR}
ret=$? ret=$?
echo "strsclnt completed at `date`" echo "strsclnt completed at `date`"
@ -610,16 +612,16 @@ ssl_cleanup()
. common/cleanup.sh . common/cleanup.sh
} }
################## main #################################################
#this script may be sourced from the distributed stress test - in this case do nothing... ############################## ssl_run ### #############################
# local shell function to run both standard and extended ssl tests
if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then ########################################################################
ssl_run()
{
ssl_init ssl_init
ssl_cov ssl_cov
ssl_auth ssl_auth
ssl_crl_ssl
ssl_crl_cache
ssl_stress ssl_stress
SERVERDIR=$EXT_SERVERDIR SERVERDIR=$EXT_SERVERDIR
@ -629,10 +631,53 @@ if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then
P_R_SERVERDIR=$P_R_EXT_SERVERDIR P_R_SERVERDIR=$P_R_EXT_SERVERDIR
P_R_CLIENTDIR=$P_R_EXT_CLIENTDIR P_R_CLIENTDIR=$P_R_EXT_CLIENTDIR
USER_NICKNAME=ExtendedSSLUser USER_NICKNAME=ExtendedSSLUser
NORM_EXT="Extended test" NORM_EXT="Extended Test"
cd ${CLIENTDIR} cd ${CLIENTDIR}
ssl_cov ssl_cov
ssl_auth ssl_auth
ssl_stress ssl_stress
# the next round off ssl tests will only run if these vars are reset
SERVERDIR=$ORIG_SERVERDIR
CLIENTDIR=$ORIG_CLIENTDIR
R_SERVERDIR=$ORIG_R_SERVERDIR
R_CLIENTDIR=$ORIG_R_CLIENTDIR
P_R_SERVERDIR=$ORIG_P_R_SERVERDIR
P_R_CLIENTDIR=$ORIG_P_R_CLIENTDIR
USER_NICKNAME=TestUser
NORM_EXT=
cd ${QADIR}/ssl
ssl_cleanup ssl_cleanup
}
################## main #################################################
#this script may be sourced from the distributed stress test - in this case do nothing...
if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then
ssl_init
# save the directories as setup by init.sh
ORIG_SERVERDIR=$SERVERDIR
ORIG_CLIENTDIR=$CLIENTDIR
ORIG_R_SERVERDIR=$R_SERVERDIR
ORIG_R_CLIENTDIR=$R_CLIENTDIR
ORIG_P_R_SERVERDIR=$P_R_SERVERDIR
ORIG_P_R_CLIENTDIR=$P_R_CLIENTDIR
ssl_crl_ssl
ssl_crl_cache
ssl_cleanup
# Test all combinations of server bypass and client bypass
CLIENT_OPTIONS="-B -s"
SERVER_OPTIONS=""
BYPASS_STRING="Client Bypass"
ssl_run
SERVER_OPTIONS="-B -s"
CLIENT_OPTIONS=""
BYPASS_STRING="Server Bypass"
ssl_run
fi fi