Bugzilla Bug 324887: merged ECC and non-ECC QA test scripts and removed

ECC QA test scripts. The patch is written by Vipul Gupta and Christophe Ravel of Sun. r=wtc,nelsonb,jpierre Modified Files: cert/cert.sh smime/smime.sh ssl/ssl.sh ssl/sslauth.txt ssl/sslcov.txt ssl/sslstress.txt tools/tools.sh Removed Files: fixtests.sh cert/eccert.sh smime/ecsmime.sh ssl/ecssl.sh ssl/ecsslauth.txt ssl/ecsslcov.txt ssl/ecsslstress.txt tools/ectools.sh
2006-03-03 20:06:03 +00:00 · 2006-03-03 20:06:03 +00:00 · f1ca8f1fd1
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@ -21,6 +21,7 @@
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -75,7 +76,11 @@ cert_init()
  fi
  SCRIPTNAME="cert.sh"
  CRL_GRP_DATE=`date "+%Y%m%d%H%M%SZ"`
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      html_head "Certutil and Crlutil Tests with ECC"
  else
      html_head "Certutil and Crlutil Tests"
  fi
  ################## Generate noise for our CA cert. ######################
  # NOTE: these keys are only suitable for testing, as this whole thing 
@ -140,7 +145,7 @@ certu()
    return $RET
 }
-################################ certu #################################
+################################ crlu #################################
 # local shell function to call crlutil, also: writes action and options to
 # stdout, sets variable RET and writes results to the html file results
 ########################################################################
@ -257,6 +262,14 @@ cert_create_cert()
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    if [ -n "$NSS_ENABLE_ECC" ] ; then
 	CU_ACTION="Import EC Root CA for $CERTNAME"
 	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
 	    -d "${PROFILEDIR}" -i "${R_CADIR}/ecroot.cert" 2>&1
 	if [ "$RET" -ne 0 ]; then
            return $RET
 	fi
    fi
    cert_add_cert "$5"
    return $?
 }
@ -270,7 +283,6 @@ cert_create_cert()
 ########################################################################
 cert_add_cert()
 {
    CU_ACTION="Generate Cert Request for $CERTNAME"
    CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
    certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
@ -293,6 +305,36 @@ cert_add_cert()
    fi
    cert_log "SUCCESS: $CERTNAME's Cert Created"
 #
 #   Generate and add EC cert
 #
    if [ -n "$NSS_ENABLE_ECC" ] ; then
 	CURVE="secp384r1"
 	CU_ACTION="Generate EC Cert Request for $CERTNAME"
 	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
 	    -z "${R_NOISE_FILE}" -o req  2>&1
 	if [ "$RET" -ne 0 ]; then
            return $RET
 	fi
 	CU_ACTION="Sign ${CERTNAME}'s EC Request"
 	certu -C -c "TestCA-ec" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
            -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" "$1" 2>&1
 	if [ "$RET" -ne 0 ]; then
            return $RET
 	fi
 	CU_ACTION="Import $CERTNAME's EC Cert"
 	certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
 	    -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
 	if [ "$RET" -ne 0 ]; then
            return $RET
 	fi
 	cert_log "SUCCESS: $CERTNAME's EC Cert Created"
    fi
    return 0
 }
@ -325,8 +367,37 @@ cert_all_CA()
    cert_CA $CLIENT_CADIR chain-2-clientCA "-c chain-1-clientCA" "u,u,u" ${D_CLIENT_CA} "7"
    rm $CLIENT_CADIR/root.cert $SERVER_CADIR/root.cert
-    # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is the one of the last 
+
    # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
    # in the chain
    if [ -n "$NSS_ENABLE_ECC" ] ; then
 #
 #       Create EC version of TestCA
 	CA_CURVE="secp521r1"
 	ALL_CU_SUBJECT="CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 	cert_ec_CA $CADIR TestCA-ec -x "CTu,CTu,CTu" ${D_CA} "1" ${CA_CURVE}
 #
 #       Create EC versions of the intermediate CA certs
 	ALL_CU_SUBJECT="CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 	cert_ec_CA $SERVER_CADIR serverCA-ec -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" ${CA_CURVE}
 	ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 	cert_ec_CA $SERVER_CADIR chain-1-serverCA-ec "-c serverCA-ec" "u,u,u" ${D_SERVER_CA} "3" ${CA_CURVE}
 	ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
 	cert_ec_CA $SERVER_CADIR chain-2-serverCA-ec "-c chain-1-serverCA-ec" "u,u,u" ${D_SERVER_CA} "4" ${CA_CURVE}
 	ALL_CU_SUBJECT="CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 	cert_ec_CA $CLIENT_CADIR clientCA-ec -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" ${CA_CURVE}
 	ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 	cert_ec_CA $CLIENT_CADIR chain-1-clientCA-ec "-c clientCA-ec" "u,u,u" ${D_CLIENT_CA} "6" ${CA_CURVE}
 	ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 	cert_ec_CA $CLIENT_CADIR chain-2-clientCA-ec "-c chain-1-clientCA-ec" "u,u,u" ${D_CLIENT_CA} "7" ${CA_CURVE}
 	rm $CLIENT_CADIR/ecroot.cert $SERVER_CADIR/ecroot.cert
 #	ecroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 #	in the chain
    fi
 }
 ################################# cert_CA ################################
@ -400,6 +471,70 @@ CERTSCRIPT
  cp root.cert ${NICKNAME}.ca.cert
 }
 ################################ cert_ec_CA ##############################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
 # This is the ECC version of cert_CA.
 ##########################################################################
 cert_ec_CA()
 {
  CUR_CADIR=$1
  NICKNAME=$2
  SIGNER=$3
  TRUSTARG=$4
  DOMAIN=$5
  CERTSERIAL=$6
  CURVE=$7
  echo "$SCRIPTNAME: Creating an EC CA Certificate $NICKNAME =========================="
  if [ ! -d "${CUR_CADIR}" ]; then
      mkdir -p "${CUR_CADIR}"
  fi
  cd ${CUR_CADIR}
  pwd
  LPROFILE=.
  if [ -n "${MULTIACCESS_DBM}" ]; then
 	LPROFILE="multiaccess:${DOMAIN}"
  fi
  ################# Creating an EC CA Cert ################################
  #
  CU_ACTION="Creating EC CA Cert $NICKNAME "
  CU_SUBJECT=$ALL_CU_SUBJECT
  certu -S -n $NICKNAME -k ec -q $CURVE -t $TRUSTARG -v 600 $SIGNER \
    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
 5
 6
 9
 n
 y
 -1
 n
 5
 6
 7
 9
 n
 CERTSCRIPT
  if [ "$RET" -ne 0 ]; then
      echo "return value is $RET"
      Exit 6 "Fatal - failed to create EC CA cert"
  fi
  ################# Exporting EC Root Cert ################################
  #
  CU_ACTION="Exporting EC Root Cert"
  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o ecroot.cert 
  if [ "$RET" -ne 0 ]; then
      Exit 7 "Fatal - failed to export ec root cert"
  fi
  cp ecroot.cert ${NICKNAME}.ca.cert
 }
 ############################## cert_smime_client #############################
 # local shell function to create client Certificates for S/MIME tests 
 ##############################################################################
@ -414,6 +549,17 @@ cert_smime_client()
  echo "$SCRIPTNAME: Creating Dave's Certificate -------------------------"
  cert_create_cert "${DAVEDIR}" Dave 50 ${D_DAVE}
 ## XXX With this new script merging ECC and non-ECC tests, the
 ## call to cert_create_cert ends up creating two separate certs
 ## one for Eve and another for Eve-ec but they both end up with
 ## the same Subject Alt Name Extension, i.e., both the cert for
 ## Eve@bogus.com and the cert for Eve-ec@bogus.com end up 
 ## listing eve@bogus.net in the Certificate Subject Alt Name extension. 
 ## This can cause a problem later when cmsutil attempts to create
 ## enveloped data and accidently picks up the ECC cert (NSS currently
 ## does not support ECC for enveloped data creation). This script
 ## avoids the problem by ensuring that these conflicting certs are
 ## never added to the same cert database (see comment marked XXXX).
  echo "$SCRIPTNAME: Creating multiEmail's Certificate --------------------"
  cert_create_cert "${EVEDIR}" "Eve" 60 ${D_EVE} "-7 eve@bogus.net,eve@bogus.cc,beve@bogus.com"
@ -456,6 +602,32 @@ cert_smime_client()
  certu -E -t "p,p,p" -d ${P_R_BOBDIR} -f ${R_PWFILE} \
        -i ${R_EVEDIR}/Eve.cert 2>&1
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      echo "$SCRIPTNAME: Importing EC Certificates =============================="
      CU_ACTION="Import Bob's EC cert into Alice's db"
      certu -E -t "p,p,p" -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
          -i ${R_BOBDIR}/Bob-ec.cert 2>&1
      CU_ACTION="Import Dave's EC cert into Alice's DB"
      certu -E -t "p,p,p" -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
          -i ${R_DAVEDIR}/Dave-ec.cert 2>&1
      CU_ACTION="Import Dave's EC cert into Bob's DB"
      certu -E -t "p,p,p" -d ${P_R_BOBDIR} -f ${R_PWFILE} \
          -i ${R_DAVEDIR}/Dave-ec.cert 2>&1
 ## XXXX Do not import Eve's EC cert until we can make sure that
 ## the email addresses listed in the Subject Alt Name Extension 
 ## inside Eve's ECC and non-ECC certs are different.
 #     CU_ACTION="Import Eve's EC cert into Alice's DB"
 #     certu -E -t "p,p,p" -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 #         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
 #     CU_ACTION="Import Eve's EC cert into Bob's DB"
 #     certu -E -t "p,p,p" -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 #         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
  fi
  if [ "$CERTFAILED" != 0 ] ; then
      cert_log "ERROR: SMIME failed $RET"
  else
@ -463,11 +635,12 @@ cert_smime_client()
  fi
 }
-############################## cert_ssl ################################
+############################## cert_extended_ssl #######################
 # local shell function to create client + server certs for extended SSL test
 ########################################################################
 cert_extended_ssl()
 {
  ################# Creating Certs for extended SSL test ####################
  #
  CERTFAILED=0
@ -496,11 +669,39 @@ cert_extended_ssl()
  CU_ACTION="Import Client Root CA -t T,, for $CERTNAME (ext.)"
  certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
  if [ -n "$NSS_ENABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
      EC_CURVE="secp256r1"
      CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
 	  -z "${R_NOISE_FILE}" -o req 2>&1
      CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
      cp ${CERTDIR}/req ${SERVER_CADIR}
      certu -C -c "chain-2-serverCA-ec" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
      CU_ACTION="Import $CERTNAME's EC Cert  -t u,u,u (ext)"
      certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
 	  -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
      CU_ACTION="Import Client EC Root CA -t T,, for $CERTNAME (ext.)"
      certu -A -n "clientCA-ec" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${CLIENT_CADIR}/clientCA-ec.ca.cert" 2>&1
 #
 #     done with EC certs
 #
  fi
  echo "Importing all the server's own CA chain into the servers DB"
  for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
  do
      N=`basename $CA | sed -e "s/.ca.cert//"`
-      if [ $N = "serverCA" ] ; then
+      if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then
          T="-t C,C,C"
      else
          T="-t u,u,u"
@ -518,7 +719,8 @@ cert_extended_ssl()
  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
+  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" \
      -o req 2>&1
  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
  cp ${CERTDIR}/req ${CLIENT_CADIR}
@ -531,11 +733,38 @@ cert_extended_ssl()
  CU_ACTION="Import Server Root CA -t C,C,C for $CERTNAME (ext.)"
  certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
  if [ -n "$NSS_ENABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
      CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
 	  -z "${R_NOISE_FILE}" -o req 2>&1
      CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
      cp ${CERTDIR}/req ${CLIENT_CADIR}
      certu -C -c "chain-2-clientCA-ec" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
      CU_ACTION="Import $CERTNAME's EC Cert -t u,u,u (ext)"
      certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
 	  -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
      CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
      certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" \
 	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
 #
 # done with EC certs
 #
  fi
  echo "Importing all the client's own CA chain into the servers DB"
  for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
  do
      N=`basename $CA | sed -e "s/.ca.cert//"`
-      if [ $N = "clientCA" ] ; then
+      if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then
          T="-t T,C,C"
      else
          T="-t u,u,u"
@ -565,7 +794,12 @@ cert_ssl()
  echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
  echo "             ${HOSTADDR} ------------------------------------"
  cert_create_cert ${SERVERDIR} "${HOSTADDR}" 100 ${D_SERVER}
  CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
  certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR}
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
      certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR}
  fi
 #  cert_init_cert ${SERVERDIR} "${HOSTADDR}" 1 ${D_SERVER}
 #  echo "************* Copying CA files to ${SERVERDIR}"
 #  cp ${CADIR}/*.db .
@ -759,7 +993,8 @@ cert_crl_ssl()
  CRLUPDATE=`date +%Y%m%d%H%M%SZ`
  CU_ACTION="Generating CRL for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA authority"
  CRL_GRP_END_=`expr ${CRL_GRP_END} - 1`
-  crlu -d $CADIR -G -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
+  crlu -d $CADIR -G -n "TestCA" -f ${R_PWFILE} \
      -o ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
 update=$CRLUPDATE
 addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
 addext reasonCode 0 4
@ -768,16 +1003,32 @@ EOF_CRLINI
 # This extension should be added to the list, but currently nss has bug
 #addext authKeyId 0 "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" 1
  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
  chmod 600 ${CRL_FILE_GRP_1}_or
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
 #     Until Bug 292285 is resolved, do not encode x400 Addresses. After
 #     the bug is resolved, reintroduce "x400Address:x400Address" within
 #     addext issuerAltNames ...
      crlu -q -d $CADIR -G -n "TestCA-ec" -f ${R_PWFILE} \
 	  -o ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
 update=$CRLUPDATE
 addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
 addext reasonCode 0 4
 addext issuerAltNames 0 "rfc822Name:ca-ecemail@ca.com|dnsName:ca-ec.com|directoryName:CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca-ec.com|ipAddress:192.168.0.1|registerID=reg CA (ECC)"
 EOF_CRLINI
      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
      chmod 600 ${CRL_FILE_GRP_1}_or-ec
  fi
  echo test > file
  ############################# Modification ##################################
  echo "$SCRIPTNAME: Modifying CA CRL by adding one more cert ============"
  sleep 2
  CRL_GRP_DATE=`date "+%Y%m%d%H%M%SZ"`
-  CU_ACTION="Modification CRL by adding one more cert"
+  CU_ACTION="Modify CRL by adding one more cert"
  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1 \
      -i ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
 addcert ${CRL_GRP_END} $CRL_GRP_DATE
@ -785,16 +1036,35 @@ EOF_CRLINI
  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
  chmod 600 ${CRL_FILE_GRP_1}_or1
  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Modify CRL (ECC) by adding one more cert"
      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
 	  -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
 addcert ${CRL_GRP_END} $CRL_GRP_DATE
 EOF_CRLINI
      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
      chmod 600 ${CRL_FILE_GRP_1}_or1-ec
      TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-ec"
  fi
  ########### Removing one cert ${UNREVOKED_CERT_GRP_1} #######################
  echo "$SCRIPTNAME: Modifying CA CRL by removing one cert ==============="
-  CU_ACTION="Modification CRL by removing one cert"
+  CU_ACTION="Modify CRL by removing one cert"
  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1} \
      -i ${CRL_FILE_GRP_1}_or1 <<EOF_CRLINI
 rmcert  ${UNREVOKED_CERT_GRP_1}
 EOF_CRLINI
  chmod 600 ${CRL_FILE_GRP_1}
  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Modify CRL (ECC) by removing one cert"
      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
 	  -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
 rmcert  ${UNREVOKED_CERT_GRP_1}
 EOF_CRLINI
      chmod 600 ${CRL_FILE_GRP_1}-ec
      TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-ec"
  fi
  ########### Creating second CRL which includes groups 1 and 2 ##############
  CRL_GRP_END=`expr ${CRL_GRP_2_BEGIN} + ${CRL_GRP_2_RANGE} - 1`
@ -813,6 +1083,18 @@ rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
  chmod 600 ${CRL_FILE_GRP_2}
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
          -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
 update=$CRLUPDATE
 addcert ${CRL_GRP_2_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
 addext invalidityDate 0 $CRLUPDATE
 rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
      chmod 600 ${CRL_FILE_GRP_2}-ec
  fi
  ########### Creating second CRL which includes groups 1, 2 and 3 ##############
  CRL_GRP_END=`expr ${CRL_GRP_3_BEGIN} + ${CRL_GRP_3_RANGE} - 1`
@ -832,6 +1114,18 @@ addext crlNumber 0 2
 EOF_CRLINI
  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
  chmod 600 ${CRL_FILE_GRP_3}
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
          -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
 update=$CRLUPDATE
 addcert ${CRL_GRP_3_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
 rmcert  ${UNREVOKED_CERT_GRP_3}
 addext crlNumber 0 2
 EOF_CRLINI
      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
      chmod 600 ${CRL_FILE_GRP_3}-ec
  fi
  ############ Importing Server CA Issued CRL for certs of first group #######
@ -839,6 +1133,12 @@ EOF_CRLINI
  CU_ACTION="Importing CRL for groups 1"
  crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      CU_ACTION="Importing CRL (ECC) for groups 1"
      crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
 	  -d "${R_SERVERDIR}"
      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
  fi
  if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
      cert_log "ERROR: SSL CRL prep failed $CERTFAILED : $CRL_GEN_RES"
--- a/security/nss/tests/cert/eccert.sh
+++ b/security/nss/tests/cert/eccert.sh
@ -1,886 +0,0 @@
 #! /bin/sh
 #
 # ***** BEGIN LICENSE BLOCK *****
 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
 #
 # The contents of this file are subject to the Mozilla Public License Version
 # 1.1 (the "License"); you may not use this file except in compliance with
 # the License. You may obtain a copy of the License at
 # http://www.mozilla.org/MPL/
 #
 # Software distributed under the License is distributed on an "AS IS" basis,
 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 # for the specific language governing rights and limitations under the
 # License.
 #
 # The Original Code is the Netscape security libraries.
 #
 # The Initial Developer of the Original Code is
 # Netscape Communications Corporation.
 # Portions created by the Initial Developer are Copyright (C) 1994-2000
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 # in which case the provisions of the GPL or the LGPL are applicable instead
 # of those above. If you wish to allow use of your version of this file only
 # under the terms of either the GPL or the LGPL, and not to allow others to
 # use your version of this file under the terms of the MPL, indicate your
 # decision by deleting the provisions above and replace them with the notice
 # and other provisions required by the GPL or the LGPL. If you do not delete
 # the provisions above, a recipient may use your version of this file under
 # the terms of any one of the MPL, the GPL or the LGPL.
 #
 # ***** END LICENSE BLOCK *****
 ########################################################################
 #
 # mozilla/security/nss/tests/cert/rcert.sh
 #
 # Certificate generating and handeling for NSS QA, can be included 
 # multiple times from all.sh and the individual scripts
 #
 # needs to work on all Unix and Windows platforms
 #
 # included from (don't expect this to be up to date)
 # --------------------------------------------------
 #   all.sh
 #   ssl.sh
 #   smime.sh
 #   tools.sh
 #
 # special strings
 # ---------------
 #   FIXME ... known problems, search for this string
 #   NOTE .... unexpected behavior
 #
 # FIXME - Netscape - NSS
 ########################################################################
 ############################## cert_init ###############################
 # local shell function to initialize this script
 ########################################################################
 cert_init()
 {
  SCRIPTNAME="cert.sh"
  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
  fi
  if [ -z "${INIT_SOURCED}" ] ; then
      cd ../common
      . ./init.sh
  fi
  SCRIPTNAME="cert.sh"
  html_head "Certutil Tests"
  ################## Generate noise for our CA cert. ######################
  # NOTE: these keys are only suitable for testing, as this whole thing 
  # bypasses the entropy gathering. Don't use this method to generate 
  # keys and certs for product use or deployment.
  #
  ps -efl > ${NOISE_FILE} 2>&1
  ps aux >> ${NOISE_FILE} 2>&1
  noise
 }
 cert_log() ######################    write the cert_status file
 {
    echo "$SCRIPTNAME $*"
    echo $* >>${CERT_LOG_FILE}
 }
 ################################ noise ##################################
 # Generate noise for our certs
 #
 # NOTE: these keys are only suitable for testing, as this whole thing bypasses
 # the entropy gathering. Don't use this method to generate keys and certs for
 # product use or deployment.
 #########################################################################
 noise()
 {
    #netstat >> ${NOISE_FILE} 2>&1
    date >> ${NOISE_FILE} 2>&1
 }
 ################################ certu #################################
 # local shell function to call certutil, also: writes action and options to
 # stdout, sets variable RET and writes results to the html file results
 ########################################################################
 certu()
 {
    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
    if [ -n "${CU_SUBJECT}" ]; then
        #the subject of the cert contains blanks, and the shell 
        #will strip the quotes off the string, if called otherwise...
        echo "certutil -s \"${CU_SUBJECT}\" $*"
        certutil -s "${CU_SUBJECT}" $*
        RET=$?
        CU_SUBJECT=""
    else
        echo "certutil $*"
        certutil $*
        RET=$?
    fi
    if [ "$RET" -ne 0 ]; then
        CERTFAILED=$RET
        html_failed "<TR><TD>${CU_ACTION} ($RET) " 
        cert_log "ERROR: ${CU_ACTION} failed $RET"
    else
        html_passed "<TR><TD>${CU_ACTION}"
    fi
    # echo "Contine?"
    # cat > /dev/null
    return $RET
 }
 ############################# cert_init_cert ##########################
 # local shell function to initialize creation of client and server certs
 ########################################################################
 cert_init_cert()
 {
    CERTDIR="$1"
    CERTNAME="$2"
    CERTSERIAL="$3"
    DOMAIN="$4"
    if [ ! -d "${CERTDIR}" ]; then
        mkdir -p "${CERTDIR}"
    else
        echo "$SCRIPTNAME: WARNING - ${CERTDIR} exists"
    fi
    cd "${CERTDIR}"
    CERTDIR="." 
    PROFILEDIR=${CERTDIR}
    if [ -n "${MULTIACCESS_DBM}" ]; then
 	PROFILEDIR="multiaccess:${DOMAIN}"
    fi
    noise
 }
 ############################# hw_acc #################################
 # local shell function to add hw accelerator modules to the db
 ########################################################################
 hw_acc()
 {
    HW_ACC_RET=0
    HW_ACC_ERR=""
    if [ -n "$O_HWACC" -a "$O_HWACC" = ON -a -z "$USE_64" ] ; then
        echo "creating $CERTNAME s cert with hwaccelerator..."
        #case $ACCELERATOR in
        #rainbow)
        echo "modutil -add rainbow -libfile /usr/lib/libcryptoki22.so "
        echo "         -dbdir ${PROFILEDIR} 2>&1 "
        echo | modutil -add rainbow -libfile /usr/lib/libcryptoki22.so \
            -dbdir ${PROFILEDIR} 2>&1 
        if [ "$?" -ne 0 ]; then
            echo "modutil -add rainbow failed in `pwd`"
            HW_ACC_RET=1
            HW_ACC_ERR="modutil -add rainbow"
        fi
        echo "modutil -add ncipher "
        echo "         -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so "
        echo "         -dbdir ${PROFILEDIR} 2>&1 "
        echo | modutil -add ncipher \
            -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so \
            -dbdir ${PROFILEDIR} 2>&1 
        if [ "$?" -ne 0 ]; then
            echo "modutil -add ncipher failed in `pwd`"
            HW_ACC_RET=`expr $HW_ACC_RET + 2`
            HW_ACC_ERR="$HW_ACC_ERR,modutil -add ncipher"
        fi
        if [ "$HW_ACC_RET" -ne 0 ]; then
            html_failed "<TR><TD>Adding HW accelerators to certDB for ${CERTNAME} ($HW_ACC_RET) " 
        else
            html_passed "<TR><TD>Adding HW accelerators to certDB for ${CERTNAME}"
        fi
    fi
    return $HW_ACC_RET
 }
 ############################# cert_create_cert #########################
 # local shell function to create client certs 
 #     initialize DB, import
 #     root cert
 #     add cert to DB
 ########################################################################
 cert_create_cert()
 {
    cert_init_cert "$1" "$2" "$3" "$4"
    CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
    certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    hw_acc
    CU_ACTION="Import Root CA for $CERTNAME"
    certu -A -n "TestCA" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${R_CADIR}/root.cert" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    cert_add_cert "$5"
    return $?
 }
 ############################# cert_create_certs ########################
 # local shell function to create client certs 
 #     initialize DB, import
 #     root certs (RSA and EC)
 #     add certs (RSA and EC) to DB
 ########################################################################
 cert_create_certs()
 {
    cert_init_cert "$1" "$2" "$3" "$4"
    CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
    certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    hw_acc
    CU_ACTION="Import Root CA for $CERTNAME"
    certu -A -n "TestCA" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${R_CADIR}/root.cert" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Import EC Root CA for $CERTNAME"
    certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${R_CADIR}/ecroot.cert" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    cert_add_certs "$5"
    return $?
 }
 ############################# cert_add_cert ############################
 # local shell function to add client certs to an existing CERT DB
 #     generate request
 #     sign request
 #     import Cert
 #
 ########################################################################
 cert_add_cert()
 {
    CU_ACTION="Generate Cert Request for $CERTNAME"
    CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
    certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Sign ${CERTNAME}'s Request"
    certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
          -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Import $CERTNAME's Cert"
    certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
          -i "${CERTNAME}.cert" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    cert_log "SUCCESS: $CERTNAME's Cert Created"
    return 0
 }
 ############################# cert_add_certs ############################
 # local shell function to add client certs to an existing CERT DB
 #     generate request
 #     sign request
 #     import Cert
 #
 # Do this for both RSA and EC certs
 ########################################################################
 cert_add_certs()
 {
    CURVE="secp160r2"
    CU_ACTION="Generate Cert Request for $CERTNAME"
    CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
    certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Sign ${CERTNAME}'s Request"
    certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
          -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Import $CERTNAME's Cert"
    certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
          -i "${CERTNAME}.cert" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    cert_log "SUCCESS: $CERTNAME's Cert Created"
 #
 #   Generate and add EC cert
 #
    CU_ACTION="Generate EC Cert Request for $CERTNAME"
    CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
    certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Sign ${CERTNAME}'s EC Request"
    certu -C -c "TestCA-ec" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" "$1" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    CU_ACTION="Import $CERTNAME's EC Cert"
    certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
          -i "${CERTNAME}-ec.cert" 2>&1
    if [ "$RET" -ne 0 ]; then
        return $RET
    fi
    cert_log "SUCCESS: $CERTNAME's EC Cert Created"
    return 0
 }
 ################################# cert_all_CA ################################
 # local shell function to build the additional Temp. Certificate Authority (CA)
 # used for the "real life" ssl test with 2 different CA's in the
 # client and in teh server's dir
 ##########################################################################
 cert_all_CA()
 {
    CA_CURVE="secp160r1"
    echo nss > ${PWFILE}
    ALL_CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
    cert_CA $CADIR TestCA -x "CTu,CTu,CTu" ${D_CA} "1"
 # Create EC version of TestCA
    ALL_CU_SUBJECT="CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
    cert_ec_CA $CADIR TestCA-ec -x "CTu,CTu,CTu" ${D_CA} "1" ${CA_CURVE}
    ALL_CU_SUBJECT="CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_CA $SERVER_CADIR serverCA -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
    ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_CA $SERVER_CADIR chain-1-serverCA "-c serverCA" "u,u,u" ${D_SERVER_CA} "3"
    ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
    cert_CA $SERVER_CADIR chain-2-serverCA "-c chain-1-serverCA" "u,u,u" ${D_SERVER_CA} "4"
 #
 # Create EC versions of the above CA certs
 #
    ALL_CU_SUBJECT="CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_ec_CA $SERVER_CADIR serverCA-ec -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" ${CA_CURVE}
    ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_ec_CA $SERVER_CADIR chain-1-serverCA-ec "-c serverCA-ec" "u,u,u" ${D_SERVER_CA} "3" ${CA_CURVE}
    ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
    cert_ec_CA $SERVER_CADIR chain-2-serverCA-ec "-c chain-1-serverCA-ec" "u,u,u" ${D_SERVER_CA} "4" ${CA_CURVE}
    ALL_CU_SUBJECT="CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_CA $CLIENT_CADIR clientCA -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5"
    ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_CA $CLIENT_CADIR chain-1-clientCA "-c clientCA" "u,u,u" ${D_CLIENT_CA} "6"
    ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_CA $CLIENT_CADIR chain-2-clientCA "-c chain-1-clientCA" "u,u,u" ${D_CLIENT_CA} "7"
 #
 # Create EC versions of the above CA certs
 #
    ALL_CU_SUBJECT="CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_ec_CA $CLIENT_CADIR clientCA-ec -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" ${CA_CURVE}
    ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_ec_CA $CLIENT_CADIR chain-1-clientCA-ec "-c clientCA-ec" "u,u,u" ${D_CLIENT_CA} "6" ${CA_CURVE}
    ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
    cert_ec_CA $CLIENT_CADIR chain-2-clientCA-ec "-c chain-1-clientCA-ec" "u,u,u" ${D_CLIENT_CA} "7" ${CA_CURVE}
    rm $CLIENT_CADIR/root.cert $SERVER_CADIR/root.cert
    rm $CLIENT_CADIR/ecroot.cert $SERVER_CADIR/ecroot.cert
    # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is the one of the last 
    # in the chain
 }
 ################################# cert_CA ################################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
 ##########################################################################
 cert_CA()
 {
  CUR_CADIR=$1
  NICKNAME=$2
  SIGNER=$3
  TRUSTARG=$4
  DOMAIN=$5
  CERTSERIAL=$6
  echo "$SCRIPTNAME: Creating a CA Certificate $NICKNAME =========================="
  if [ ! -d "${CUR_CADIR}" ]; then
      mkdir -p "${CUR_CADIR}"
  fi
  cd ${CUR_CADIR}
  pwd
  LPROFILE=.
  if [ -n "${MULTIACCESS_DBM}" ]; then
 	LPROFILE="multiaccess:${DOMAIN}"
  fi
  if [ "$SIGNER" = "-x" ] ; then # self signed -> create DB
      CU_ACTION="Creating CA Cert DB"
      certu -N -d ${LPROFILE} -f ${R_PWFILE} 2>&1
      if [ "$RET" -ne 0 ]; then
          Exit 5 "Fatal - failed to create CA $NICKNAME "
      fi
      echo "$SCRIPTNAME: Certificate initialized ----------"
  fi
  ################# Creating CA Cert ######################################
  #
  CU_ACTION="Creating CA Cert $NICKNAME "
  CU_SUBJECT=$ALL_CU_SUBJECT
  certu -S -n $NICKNAME -t $TRUSTARG -v 60 $SIGNER -d ${LPROFILE} -1 -2 -5 \
        -f ${R_PWFILE} -z ${R_NOISE_FILE} -m $CERTSERIAL 2>&1 <<CERTSCRIPT
 5
 9
 n
 y
 -1
 n
 5
 6
 7
 9
 n
 CERTSCRIPT
  if [ "$RET" -ne 0 ]; then
      echo "return value is $RET"
      Exit 6 "Fatal - failed to create CA cert"
  fi
  ################# Exporting Root Cert ###################################
  #
  CU_ACTION="Exporting Root Cert"
  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o root.cert 
  if [ "$RET" -ne 0 ]; then
      Exit 7 "Fatal - failed to export root cert"
  fi
  cp root.cert ${NICKNAME}.ca.cert
 }
 ################################ cert_ec_CA ##############################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
 # This is the ECC version of cert_CA.
 ##########################################################################
 cert_ec_CA()
 {
  CUR_CADIR=$1
  NICKNAME=$2
  SIGNER=$3
  TRUSTARG=$4
  DOMAIN=$5
  CERTSERIAL=$6
  CURVE=$7
  echo "$SCRIPTNAME: Creating an EC CA Certificate $NICKNAME =========================="
  if [ ! -d "${CUR_CADIR}" ]; then
      mkdir -p "${CUR_CADIR}"
  fi
  cd ${CUR_CADIR}
  pwd
  LPROFILE=.
  if [ -n "${MULTIACCESS_DBM}" ]; then
 	LPROFILE="multiaccess:${DOMAIN}"
  fi
  ################# Creating an EC CA Cert ################################
  #
  CU_ACTION="Creating EC CA Cert $NICKNAME "
  CU_SUBJECT=$ALL_CU_SUBJECT
  certu -S -n $NICKNAME -k ec -q $CURVE -t $TRUSTARG -v 60 $SIGNER \
    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
 5
 9
 n
 y
 -1
 n
 5
 6
 7
 9
 n
 CERTSCRIPT
  if [ "$RET" -ne 0 ]; then
      echo "return value is $RET"
      Exit 6 "Fatal - failed to create EC CA cert"
  fi
  ################# Exporting EC Root Cert ################################
  #
  CU_ACTION="Exporting EC Root Cert"
  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o ecroot.cert 
  if [ "$RET" -ne 0 ]; then
      Exit 7 "Fatal - failed to export ec root cert"
  fi
  cp ecroot.cert ${NICKNAME}.ca.cert
 }
 ############################## cert_smime_client #############################
 # local shell function to create client Certificates for S/MIME tests 
 ##############################################################################
 cert_smime_client()
 {
  CERTFAILED=0
  echo "$SCRIPTNAME: Creating Client CA Issued Certificates =============="
  cert_create_certs ${ALICEDIR} "Alice" 30 ${D_ALICE}
  cert_create_certs ${BOBDIR} "Bob" 40  ${D_BOB}
  echo "$SCRIPTNAME: Creating Dave's Certificate -------------------------"
  cert_create_cert "${DAVEDIR}" Dave 50 ${D_DAVE}
  echo "$SCRIPTNAME: Creating multiEmail's Certificate --------------------"
  cert_create_cert "${EVEDIR}" "Eve" 60 ${D_EVE} "-7 eve@bogus.net,eve@bogus.cc,beve@bogus.com"
  #echo "************* Copying CA files to ${SERVERDIR}"
  #cp ${CADIR}/*.db .
  #hw_acc
  #########################################################################
  #
  #cd ${CERTDIR}
  #CU_ACTION="Creating ${CERTNAME}'s Server Cert"
  #CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
  #certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" \
  #	-d ${PROFILEDIR} -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
  #CU_ACTION="Export Dave's Cert"
  #cd ${DAVEDIR}
  #certu -L -n "Dave" -r -d ${P_R_DAVE} -o Dave.cert
  ################# Importing Certificates for S/MIME tests ###############
  #
  echo "$SCRIPTNAME: Importing Certificates =============================="
  CU_ACTION="Import Bob's cert into Alice's db"
  certu -E -t "p,p,p" -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
        -i ${R_BOBDIR}/Bob.cert 2>&1
  CU_ACTION="Import Dave's cert into Alice's DB"
  certu -E -t "p,p,p" -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
        -i ${R_DAVEDIR}/Dave.cert 2>&1
  CU_ACTION="Import Dave's cert into Bob's DB"
  certu -E -t "p,p,p" -d ${P_R_BOBDIR} -f ${R_PWFILE} \
        -i ${R_DAVEDIR}/Dave.cert 2>&1
  CU_ACTION="Import Eve's cert into Alice's DB"
  certu -E -t "p,p,p" -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
        -i ${R_EVEDIR}/Eve.cert 2>&1
  CU_ACTION="Import Eve's cert into Bob's DB"
  certu -E -t "p,p,p" -d ${P_R_BOBDIR} -f ${R_PWFILE} \
        -i ${R_EVEDIR}/Eve.cert 2>&1
  if [ "$CERTFAILED" != 0 ] ; then
      cert_log "ERROR: SMIME failed $RET"
  else
      cert_log "SUCCESS: SMIME passed"
  fi
 }
 ############################## cert_ssl ################################
 # local shell function to create client + server certs for extended SSL test
 ########################################################################
 cert_extended_ssl()
 {
  EC_CURVE="sect163r1"
  ################# Creating Certs for extended SSL test ####################
  #
  CERTFAILED=0
  echo "$SCRIPTNAME: Creating Certificates, issued by the last ==============="
  echo "     of a chain of CA's which are not in the same database============"
  echo "Server Cert"
  cert_init_cert ${EXT_SERVERDIR} "${HOSTADDR}" 1 ${D_EXT_SERVER}
  CU_ACTION="Initializing ${CERTNAME}'s Cert DB (ext.)"
  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
  cp ${CERTDIR}/req ${SERVER_CADIR}
  certu -C -c "chain-2-serverCA" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
  CU_ACTION="Import $CERTNAME's Cert  -t u,u,u (ext)"
  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
        -i "${CERTNAME}.cert" 2>&1
  CU_ACTION="Import Client Root CA -t T,, for $CERTNAME (ext.)"
  certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
 #
 # Repeat the above for EC certs
 #
  CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
  certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
  CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
  cp ${CERTDIR}/req ${SERVER_CADIR}
  certu -C -c "chain-2-serverCA-ec" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
        -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
  CU_ACTION="Import $CERTNAME's EC Cert  -t u,u,u (ext)"
  certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
        -i "${CERTNAME}-ec.cert" 2>&1
  CU_ACTION="Import Client EC Root CA -t T,, for $CERTNAME (ext.)"
  certu -A -n "clientCA-ec" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${CLIENT_CADIR}/clientCA-ec.ca.cert" 2>&1
 #
 # done with EC certs
 #
  echo "Importing all the server's own CA chain into the servers DB"
  for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
  do
      N=`basename $CA | sed -e "s/.ca.cert//"`
      if [ $N = "serverCA" ] ; then
          T="-t C,C,C"
      else
          T="-t u,u,u"
      fi
      CU_ACTION="Import $N CA $T for $CERTNAME (ext.) "
      certu -A -n $N  $T -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${CA}" 2>&1
  done
 #============
  echo "Client Cert"
  cert_init_cert ${EXT_CLIENTDIR} ExtendedSSLUser 1 ${D_EXT_CLIENT}
  CU_ACTION="Initializing ${CERTNAME}'s Cert DB (ext.)"
  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
  cp ${CERTDIR}/req ${CLIENT_CADIR}
  certu -C -c "chain-2-clientCA" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
  CU_ACTION="Import $CERTNAME's Cert -t u,u,u (ext)"
  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
        -i "${CERTNAME}.cert" 2>&1
  CU_ACTION="Import Server Root CA -t C,C,C for $CERTNAME (ext.)"
  certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
 #
 # Repeat the above for EC certs
 #
  CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
  certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
  CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
  cp ${CERTDIR}/req ${CLIENT_CADIR}
  certu -C -c "chain-2-clientCA-ec" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
        -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
  CU_ACTION="Import $CERTNAME's EC Cert -t u,u,u (ext)"
  certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
        -i "${CERTNAME}-ec.cert" 2>&1
  CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
  certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
 #
 # done with EC certs
 #
  echo "Importing all the client's own CA chain into the servers DB"
  for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
  do
      N=`basename $CA | sed -e "s/.ca.cert//"`
      if [ $N = "clientCA" ] ; then
          T="-t T,C,C"
      else
          T="-t u,u,u"
      fi
      CU_ACTION="Import $N CA $T for $CERTNAME (ext.)"
      certu -A -n $N  $T -f "${R_PWFILE}" -d "${PROFILEDIR}" \
          -i "${CA}" 2>&1
  done
  if [ "$CERTFAILED" != 0 ] ; then
      cert_log "ERROR: EXT failed $RET"
  else
      cert_log "SUCCESS: EXT passed"
  fi
 }
 ############################## cert_ssl ################################
 # local shell function to create client + server certs for SSL test
 ########################################################################
 cert_ssl()
 {
  ################# Creating Certs for SSL test ###########################
  #
  CERTFAILED=0
  echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
  cert_create_certs ${CLIENTDIR} "TestUser" 70 ${D_CLIENT}
  echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
  echo "             ${HOSTADDR} ------------------------------------"
  cert_create_certs ${SERVERDIR} "${HOSTADDR}" 100 ${D_SERVER}
  certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR}
  certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR}
 #  cert_init_cert ${SERVERDIR} "${HOSTADDR}" 1 ${D_SERVER}
 #  echo "************* Copying CA files to ${SERVERDIR}"
 #  cp ${CADIR}/*.db .
 #  hw_acc
 #  CU_ACTION="Creating ${CERTNAME}'s Server Cert"
 #  CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
 #  certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d ${PROFILEDIR} \
 #	 -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
  if [ "$CERTFAILED" != 0 ] ; then
      cert_log "ERROR: SSL failed $RET"
  else
      cert_log "SUCCESS: SSL passed"
  fi
 }
 ############################## cert_stresscerts ################################
 # local shell function to create client certs for SSL stresstest
 ########################################################################
 cert_stresscerts()
 {
  ############### Creating Certs for SSL stress test #######################
  #
  CERTDIR="$CLIENTDIR"
  cd "${CERTDIR}"
  PROFILEDIR=${CERTDIR}
  if [ -n "${MULTIACCESS_DBM}" ]; then
     PROFILEDIR="multiaccess:${D_CLIENT}"
  fi
  CERTFAILED=0
  echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
  CONTINUE=$GLOB_MAX_CERT
  CERTSERIAL=10
  while [ $CONTINUE -ge $GLOB_MIN_CERT ]
  do
      CERTNAME="TestUser$CONTINUE"
 #      cert_add_cert ${CLIENTDIR} "TestUser$CONTINUE" $CERTSERIAL
      cert_add_certs 
      CERTSERIAL=`expr $CERTSERIAL + 1 `
      CONTINUE=`expr $CONTINUE - 1 `
  done
  if [ "$CERTFAILED" != 0 ] ; then
      cert_log "ERROR: StressCert failed $RET"
  else
      cert_log "SUCCESS: StressCert passed"
  fi
 }
 ############################## cert_fips #####################################
 # local shell function to create certificates for FIPS tests 
 ##############################################################################
 cert_fips()
 {
  CERTFAILED=0
  echo "$SCRIPTNAME: Creating FIPS 140-1 DSA Certificates =============="
  cert_init_cert "${FIPSDIR}" "FIPS PUB 140-1 Test Certificate" 1000 "${D_FIPS}"
  CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
  certu -N -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" 2>&1
  echo "$SCRIPTNAME: Enable FIPS mode on database -----------------------"
  CU_ACTION="Enable FIPS mode on database for ${CERTNAME}"
  echo "modutil -dbdir ${PROFILEDIR} -fips true "
  modutil -dbdir ${PROFILEDIR} -fips true 2>&1 <<MODSCRIPT
 y
 MODSCRIPT
  RET=$?
  if [ "$RET" -ne 0 ]; then
    html_failed "<TR><TD>${CU_ACTION} ($RET) " 
    cert_log "ERROR: ${CU_ACTION} failed $RET"
  else
    html_passed "<TR><TD>${CU_ACTION}"
  fi
  CU_ACTION="Generate Certificate for ${CERTNAME}"
  CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140-1, L=Mountain View, ST=California, C=US"
  certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -m 500 -z "${R_NOISE_FILE}" 2>&1
  if [ "$RET" -eq 0 ]; then
    cert_log "SUCCESS: FIPS passed"
  fi
 }
 ############################## cert_cleanup ############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
 ########################################################################
 cert_cleanup()
 {
  cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
  html "</TABLE><BR>" 
  cd ${QADIR}
  . common/cleanup.sh
 }
 ################## main #################################################
 cert_init 
 cert_all_CA
 cert_extended_ssl 
 cert_ssl 
 cert_smime_client        
 cert_fips
 if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
    cert_stresscerts 
    #following lines to be used when databases are to be reused
    #cp -r /u/sonmi/tmp/stress/kentuckyderby.13/* $HOSTDIR
    #cp -r $HOSTDIR/../${HOST}.2/* $HOSTDIR
 fi
 cert_cleanup
--- a/security/nss/tests/fixtests.sh
+++ b/security/nss/tests/fixtests.sh
@ -1,117 +0,0 @@
 #!/bin/sh
 #
 # ***** BEGIN LICENSE BLOCK *****
 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
 #
 # The contents of this file are subject to the Mozilla Public License Version
 # 1.1 (the "License"); you may not use this file except in compliance with
 # the License. You may obtain a copy of the License at
 # http://www.mozilla.org/MPL/
 #
 # Software distributed under the License is distributed on an "AS IS" basis,
 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 # for the specific language governing rights and limitations under the
 # License.
 #
 # The Original Code is the elliptic curve test suite.
 #
 # The Initial Developer of the Original Code is
 # Sun Microsystems, Inc.
 # Portions created by the Initial Developer are Copyright (C) 2003
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 # in which case the provisions of the GPL or the LGPL are applicable instead
 # of those above. If you wish to allow use of your version of this file only
 # under the terms of either the GPL or the LGPL, and not to allow others to
 # use your version of this file under the terms of the MPL, indicate your
 # decision by deleting the provisions above and replace them with the notice
 # and other provisions required by the GPL or the LGPL. If you do not delete
 # the provisions above, a recipient may use your version of this file under
 # the terms of any one of the MPL, the GPL or the LGPL.
 #
 # ***** END LICENSE BLOCK *****
 ####################### fix_test_scripts #######################
 #
 # Depending on the argument either enable or disable EC based
 # tests in the cert and ssl directories.
 #
 ################################################################
 fix_test_scripts()
 {
    FLAG=$1
    CERT_DIR=cert
    CERT_SCRIPT=cert.sh
    SMIME_DIR=smime
    SMIME_SCRIPT=smime.sh
    SSL_DIR=ssl
    SSLAUTH=sslauth.txt
    SSLCOV=sslcov.txt
    SSL_SCRIPT=ssl.sh
    SSLSTRESS=sslstress.txt
    TOOLS_DIR=tools
    TOOLS_SCRIPT=tools.sh
    EC_PREFIX=ec
    NOEC_PREFIX=noec
    if [ xx$FLAG = xx"enable_ecc" ]; then
    	if [ -f $CERT_DIR/$NOEC_PREFIX$CERT_SCRIPT -a \
 	     -f $SMIME_DIR/$NOEC_PREFIX$SMIME_SCRIPT -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSLAUTH -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSLCOV -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSL_SCRIPT -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSLSTRESS -a \
 	     -f $TOOLS_DIR/$NOEC_PREFIX$TOOLS_SCRIPT ]; then
 	     echo "noecc files exist"
 	else
 	     echo "noecc files are missing"
             echo "Saving files as noec"
 	     cp $CERT_DIR/$CERT_SCRIPT $CERT_DIR/$NOEC_PREFIX$CERT_SCRIPT
 	     cp $SMIME_DIR/$SMIME_SCRIPT $SMIME_DIR/$NOEC_PREFIX$SMIME_SCRIPT
 	     cp $SSL_DIR/$SSLAUTH $SSL_DIR/$NOEC_PREFIX$SSLAUTH
 	     cp $SSL_DIR/$SSLCOV $SSL_DIR/$NOEC_PREFIX$SSLCOV
 	     cp $SSL_DIR/$SSL_SCRIPT $SSL_DIR/$NOEC_PREFIX$SSL_SCRIPT
 	     cp $SSL_DIR/$SSLSTRESS $SSL_DIR/$NOEC_PREFIX$SSLSTRESS
 	     cp $TOOLS_DIR/$TOOLS_SCRIPT $TOOLS_DIR/$NOEC_PREFIX$TOOLS_SCRIPT
 	fi
 	echo "Overwriting with ec versions"
 	cp $CERT_DIR/$EC_PREFIX$CERT_SCRIPT $CERT_DIR/$CERT_SCRIPT
 	cp $SMIME_DIR/$EC_PREFIX$SMIME_SCRIPT $SMIME_DIR/$SMIME_SCRIPT
 	cp $SSL_DIR/$EC_PREFIX$SSLAUTH $SSL_DIR/$SSLAUTH
 	cp $SSL_DIR/$EC_PREFIX$SSLCOV $SSL_DIR/$SSLCOV
 	cp $SSL_DIR/$EC_PREFIX$SSL_SCRIPT $SSL_DIR/$SSL_SCRIPT
 	cp $SSL_DIR/$EC_PREFIX$SSLSTRESS $SSL_DIR/$SSLSTRESS
 	cp $TOOLS_DIR/$EC_PREFIX$TOOLS_SCRIPT $TOOLS_DIR/$TOOLS_SCRIPT 
    elif [ xx$FLAG = xx"disable_ecc" ]; then
    	if [ -f $CERT_DIR/$NOEC_PREFIX$CERT_SCRIPT -a \
 	     -f $SMIME_DIR/$NOEC_PREFIX$SMIME_SCRIPT -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSLAUTH -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSLCOV -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSL_SCRIPT -a \
 	     -f $SSL_DIR/$NOEC_PREFIX$SSLSTRESS -a \
 	     -f $TOOLS_DIR/$NOEC_PREFIX$TOOLS_SCRIPT ]; then
 	     echo "noecc files exist"
 	     echo "Overwriting with noec versions"
 	     cp $CERT_DIR/$NOEC_PREFIX$CERT_SCRIPT $CERT_DIR/$CERT_SCRIPT
 	     cp $SMIME_DIR/$NOEC_PREFIX$SMIME_SCRIPT $SMIME_DIR/$SMIME_SCRIPT
 	     cp $SSL_DIR/$NOEC_PREFIX$SSLAUTH $SSL_DIR/$SSLAUTH
 	     cp $SSL_DIR/$NOEC_PREFIX$SSLCOV $SSL_DIR/$SSLCOV
 	     cp $SSL_DIR/$NOEC_PREFIX$SSL_SCRIPT $SSL_DIR/$SSL_SCRIPT
 	     cp $SSL_DIR/$NOEC_PREFIX$SSLSTRESS $SSL_DIR/$SSLSTRESS
 	     cp $TOOLS_DIR/$NOEC_PREFIX$TOOLS_SCRIPT $TOOLS_DIR/$TOOLS_SCRIPT 
 	else
 	     echo "Already disabled."
 	fi
    else 
        echo "Needs either \"enable_ecc\" or \"disable_ecc\" as argument."
    fi
 }
 fix_test_scripts $1
--- a/security/nss/tests/smime/ecsmime.sh
+++ b/security/nss/tests/smime/ecsmime.sh
@ -1,260 +0,0 @@
 #! /bin/sh  
 #
 # ***** BEGIN LICENSE BLOCK *****
 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
 #
 # The contents of this file are subject to the Mozilla Public License Version
 # 1.1 (the "License"); you may not use this file except in compliance with
 # the License. You may obtain a copy of the License at
 # http://www.mozilla.org/MPL/
 #
 # Software distributed under the License is distributed on an "AS IS" basis,
 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 # for the specific language governing rights and limitations under the
 # License.
 #
 # The Original Code is the Netscape security libraries.
 #
 # The Initial Developer of the Original Code is
 # Netscape Communications Corporation.
 # Portions created by the Initial Developer are Copyright (C) 1994-2000
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 # in which case the provisions of the GPL or the LGPL are applicable instead
 # of those above. If you wish to allow use of your version of this file only
 # under the terms of either the GPL or the LGPL, and not to allow others to
 # use your version of this file under the terms of the MPL, indicate your
 # decision by deleting the provisions above and replace them with the notice
 # and other provisions required by the GPL or the LGPL. If you do not delete
 # the provisions above, a recipient may use your version of this file under
 # the terms of any one of the MPL, the GPL or the LGPL.
 #
 # ***** END LICENSE BLOCK *****
 ########################################################################
 #
 # mozilla/security/nss/tests/smime/smime.sh
 #
 # Script to test NSS smime
 #
 # needs to work on all Unix and Windows platforms
 #
 # special strings
 # ---------------
 #   FIXME ... known problems, search for this string
 #   NOTE .... unexpected behavior
 #
 ########################################################################
 ############################## smime_init ##############################
 # local shell function to initialize this script
 ########################################################################
 smime_init()
 {
  SCRIPTNAME=smime.sh      # sourced - $0 would point to all.sh
  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
  fi
  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
      cd ../common
      . ./init.sh
  fi
  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
      cd ../cert
      . ./cert.sh
  fi
  SCRIPTNAME=smime.sh
  html_head "S/MIME Tests"
  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
      Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
  }
  SMIMEDIR=${HOSTDIR}/smime
  R_SMIMEDIR=../smime
  mkdir -p ${SMIMEDIR}
  cd ${SMIMEDIR}
  cp ${QADIR}/smime/alice.txt ${SMIMEDIR}
 }
 ############################## smime_main ##############################
 # local shell function to test basic signed and enveloped messages 
 # from 1 --> 2"
 ########################################################################
 smime_main()
 {
  echo "$SCRIPTNAME: Signing Attached Message (ECDSA SHA1) ------------------"
  echo "cmsutil -S -N Alice-ec -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.sig"
  cmsutil -S -N Alice-ec -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.sig
  html_msg $? 0 "Create Signature Alice (ECDSA SHA1)" "."
  echo "cmsutil -D -i alice-ec.sig -d ${P_R_BOBDIR} -o alice-ec.data1"
  cmsutil -D -i alice-ec.sig -d ${P_R_BOBDIR} -o alice-ec.data1
  html_msg $? 0 "Decode Alice's Signature (ECDSA SHA1)" "."
  echo "diff alice.txt alice-ec.data1"
  diff alice.txt alice-ec.data1
  html_msg $? 0 "Compare Decoded Signature and Original (ECDSA SHA1)" "."
  echo "$SCRIPTNAME: Signing Attached Message (SHA1) ------------------"
  echo "cmsutil -S -N Alice -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig"
  cmsutil -S -N Alice -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig
  html_msg $? 0 "Create Signature Alice (SHA1)" "."
  echo "cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1"
  cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1
  html_msg $? 0 "Decode Alice's Signature (SHA1)" "."
  echo "diff alice.txt alice.data1"
  diff alice.txt alice.data1
  html_msg $? 0 "Compare Decoded Signature and Original (SHA1)" "."
  echo "$SCRIPTNAME: Signing Attached Message (SHA256) ------------------"
  echo "cmsutil -S -N Alice -H SHA256 -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig"
  cmsutil -S -N Alice -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig
  html_msg $? 0 "Create Signature Alice (SHA256)" "."
  echo "cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1"
  cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1
  html_msg $? 0 "Decode Alice's Signature (SHA256)" "."
  echo "diff alice.txt alice.data1"
  diff alice.txt alice.data1
  html_msg $? 0 "Compare Decoded Signature and Original (SHA256)" "."
  echo "$SCRIPTNAME: Signing Attached Message (SHA384) ------------------"
  echo "cmsutil -S -N Alice -H SHA384 -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig"
  cmsutil -S -N Alice -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig
  html_msg $? 0 "Create Signature Alice (SHA384)" "."
  echo "cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1"
  cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1
  html_msg $? 0 "Decode Alice's Signature (SHA384)" "."
  echo "diff alice.txt alice.data1"
  diff alice.txt alice.data1
  html_msg $? 0 "Compare Decoded Signature and Original (SHA384)" "."
  echo "$SCRIPTNAME: Signing Attached Message (SHA512) ------------------"
  echo "cmsutil -S -N Alice -H SHA512 -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig"
  cmsutil -S -N Alice -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.sig
  html_msg $? 0 "Create Signature Alice (SHA512)" "."
  echo "cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1"
  cmsutil -D -i alice.sig -d ${P_R_BOBDIR} -o alice.data1
  html_msg $? 0 "Decode Alice's Signature (SHA512)" "."
  echo "diff alice.txt alice.data1"
  diff alice.txt alice.data1
  html_msg $? 0 "Compare Decoded Signature and Original (SHA512)" "."
  echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------"
  echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
  echo "        -o alice.env"
  cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
  html_msg $? 0 "Create Enveloped Data Alice" "."
  echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
  cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
  html_msg $? 0 "Decode Enveloped Data Alice" "."
  echo "diff alice.txt alice.data1"
  diff alice.txt alice.data1
  html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
  # multiple recip
  echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
  echo "cmsutil -E -i alicecc.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
  echo "        -r bob@bogus.com,dave@bogus.com"
  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
          -r bob@bogus.com,dave@bogus.com
  ret=$?
  html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "."
  if [ $ret != 0 ] ; then
 	echo "certutil -L -d ${P_R_ALICEDIR}"
 	certutil -L -d ${P_R_ALICEDIR}
 	echo "certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com"
 	certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com
  fi
  echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
  echo "cmsutil -E -i alicecc.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
  echo "        -r eve@bogus.net"
  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
          -r eve@bogus.net
  ret=$?
  html_msg $ret 0 "Encrypt to a Multiple Email cert" "."
  echo "cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2"
  cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
  html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Bob" "."
  echo "cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3"
  cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
  html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Dave" "."
  echo "cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4"
  cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
  html_msg $? 0 "Decrypt with a Multiple Email cert" "."
  diff alice.txt alice.data2
  html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Bob" "."
  diff alice.txt alice.data3
  html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Dave" "."
  diff alice.txt alice.data4
  html_msg $? 0 "Compare Decoded with Multiple Email cert" "."
  echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------"
  echo "cmsutil -O -r \"Alice,bob@bogus.com,dave@bogus.com\" \\"
  echo "        -d ${P_R_ALICEDIR} > co.der"
  cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
  html_msg $? 0 "Create Certs-Only Alice" "."
  echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}"
  cmsutil -D -i co.der -d ${P_R_BOBDIR}
  html_msg $? 0 "Verify Certs-Only by CA" "."
  echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------"
  echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\"
  echo "        -r \"bob@bogus.com\" > alice.enc"
  cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
          -r "bob@bogus.com" > alice.enc
  html_msg $? 0 "Create Encrypted-Data" "."
  echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\"
  echo "        -o alice.data2"
  cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
  html_msg $? 0 "Decode Encrypted-Data" "."
  diff alice.txt alice.data2
  html_msg $? 0 "Compare Decoded and Original Data" "."
 }
 ############################## smime_cleanup ###########################
 # local shell function to finish this script (no exit since it might be
 # sourced)
 ########################################################################
 smime_cleanup()
 {
  html "</TABLE><BR>"
  cd ${QADIR}
  . common/cleanup.sh
 }
 ################## main #################################################
 smime_init
 smime_main
 smime_cleanup
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@ -21,6 +21,7 @@
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -71,7 +72,12 @@ smime_init()
      . ./cert.sh
  fi
  SCRIPTNAME=smime.sh
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      html_head "S/MIME Tests with ECC"
  else
      html_head "S/MIME Tests"
  fi
  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
      Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
@ -110,6 +116,32 @@ smime_sign()
  echo "diff alice.txt alice.data.${HASH}"
  diff alice.txt alice.data.${HASH}
  html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
 # Test ECDSA signing for all hash algorithms.
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
      echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
      cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
      html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
      echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
      cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
      html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
      echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
      echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
      cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
      html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
      echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
      cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
      html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
      echo "diff alice.txt alice-ec.data.${HASH}"
      diff alice.txt alice-ec.data.${HASH}
      html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
  fi
 }
@ -146,7 +178,7 @@ smime_main()
  # multiple recip
  echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
-  echo "cmsutil -E -i alicecc.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
+  echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
  echo "        -r bob@bogus.com,dave@bogus.com"
  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
          -r bob@bogus.com,dave@bogus.com
@ -160,7 +192,7 @@ smime_main()
  fi
  echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
-  echo "cmsutil -E -i alicecc.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
+  echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
  echo "        -r eve@bogus.net"
  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
          -r eve@bogus.net
--- a/security/nss/tests/ssl/ecssl.sh
+++ b/security/nss/tests/ssl/ecssl.sh
@ -1,350 +0,0 @@
 #! /bin/sh
 #
 # ***** BEGIN LICENSE BLOCK *****
 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
 #
 # The contents of this file are subject to the Mozilla Public License Version
 # 1.1 (the "License"); you may not use this file except in compliance with
 # the License. You may obtain a copy of the License at
 # http://www.mozilla.org/MPL/
 #
 # Software distributed under the License is distributed on an "AS IS" basis,
 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 # for the specific language governing rights and limitations under the
 # License.
 #
 # The Original Code is the Netscape security libraries.
 #
 # The Initial Developer of the Original Code is
 # Netscape Communications Corporation.
 # Portions created by the Initial Developer are Copyright (C) 1994-2000
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 # in which case the provisions of the GPL or the LGPL are applicable instead
 # of those above. If you wish to allow use of your version of this file only
 # under the terms of either the GPL or the LGPL, and not to allow others to
 # use your version of this file under the terms of the MPL, indicate your
 # decision by deleting the provisions above and replace them with the notice
 # and other provisions required by the GPL or the LGPL. If you do not delete
 # the provisions above, a recipient may use your version of this file under
 # the terms of any one of the MPL, the GPL or the LGPL.
 #
 # ***** END LICENSE BLOCK *****
 ########################################################################
 #
 # mozilla/security/nss/tests/ssl/ecssl.sh
 #
 # Script to test NSS SSL
 #
 # needs to work on all Unix and Windows platforms
 #
 # special strings
 # ---------------
 #   FIXME ... known problems, search for this string
 #   NOTE .... unexpected behavior
 #
 ########################################################################
 ############################## ssl_init ################################
 # local shell function to initialize this script
 ########################################################################
 ssl_init()
 {
  SCRIPTNAME=ssl.sh      # sourced - $0 would point to all.sh
  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
  fi
  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
      cd ../common
      . ./init.sh
  fi
  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
      cd ../cert
      . ./cert.sh
  fi
  SCRIPTNAME=ssl.sh
  echo "$SCRIPTNAME: SSL tests ==============================="
  grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || {
      html_head "SSL Test failure"
      Exit 8 "Fatal - SSL of cert.sh needs to pass first"
  }
  PORT=${PORT-8443}
  # Test case files
  SSLCOV=${QADIR}/ssl/sslcov.txt
  SSLAUTH=${QADIR}/ssl/sslauth.txt
  SSLSTRESS=${QADIR}/ssl/sslstress.txt
  REQUEST_FILE=${QADIR}/ssl/sslreq.txt
  #temparary files
  SERVEROUTFILE=${TMP}/tests_server.$$
  SERVERPID=${TMP}/tests_pid.$$
  R_SERVERPID=../tests_pid.$$
  TEMPFILES="$TMPFILES ${SERVEROUTFILE}  ${SERVERPID}"
  fileout=0 #FIXME, looks like all.sh tried to turn this on but actually didn't
  #fileout=1
  #verbose="-v" #FIXME - see where this is usefull
  USER_NICKNAME=TestUser
  NORM_EXT=""
  cd ${CLIENTDIR}
 }
 ########################### is_selfserv_alive ##########################
 # local shell function to exit with a fatal error if selfserver is not
 # running
 ########################################################################
 is_selfserv_alive()
 {
  if [ ! -f "${SERVERPID}" ]; then
      echo "$SCRIPTNAME: Error - selfserv PID file ${SERVERPID} doesn't exist"
      sleep 5
      if [ ! -f "${SERVERPID}" ]; then
          Exit 9 "Fatal - selfserv pid file ${SERVERPID} does not exist"
      fi
  fi
  PID=`cat ${SERVERPID}`
  #if  [ "${OS_ARCH}" = "Linux" ]; then
      kill -0 $PID >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
  #else
      #$PS -e | grep $PID >/dev/null || \
          #Exit 10 "Fatal - selfserv process not detectable"
  #fi
 }
 ########################### wait_for_selfserv ##########################
 # local shell function to wait until selfserver is running and initialized
 ########################################################################
 wait_for_selfserv()
 {
  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -q "
  echo "        -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \\"
  #echo "tstclnt -q started at `date`"
  tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
  if [ $? -ne 0 ]; then
      html_failed "<TR><TD> Wait for Server "
      echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} -q \\"
      echo "               -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
      tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
  elif [ sparam = "-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz" ] ; then # "$1" = "cov" ] ; then
      html_passed "<TR><TD> Wait for Server"
  fi
  is_selfserv_alive
 }
 ########################### kill_selfserv ##############################
 # local shell function to kill the selfserver after the tests are done
 ########################################################################
 kill_selfserv()
 {
  ${KILL} `cat ${SERVERPID}`
  wait `cat ${SERVERPID}`
  if [ ${fileout} -eq 1 ]; then
      cat ${SERVEROUTFILE}
  fi
  # On Linux selfserv needs up to 30 seconds to fully die and free
  # the port.  Wait until the port is free. (Bug 129701)
  if [ "${OS_ARCH}" = "Linux" ]; then
      until selfserv -b -p ${PORT} 2>/dev/null; do
          sleep 1
      done
  fi
  rm ${SERVERPID}
 }
 ########################### start_selfserv #############################
 # local shell function to start the selfserver with the parameters required 
 # for this test and log information (parameters, start time)
 # also: wait until the server is up and running
 ########################################################################
 start_selfserv()
 {
  if [ -n "$testname" ] ; then
      echo "$SCRIPTNAME: $testname ----"
  fi
  sparam=`echo $sparam | sed -e 's;_; ;g'`
  echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \\"
  echo "         -e ${HOSTADDR}-ec \\"
  echo "         -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
  echo "selfserv started at `date`"
  if [ ${fileout} -eq 1 ]; then
      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \
 	       -e ${HOSTADDR}-ec \
               -w nss ${sparam} -i ${R_SERVERPID} $verbose \
               > ${SERVEROUTFILE} 2>&1 &
  else
      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \
 	       -e ${HOSTADDR}-ec \
               -w nss ${sparam} -i ${R_SERVERPID} $verbose &
  fi
  wait_for_selfserv
 }
 ############################## ssl_cov #################################
 # local shell function to perform SSL Cipher Coverage tests
 ########################################################################
 ssl_cov()
 {
  html_head "SSL Cipher Coverage $NORM_EXT"
  testname=""
  sparam="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz"
  start_selfserv # Launch the server
  p=""
  while read tls param testname
  do
      p=`echo "$testname" | sed -e "s/ .*//"`   #sonmi, only run extended test on SSL3 and TLS
      if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then
          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
      elif [ "$tls" != "#" ] ; then
          echo "$SCRIPTNAME: running $testname ----------------------------"
          TLS_FLAG=-T
          if [ $tls = "TLS" ]; then
              TLS_FLAG=""
          fi
          is_selfserv_alive
          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} \\"
          echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
          tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} -f \
                  -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                  >${TMP}/$HOST.tmp.$$  2>&1
          ret=$?
          cat ${TMP}/$HOST.tmp.$$ 
          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
          html_msg $ret 0 "${testname}"
      fi
  done < ${SSLCOV}
  kill_selfserv
  html "</TABLE><BR>"
 }
 ############################## ssl_auth ################################
 # local shell function to perform SSL  Client Authentication tests
 ########################################################################
 ssl_auth()
 {
  html_head "SSL Client Authentication $NORM_EXT"
  while read value sparam cparam testname
  do
      if [ $value != "#" ]; then
          cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
          start_selfserv
          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
          tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
                  -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                  >${TMP}/$HOST.tmp.$$  2>&1
          ret=$?
          cat ${TMP}/$HOST.tmp.$$ 
          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
          html_msg $ret $value "${testname}" \
                   "produced a returncode of $ret, expected is $value"
          kill_selfserv
      fi
  done < ${SSLAUTH}
  html "</TABLE><BR>"
 }
 ############################## ssl_stress ##############################
 # local shell function to perform SSL stress test
 ########################################################################
 ssl_stress()
 {
  html_head "SSL Stress Test $NORM_EXT"
  while read value sparam cparam testname
  do
      p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"`   #sonmi, only run extended test on SSL3 and TLS
      if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then
          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
      elif [ $value != "#" ]; then
          cparam=`echo $cparam | sed -e 's;_; ;g'`
          start_selfserv
          if [ `uname -n` = "sjsu" ] ; then
              echo "debugging disapering selfserv... ps -ef | grep selfserv"
              ps -ef | grep selfserv
          fi
          echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} -w nss $cparam \\"
          echo "         $verbose ${HOSTADDR}"
          echo "strsclnt started at `date`"
          strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} -w nss $cparam \
                   $verbose ${HOSTADDR}
          ret=$?
          echo "strsclnt completed at `date`"
          html_msg $ret $value "${testname}"
          if [ `uname -n` = "sjsu" ] ; then
              echo "debugging disapering selfserv... ps -ef | grep selfserv"
              ps -ef | grep selfserv
          fi
          kill_selfserv
      fi
  done < ${SSLSTRESS}
  html "</TABLE><BR>"
 }
 ############################## ssl_cleanup #############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
 ########################################################################
 ssl_cleanup()
 {
  rm $SERVERPID 2>/dev/null
  cd ${QADIR}
  . common/cleanup.sh
 }
 ################## main #################################################
 #this script may be sourced from the distributed stress test - in this case do nothing...
 if [ -z  "$DO_REM_ST" -a -z  "$DO_DIST_ST" ] ; then
    ssl_init
    ssl_cov
    ssl_auth
    ssl_stress
    SERVERDIR=$EXT_SERVERDIR
    CLIENTDIR=$EXT_CLIENTDIR
    R_SERVERDIR=$R_EXT_SERVERDIR
    R_CLIENTDIR=$R_EXT_CLIENTDIR
    P_R_SERVERDIR=$P_R_EXT_SERVERDIR
    P_R_CLIENTDIR=$P_R_EXT_CLIENTDIR
    USER_NICKNAME=ExtendedSSLUser
    NORM_EXT="Extended test"
    cd ${CLIENTDIR}
    ssl_cov
    ssl_auth
    ssl_stress
    ssl_cleanup
 fi
--- a/security/nss/tests/ssl/ecsslauth.txt
+++ b/security/nss/tests/ssl/ecsslauth.txt
@ -1,50 +0,0 @@
 #
 # This file defines the tests for client auth.
 #
 # expected
 #  return  server     client                         Test Case name
 #   value  params     params
 #  ------  ------     ------                         ---------------
     0       -r           -w_nss_-n_none           TLS Request don't require client auth (client does not provide auth)
     0       -r           -w_bogus_-n_TestUser     TLS Request don't require client auth (bad password)
     0       -r           -w_nss_-n_TestUser       TLS Request don't require client auth (client auth)
    254      -r_-r        -w_nss_-n_none           TLS Require client auth (client does not provide auth)
    254      -r_-r        -w_bogus_-n_TestUser     TLS Require client auth (bad password)
     0       -r_-r        -w_nss_-n_TestUser_      TLS Require client auth (client auth)
     0       -r           -T_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
     0       -r           -T_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
     0       -r           -T_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
    254      -r_-r        -T_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
    254      -r_-r        -T_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
     0       -r_-r        -T_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
     0       -r_-r_-r     -w_nss_-n_none           TLS Request don't require client auth on 2nd hs (client does not provide auth)
     0       -r_-r_-r     -w_bogus_-n_TestUser     TLS Request don't require client auth on 2nd hs (bad password)
     0       -r_-r_-r     -w_nss_-n_TestUser       TLS Request don't require client auth on 2nd hs (client auth)
     1       -r_-r_-r_-r  -w_nss_-n_none           TLS Require client auth on 2nd hs (client does not provide auth)
     1       -r_-r_-r_-r  -w_bogus_-n_TestUser     TLS Require client auth on 2nd hs (bad password)
     0       -r_-r_-r_-r  -w_nss_-n_TestUser_      TLS Require client auth on 2nd hs (client auth)
     0       -r_-r_-r     -T_-w_nss_-n_none        SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
     0       -r_-r_-r     -T_-n_TestUser_-w_bogus  SSL3 Request don't require client auth on 2nd hs (bad password)
     0       -r_-r_-r     -T_-n_TestUser_-w_nss    SSL3 Request don't require client auth on 2nd hs (client auth)
     1       -r_-r_-r_-r  -T_-w_nss_-n_none        SSL3 Require client auth on 2nd hs (client does not provide auth)
     1       -r_-r_-r_-r  -T_-n_TestUser_-w_bogus  SSL3 Require client auth on 2nd hs (bad password)
     0       -r_-r_-r_-r  -T_-n_TestUser_-w_nss    SSL3 Require client auth on 2nd hs (client auth)
 #
 # Use EC cert for client authentication
 #
     0       -r           -w_bogus_-n_TestUser-ec     TLS Request don't require client auth (EC) (bad password)
     0       -r           -w_nss_-n_TestUser-ec       TLS Request don't require client auth (EC) (client auth)
    254      -r_-r        -w_bogus_-n_TestUser-ec     TLS Require client auth (EC) (bad password)
     0       -r_-r        -w_nss_-n_TestUser-ec_      TLS Require client auth (EC) (client auth)
     0       -r           -T_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth (EC) (bad password)
     0       -r           -T_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth (EC) (client auth)
    254      -r_-r        -T_-n_TestUser-ec_-w_bogus  SSL3 Require client auth (EC) (bad password)
     0       -r_-r        -T_-n_TestUser-ec_-w_nss    SSL3 Require client auth (EC) (client auth)
     0       -r_-r_-r     -w_bogus_-n_TestUser-ec     TLS Request don't require client auth on 2nd hs (EC) (bad password)
     0       -r_-r_-r     -w_nss_-n_TestUser-ec       TLS Request don't require client auth on 2nd hs (EC) (client auth)
     1       -r_-r_-r_-r  -w_bogus_-n_TestUser-ec     TLS Require client auth on 2nd hs (EC) (bad password)
     0       -r_-r_-r_-r  -w_nss_-n_TestUser-ec_      TLS Require client auth on 2nd hs (EC) (client auth)
     0       -r_-r_-r     -T_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
     0       -r_-r_-r     -T_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
     1       -r_-r_-r_-r  -T_-n_TestUser-ec_-w_bogus  SSL3 Require client auth on 2nd hs (EC) (bad password)
     0       -r_-r_-r_-r  -T_-n_TestUser-ec_-w_nss    SSL3 Require client auth on 2nd hs (EC) (client auth)
--- a/security/nss/tests/ssl/ecsslcov.txt
+++ b/security/nss/tests/ssl/ecsslcov.txt
@ -1,94 +0,0 @@
 #
 # This file enables test coverage of the various SSL ciphers
 #
 # NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We
 # mix up the enable functions so we can tests boths paths.
 #
 # Enable Cipher Test Name 
 #  TLS
 #
  noTLS   A    SSL2 RC4 128 WITH MD5
   TLS    B    SSL2 RC4 128 EXPORT40 WITH MD5
   TLS    C    SSL2 RC2 128 CBC WITH MD5
  noTLS   D    SSL2 RC2 128 CBC EXPORT40 WITH MD5
   TLS    E    SSL2 DES 64 CBC WITH MD5
  noTLS   F    SSL2 DES 192 EDE3 CBC WITH MD5
 #
 # ECC ciphers (SSL3)
 #
  noTLS  :C001 SSL3 ECDH ECDSA WITH NULL SHA
  noTLS  :C002 SSL3 ECDH ECDSA WITH RC4 128 SHA
  noTLS  :C003 SSL3 ECDH ECDSA WITH 3DES EDE CBC SHA
  noTLS  :C004 SSL3 ECDH ECDSA WITH AES 128 CBC SHA
  noTLS  :C005 SSL3 ECDH ECDSA WITH AES 256 CBC SHA
  noTLS  :C006 SSL3 ECDHE ECDSA WITH NULL SHA
  noTLS  :C007 SSL3 ECDHE ECDSA WITH RC4 128 SHA
  noTLS  :C008 SSL3 ECDHE ECDSA WITH 3DES EDE CBC SHA
  noTLS  :C009 SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
  noTLS  :C00A SSL3 ECDHE ECDSA WITH AES 256 CBC SHA
  noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
  noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
  noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
  noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
  noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
  noTLS  :C010 SSL3 ECDHE RSA WITH NULL SHA
  noTLS  :C011 SSL3 ECDHE RSA WITH RC4 128 SHA
  noTLS  :C012 SSL3 ECDHE RSA WITH 3DES EDE CBC SHA
  noTLS  :C013 SSL3 ECDHE RSA WITH AES 128 CBC SHA
  noTLS  :C014 SSL3 ECDHE RSA WITH AES 256 CBC SHA
 #
 # ECC ciphers (TLS)
 #
   TLS   :C001 TLS ECDH ECDSA WITH NULL SHA
   TLS   :C002 TLS ECDH ECDSA WITH RC4 128 SHA
   TLS   :C003 TLS ECDH ECDSA WITH 3DES EDE CBC SHA
   TLS   :C004 TLS ECDH ECDSA WITH AES 128 CBC SHA
   TLS   :C005 TLS ECDH ECDSA WITH AES 256 CBC SHA
   TLS   :C006 TLS ECDHE ECDSA WITH NULL SHA
   TLS   :C007 TLS ECDHE ECDSA WITH RC4 128 SHA
   TLS   :C008 TLS ECDHE ECDSA WITH 3DES EDE CBC SHA
   TLS   :C009 TLS ECDHE ECDSA WITH AES 128 CBC SHA
   TLS   :C00A TLS ECDHE ECDSA WITH AES 256 CBC SHA
   TLS   :C00B TLS ECDH RSA WITH NULL SHA
   TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
   TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
   TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
   TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
   TLS   :C010 TLS ECDHE RSA WITH NULL SHA
   TLS   :C011 TLS ECDHE RSA WITH RC4 128 SHA
   TLS   :C012 TLS ECDHE RSA WITH 3DES EDE CBC SHA
   TLS   :C013 TLS ECDHE RSA WITH AES 128 CBC SHA
   TLS   :C014 TLS ECDHE RSA WITH AES 256 CBC SHA
 #
 # noTLS   a    SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA
 # noTLS   b    SSL3 FORTEZZA DMS WITH RC4 128 SHA
  noTLS   c    SSL3 RSA WITH RC4 128 MD5
  noTLS   d    SSL3 RSA WITH 3DES EDE CBC SHA
  noTLS   e    SSL3 RSA WITH DES CBC SHA
  noTLS   f    SSL3 RSA EXPORT WITH RC4 40 MD5
  noTLS   g    SSL3 RSA EXPORT WITH RC2 CBC 40 MD5
 # noTLS   h    SSL3 FORTEZZA DMS WITH NULL SHA
  noTLS   i    SSL3 RSA WITH NULL MD5
  noTLS   j    SSL3 RSA FIPS WITH 3DES EDE CBC SHA
  noTLS   k    SSL3 RSA FIPS WITH DES CBC SHA
  noTLS   l    SSL3 RSA EXPORT WITH DES CBC SHA   (new)
  noTLS   m    SSL3 RSA EXPORT WITH RC4 56 SHA    (new)
  noTLS   n    SSL3 RSA WITH RC4 128 SHA
  noTLS   v    SSL3 RSA WITH AES 128 CBC SHA
  noTLS   y    SSL3 RSA WITH AES 256 CBC SHA
  noTLS   z    SSL3 RSA WITH NULL SHA
 #
   TLS    c    TLS RSA WITH RC4 128 MD5
   TLS    d    TLS RSA WITH 3DES EDE CBC SHA
   TLS    e    TLS RSA WITH DES CBC SHA
   TLS    f    TLS RSA EXPORT WITH RC4 40 MD5
   TLS    g    TLS RSA EXPORT WITH RC2 CBC 40 MD5
   TLS    i    TLS RSA WITH NULL MD5
   TLS    j    TLS RSA FIPS WITH 3DES EDE CBC SHA
   TLS    k    TLS RSA FIPS WITH DES CBC SHA
   TLS    l    TLS RSA EXPORT WITH DES CBC SHA   (new)
   TLS    m    TLS RSA EXPORT WITH RC4 56 SHA    (new)
   TLS    n    TLS RSA WITH RC4 128 SHA
   TLS    v    TLS RSA WITH AES 128 CBC SHA
   TLS    y    TLS RSA WITH AES 256 CBC SHA
   TLS    z    TLS RSA WITH NULL SHA
--- a/security/nss/tests/ssl/ecsslstress.txt
+++ b/security/nss/tests/ssl/ecsslstress.txt
@ -1,25 +0,0 @@
 #
 # This file defines the tests for client auth.
 #
 # expected
 #  return  server     client                         Test Case name
 #   value  params     params
 #  ------  ------     ------                         ---------------
     0      _     -c_1000_-C_A             Stress SSL2 RC4 128 with MD5
     0      _     -c_1000_-C_c_-T          Stress SSL3 RC4 128 with MD5
     0      _     -c_1000_-C_c             Stress TLS  RC4 128 with MD5
 #
 # ECC ciphers
 # XXX Session reuse does not seem to work for ECDH-ECDSA, ECDHE-ECDSA ciphers
 # but works ok for ECDHE-RSA ciphers. With session reuse turned off
 # setting up 1000 connections would take too long so use only 10 connections
 #
     0      -c_:C009  -c_10_-C_:C009_-N_-T Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
     0      -c_:C013  -c_100_-C_:C013_-T  Stress SSL3 ECDHE-RSA AES 128 CBC with SHA
     0      -c_:C004  -c_10_-C_:C004_-N    Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
     0      -c_:C00E  -c_10_-C_:C00E_-N    Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
     0      -c_:C013  -c_100_-C_:C013     Stress TLS ECDHE-RSA AES 128 CBC with SHA
 #
 # add client auth versions here...
 #
 #     0       -r  -w_bogus_-n_"Test_User"     TLS Request don't require client auth (bad password)
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@ -21,6 +21,7 @@
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -102,6 +103,12 @@ ssl_init()
  USER_NICKNAME=TestUser
  NORM_EXT=""
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      ECC_STRING=" - with ECC"
  else
      ECC_STRING=""
  fi
  cd ${CLIENTDIR}
 }
@ -147,7 +154,7 @@ wait_for_selfserv()
      echo "               -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
      tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
              -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
-  elif [ sparam = "-c ABCDEFcdefgijklmnvyz" ] ; then # "$1" = "cov" ] ; then
+  elif [ "$sparam" = "$CSHORT" -o "$sparam" = "$CLONG" ] ; then
      html_passed "<TR><TD> Wait for Server"
  fi
  is_selfserv_alive
@ -189,16 +196,21 @@ start_selfserv()
      echo "$SCRIPTNAME: $testname ----"
  fi
  sparam=`echo $sparam | sed -e 's;_; ;g'`
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      ECC_OPTIONS="-e ${HOSTADDR}-ec"
  else
      ECC_OPTIONS=""
  fi
  echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
-  echo "         -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
+  echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
  echo "selfserv started at `date`"
  if [ ${fileout} -eq 1 ]; then
      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
-               -w nss ${sparam} -i ${R_SERVERPID} $verbose \
+               ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose \
               > ${SERVEROUTFILE} 2>&1 &
  else
      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
-               -w nss ${sparam} -i ${R_SERVERPID} $verbose &
+               ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &
  fi
  # The PID $! returned by the MKS or Cygwin shell is not the PID of
  # the real background process, but rather the PID of a helper
@ -221,24 +233,30 @@ start_selfserv()
 ########################################################################
 ssl_cov()
 {
-  html_head "SSL Cipher Coverage $NORM_EXT - $BYPASS_STRING"
+  html_head "SSL Cipher Coverage $NORM_EXT - $BYPASS_STRING $ECC_STRING"
  testname=""
-  sparam="-c ABCDEFcdefgijklmnvyz"
+  if [ -n "$NSS_ENABLE_ECC" ] ; then
      sparam="$CLONG"
  else
      sparam="$CSHORT"
  fi
  start_selfserv # Launch the server
  p=""
-  while read tls param testname
+  while read ectype tls param testname
  do
      p=`echo "$testname" | sed -e "s/ .*//"`   #sonmi, only run extended test on SSL3 and TLS
      if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended Test" ] ; then
          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ "$tls" != "#" ] ; then
+      elif [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
      elif [ "$ectype" != "#" ] ; then
          echo "$SCRIPTNAME: running $testname ----------------------------"
          TLS_FLAG=-T
-          if [ $tls = "TLS" ]; then
+          if [ "$tls" = "TLS" ]; then
              TLS_FLAG=""
          fi
@ -266,11 +284,13 @@ ssl_cov()
 ########################################################################
 ssl_auth()
 {
-  html_head "SSL Client Authentication $NORM_EXT - $BYPASS_STRING"
+  html_head "SSL Client Authentication $NORM_EXT - $BYPASS_STRING $ECC_STRING"
-  while read value sparam cparam testname
+  while read ectype value sparam cparam testname
  do
-      if [ $value != "#" ]; then
+      if [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
      elif [ "$ectype" != "#" ]; then
          cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
          start_selfserv
@ -299,17 +319,19 @@ ssl_auth()
 ########################################################################
 ssl_stress()
 {
-  html_head "SSL Stress Test $NORM_EXT - $BYPASS_STRING"
+  html_head "SSL Stress Test $NORM_EXT - $BYPASS_STRING $ECC_STRING"
-  while read value sparam cparam testname
+  while read ectype value sparam cparam testname
  do
      p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"`   #sonmi, only run extended test on SSL3 and TLS
      if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended Test" ] ; then
          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ $value != "#" ]; then
+      elif [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
      elif [ "$ectype" != "#" ]; then
          cparam=`echo $cparam | sed -e 's;_; ;g'`
          start_selfserv
-          if [ `uname -n` = "sjsu" ] ; then
+          if [ "`uname -n`" = "sjsu" ] ; then
              echo "debugging disapering selfserv... ps -ef | grep selfserv"
              ps -ef | grep selfserv
          fi
@ -322,7 +344,7 @@ ssl_stress()
          ret=$?
          echo "strsclnt completed at `date`"
          html_msg $ret $value "${testname}"
-          if [ `uname -n` = "sjsu" ] ; then
+          if [ "`uname -n`" = "sjsu" ] ; then
              echo "debugging disapering selfserv... ps -ef | grep selfserv"
              ps -ef | grep selfserv
          fi
@ -339,7 +361,7 @@ ssl_stress()
 ssl_crl_ssl()
 {
-  html_head "CRL SSL Client Tests $NORM_EXT"
+  html_head "CRL SSL Client Tests $NORM_EXT $ECC_STRING"
  # Using First CRL Group for this test. There are $CRL_GRP_1_RANGE certs in it.
  # Cert number $UNREVOKED_CERT_GRP_1 was not revoked
@ -347,9 +369,11 @@ ssl_crl_ssl()
  CRL_GROUP_RANGE=$CRL_GRP_1_RANGE
  UNREVOKED_CERT=$UNREVOKED_CERT_GRP_1
-  while read value sparam cparam testname
+  while read ectype value sparam cparam testname
  do
-    if [ $value != "#" ]; then
+    if [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
        echo "$SCRIPTNAME: skipping $testname (ECC only)"
    elif [ "$ectype" != "#" ]; then
 	servarg=`echo $sparam | awk '{r=split($0,a,"-r") - 1;print r;}'`
 	pwd=`echo $cparam | grep nss`
 	user=`echo $cparam | grep TestUser`
@ -443,6 +467,7 @@ is_revoked() {
 load_group_crl() {
    group=$1
    ectype=$2
    OUTFILE_TMP=${TMP}/$HOST.tmp.$$
    grpBegin=`eval echo \$\{CRL_GRP_${group}_BEGIN\}`
@ -454,6 +479,15 @@ load_group_crl() {
        return 1;
    fi
    # Add -ec suffix for ECC
    if [ "$ectype" = "ECC" ] ; then
      ecsuffix="-ec"
      eccomment="ECC "
    else
      ecsuffix=""
      eccomment=""
    fi
    if [ "$RELOAD_CRL" != "" ]; then
        if [ $group -eq 1 ]; then
            echo "==================== Resetting to group 1 crl ==================="
@ -461,18 +495,18 @@ load_group_crl() {
            start_selfserv
            is_selfserv_alive
        fi
-        echo "================= Reloading CRL for group $grpBegin - $grpEnd ============="
+        echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
        echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
-        echo "          -w nss -n TestUser${UNREVOKED_CERT_GRP_1}"
+        echo "          -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
        echo "Request:"
-        echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}"
+        echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
        echo ""
        echo "RELOAD time $i"
        tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
-            -d ${R_CLIENTDIR} -w nss -n TestUser${UNREVOKED_CERT_GRP_1} \
+            -d ${R_CLIENTDIR} -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
-            <<_EOF_REQUEST_ >${OUTFILE_TMP}  2>&1
+	    >${OUTFILE_TMP}  2>&1 <<_EOF_REQUEST_
-GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}
+GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
 _EOF_REQUEST_
        cat ${OUTFILE_TMP}
@ -485,11 +519,12 @@ _EOF_REQUEST_
        echo "=== Updating DB for group $grpBegin - $grpEnd and restarting selfserv ====="
        kill_selfserv
-        CU_ACTION="Importing CRL for groups $grpBegin - $grpEnd"
+        CU_ACTION="Importing ${eccomment}CRL for groups $grpBegin - $grpEnd"
-        crlu -d ${R_SERVERDIR} -I -i ${SERVERDIR}/root.crl_${grpBegin}-${grpEnd} \
+        crlu -d ${R_SERVERDIR} -I -i ${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix} \
             -p ../tests.pw.928
        ret=$?
        if [ "$ret" -eq 0 ]; then
 	    html_passed "<TR><TD> ${CU_ACTION}"
            return 1
        fi
        start_selfserv        
@ -502,7 +537,7 @@ _EOF_REQUEST_
 ssl_crl_cache()
 {
-  html_head "Cache CRL SSL Client Tests $NORM_EXT"
+  html_head "Cache CRL SSL Client Tests $NORM_EXT $ECC_STRING"
  SSLAUTH_TMP=${TMP}/authin.tl.tmp
  SERV_ARG=-r_-r
  rm -f ${SSLAUTH_TMP}
@ -514,8 +549,11 @@ ssl_crl_cache()
    do
    sparam=$SERV_ARG
    start_selfserv
-    while read value sparam cparam testname
+    while read ectype value sparam cparam testname
      do
      if [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
        echo "$SCRIPTNAME: skipping  $testname (ECC only)"
      else
        servarg=`echo $sparam | awk '{r=split($0,a,"-r") - 1;print r;}'`
        pwd=`echo $cparam | grep nss`
        user=`echo $cparam | grep TestUser`
@ -584,12 +622,16 @@ ssl_crl_cache()
          LOADED_GRP=`expr $LOADED_GRP + 1`
          TEMP_NUM=0
          if [ "$LOADED_GRP" -le "$TOTAL_GRP_NUM" ]; then
-            load_group_crl $LOADED_GRP
+              load_group_crl $LOADED_GRP $ectype
-            html_msg $ret 0 "Load group $LOADED_GRP crl " \
+              html_msg $ret 0 "Load group $LOADED_GRP ${eccomment}crl " \
                  "produced a returncode of $ret, expected is 0"
          fi
        done
-      load_group_crl 1
+        # Restart selfserv to roll back to two initial group 1 crls
        # TestCA CRL and TestCA-ec CRL 
        kill_selfserv
        start_selfserv
      fi
    done < ${SSLAUTH_TMP}
    kill_selfserv
    SERV_ARG="${SERV_ARG}_-r"
@ -637,7 +679,7 @@ ssl_run()
    ssl_auth
    ssl_stress
-    # the next round off ssl tests will only run if these vars are reset
+    # the next round of ssl tests will only run if these vars are reset
    SERVERDIR=$ORIG_SERVERDIR
    CLIENTDIR=$ORIG_CLIENTDIR
    R_SERVERDIR=$ORIG_R_SERVERDIR
@ -647,13 +689,15 @@ ssl_run()
    USER_NICKNAME=TestUser
    NORM_EXT=
    cd ${QADIR}/ssl
    ssl_cleanup
 }
 ################## main #################################################
 #this script may be sourced from the distributed stress test - in this case do nothing...
 CSHORT="-c ABCDEFcdefgijklmnvyz"
 CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz"
 if [ -z  "$DO_REM_ST" -a -z  "$DO_DIST_ST" ] ; then
    ssl_init
@ -668,7 +712,6 @@ if [ -z  "$DO_REM_ST" -a -z  "$DO_DIST_ST" ] ; then
    ssl_crl_ssl
    ssl_crl_cache
    ssl_cleanup
    # Test all combinations of server bypass and client bypass
    CLIENT_OPTIONS="-B -s"
@ -680,4 +723,5 @@ if [ -z  "$DO_REM_ST" -a -z  "$DO_DIST_ST" ] ; then
    BYPASS_STRING="Server Bypass"
    ssl_run
    ssl_cleanup
 fi
--- a/security/nss/tests/ssl/sslauth.txt
+++ b/security/nss/tests/ssl/sslauth.txt
@ -2,30 +2,49 @@
 # This file defines the tests for client auth.
 #
 #        expected
-#  return  server     client                         Test Case name
+# Enable  return  server     client                         Test Case name
-#   value  params     params
+#  ECC     value  params     params
-#  ------  ------     ------                         ---------------
+# ------- ------  ------     ------                         ---------------
-     0       -r           -w_nss_-n_none           TLS Request don't require client auth (client does not provide auth)
+  noECC     0       -r           -w_nss_-n_none           TLS Request don't require client auth (client does not provide auth)
-     0       -r           -w_bogus_-n_TestUser     TLS Request don't require client auth (bad password)
+  noECC     0       -r           -w_bogus_-n_TestUser     TLS Request don't require client auth (bad password)
-     0       -r           -w_nss_-n_TestUser       TLS Request don't require client auth (client auth)
+  noECC     0       -r           -w_nss_-n_TestUser       TLS Request don't require client auth (client auth)
-    254      -r_-r        -w_nss_-n_none           TLS Require client auth (client does not provide auth)
+  noECC    254      -r_-r        -w_nss_-n_none           TLS Require client auth (client does not provide auth)
-    254      -r_-r        -w_bogus_-n_TestUser     TLS Require client auth (bad password)
+  noECC    254      -r_-r        -w_bogus_-n_TestUser     TLS Require client auth (bad password)
-     0       -r_-r        -w_nss_-n_TestUser_      TLS Require client auth (client auth)
+  noECC     0       -r_-r        -w_nss_-n_TestUser_      TLS Require client auth (client auth)
-     0       -r           -T_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
+  noECC     0       -r           -T_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
-     0       -r           -T_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
+  noECC     0       -r           -T_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
-     0       -r           -T_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
+  noECC     0       -r           -T_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
-    254      -r_-r        -T_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
+  noECC    254      -r_-r        -T_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
-    254      -r_-r        -T_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
+  noECC    254      -r_-r        -T_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
-     0       -r_-r        -T_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
+  noECC     0       -r_-r        -T_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
-     0       -r_-r_-r     -w_nss_-n_none           TLS Request don't require client auth on 2nd hs (client does not provide auth)
+  noECC     0       -r_-r_-r     -w_nss_-n_none           TLS Request don't require client auth on 2nd hs (client does not provide auth)
-     0       -r_-r_-r     -w_bogus_-n_TestUser     TLS Request don't require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r     -w_bogus_-n_TestUser     TLS Request don't require client auth on 2nd hs (bad password)
-     0       -r_-r_-r     -w_nss_-n_TestUser       TLS Request don't require client auth on 2nd hs (client auth)
+  noECC     0       -r_-r_-r     -w_nss_-n_TestUser       TLS Request don't require client auth on 2nd hs (client auth)
-     1       -r_-r_-r_-r  -w_nss_-n_none           TLS Require client auth on 2nd hs (client does not provide auth)
+  noECC     1       -r_-r_-r_-r  -w_nss_-n_none           TLS Require client auth on 2nd hs (client does not provide auth)
-     1       -r_-r_-r_-r  -w_bogus_-n_TestUser     TLS Require client auth on 2nd hs (bad password)
+  noECC     1       -r_-r_-r_-r  -w_bogus_-n_TestUser     TLS Require client auth on 2nd hs (bad password)
-     0       -r_-r_-r_-r  -w_nss_-n_TestUser_      TLS Require client auth on 2nd hs (client auth)
+  noECC     0       -r_-r_-r_-r  -w_nss_-n_TestUser_      TLS Require client auth on 2nd hs (client auth)
-     0       -r_-r_-r     -T_-w_nss_-n_none        SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
+  noECC     0       -r_-r_-r     -T_-w_nss_-n_none        SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
-     0       -r_-r_-r     -T_-n_TestUser_-w_bogus  SSL3 Request don't require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r     -T_-n_TestUser_-w_bogus  SSL3 Request don't require client auth on 2nd hs (bad password)
-     0       -r_-r_-r     -T_-n_TestUser_-w_nss    SSL3 Request don't require client auth on 2nd hs (client auth)
+  noECC     0       -r_-r_-r     -T_-n_TestUser_-w_nss    SSL3 Request don't require client auth on 2nd hs (client auth)
-     1       -r_-r_-r_-r  -T_-w_nss_-n_none        SSL3 Require client auth on 2nd hs (client does not provide auth)
+  noECC     1       -r_-r_-r_-r  -T_-w_nss_-n_none        SSL3 Require client auth on 2nd hs (client does not provide auth)
-     1       -r_-r_-r_-r  -T_-n_TestUser_-w_bogus  SSL3 Require client auth on 2nd hs (bad password)
+  noECC     1       -r_-r_-r_-r  -T_-n_TestUser_-w_bogus  SSL3 Require client auth on 2nd hs (bad password)
-     0       -r_-r_-r_-r  -T_-n_TestUser_-w_nss    SSL3 Require client auth on 2nd hs (client auth)
+  noECC     0       -r_-r_-r_-r  -T_-n_TestUser_-w_nss    SSL3 Require client auth on 2nd hs (client auth)
 #
 # Use EC cert for client authentication
 #
   ECC      0       -r           -w_bogus_-n_TestUser-ec     TLS Request don't require client auth (EC) (bad password)
   ECC      0       -r           -w_nss_-n_TestUser-ec       TLS Request don't require client auth (EC) (client auth)
   ECC     254      -r_-r        -w_bogus_-n_TestUser-ec     TLS Require client auth (EC) (bad password)
   ECC      0       -r_-r        -w_nss_-n_TestUser-ec_      TLS Require client auth (EC) (client auth)
   ECC      0       -r           -T_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth (EC) (bad password)
   ECC      0       -r           -T_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth (EC) (client auth)
   ECC     254      -r_-r        -T_-n_TestUser-ec_-w_bogus  SSL3 Require client auth (EC) (bad password)
   ECC      0       -r_-r        -T_-n_TestUser-ec_-w_nss    SSL3 Require client auth (EC) (client auth)
   ECC      0       -r_-r_-r     -w_bogus_-n_TestUser-ec     TLS Request don't require client auth on 2nd hs (EC) (bad password)
   ECC      0       -r_-r_-r     -w_nss_-n_TestUser-ec       TLS Request don't require client auth on 2nd hs (EC) (client auth)
   ECC      1       -r_-r_-r_-r  -w_bogus_-n_TestUser-ec     TLS Require client auth on 2nd hs (EC) (bad password)
   ECC      0       -r_-r_-r_-r  -w_nss_-n_TestUser-ec_      TLS Require client auth on 2nd hs (EC) (client auth)
   ECC      0       -r_-r_-r     -T_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
   ECC      0       -r_-r_-r     -T_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
   ECC      1       -r_-r_-r_-r  -T_-n_TestUser-ec_-w_bogus  SSL3 Require client auth on 2nd hs (EC) (bad password)
   ECC      0       -r_-r_-r_-r  -T_-n_TestUser-ec_-w_nss    SSL3 Require client auth on 2nd hs (EC) (client auth)
--- a/security/nss/tests/ssl/sslcov.txt
+++ b/security/nss/tests/ssl/sslcov.txt
@ -4,45 +4,91 @@
 # NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We
 # mix up the enable functions so we can tests boths paths.
 #
-# Enable Cipher Test Name 
+# Enable Enable Cipher Test Name 
-#  TLS
+#  EC     TLS
 #
-  noTLS   A    SSL2 RC4 128 WITH MD5
+  noECC  noTLS   A    SSL2 RC4 128 WITH MD5
-   TLS    B    SSL2 RC4 128 EXPORT40 WITH MD5
+  noECC   TLS    B    SSL2 RC4 128 EXPORT40 WITH MD5
-   TLS    C    SSL2 RC2 128 CBC WITH MD5
+  noECC   TLS    C    SSL2 RC2 128 CBC WITH MD5
-  noTLS   D    SSL2 RC2 128 CBC EXPORT40 WITH MD5
+  noECC  noTLS   D    SSL2 RC2 128 CBC EXPORT40 WITH MD5
-   TLS    E    SSL2 DES 64 CBC WITH MD5
+  noECC   TLS    E    SSL2 DES 64 CBC WITH MD5
-  noTLS   F    SSL2 DES 192 EDE3 CBC WITH MD5
+  noECC  noTLS   F    SSL2 DES 192 EDE3 CBC WITH MD5
 #
-# noTLS   a    SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA
+# noECC  noTLS   a    SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA
-# noTLS   b    SSL3 FORTEZZA DMS WITH RC4 128 SHA
+# noECC  noTLS   b    SSL3 FORTEZZA DMS WITH RC4 128 SHA
-  noTLS   c    SSL3 RSA WITH RC4 128 MD5
+  noECC  noTLS   c    SSL3 RSA WITH RC4 128 MD5
-  noTLS   d    SSL3 RSA WITH 3DES EDE CBC SHA
+  noECC  noTLS   d    SSL3 RSA WITH 3DES EDE CBC SHA
-  noTLS   e    SSL3 RSA WITH DES CBC SHA
+  noECC  noTLS   e    SSL3 RSA WITH DES CBC SHA
-  noTLS   f    SSL3 RSA EXPORT WITH RC4 40 MD5
+  noECC  noTLS   f    SSL3 RSA EXPORT WITH RC4 40 MD5
-  noTLS   g    SSL3 RSA EXPORT WITH RC2 CBC 40 MD5
+  noECC  noTLS   g    SSL3 RSA EXPORT WITH RC2 CBC 40 MD5
-# noTLS   h    SSL3 FORTEZZA DMS WITH NULL SHA
+# noECC  noTLS   h    SSL3 FORTEZZA DMS WITH NULL SHA
-  noTLS   i    SSL3 RSA WITH NULL MD5
+  noECC  noTLS   i    SSL3 RSA WITH NULL MD5
-  noTLS   j    SSL3 RSA FIPS WITH 3DES EDE CBC SHA
+  noECC  noTLS   j    SSL3 RSA FIPS WITH 3DES EDE CBC SHA
-  noTLS   k    SSL3 RSA FIPS WITH DES CBC SHA
+  noECC  noTLS   k    SSL3 RSA FIPS WITH DES CBC SHA
-  noTLS   l    SSL3 RSA EXPORT WITH DES CBC SHA   (new)
+  noECC  noTLS   l    SSL3 RSA EXPORT WITH DES CBC SHA   (new)
-  noTLS   m    SSL3 RSA EXPORT WITH RC4 56 SHA    (new)
+  noECC  noTLS   m    SSL3 RSA EXPORT WITH RC4 56 SHA    (new)
-  noTLS   n    SSL3 RSA WITH RC4 128 SHA
+  noECC  noTLS   n    SSL3 RSA WITH RC4 128 SHA
-  noTLS   v    SSL3 RSA WITH AES 128 CBC SHA
+  noECC  noTLS   v    SSL3 RSA WITH AES 128 CBC SHA
-  noTLS   y    SSL3 RSA WITH AES 256 CBC SHA
+  noECC  noTLS   y    SSL3 RSA WITH AES 256 CBC SHA
-  noTLS   z    SSL3 RSA WITH NULL SHA
+  noECC  noTLS   z    SSL3 RSA WITH NULL SHA
 #
-   TLS    c    TLS RSA WITH RC4 128 MD5
+  noECC   TLS    c    TLS RSA WITH RC4 128 MD5
-   TLS    d    TLS RSA WITH 3DES EDE CBC SHA
+  noECC   TLS    d    TLS RSA WITH 3DES EDE CBC SHA
-   TLS    e    TLS RSA WITH DES CBC SHA
+  noECC   TLS    e    TLS RSA WITH DES CBC SHA
-   TLS    f    TLS RSA EXPORT WITH RC4 40 MD5
+  noECC   TLS    f    TLS RSA EXPORT WITH RC4 40 MD5
-   TLS    g    TLS RSA EXPORT WITH RC2 CBC 40 MD5
+  noECC   TLS    g    TLS RSA EXPORT WITH RC2 CBC 40 MD5
-   TLS    i    TLS RSA WITH NULL MD5
+  noECC   TLS    i    TLS RSA WITH NULL MD5
-   TLS    j    TLS RSA FIPS WITH 3DES EDE CBC SHA
+  noECC   TLS    j    TLS RSA FIPS WITH 3DES EDE CBC SHA
-   TLS    k    TLS RSA FIPS WITH DES CBC SHA
+  noECC   TLS    k    TLS RSA FIPS WITH DES CBC SHA
-   TLS    l    TLS RSA EXPORT WITH DES CBC SHA   (new)
+  noECC   TLS    l    TLS RSA EXPORT WITH DES CBC SHA   (new)
-   TLS    m    TLS RSA EXPORT WITH RC4 56 SHA    (new)
+  noECC   TLS    m    TLS RSA EXPORT WITH RC4 56 SHA    (new)
-   TLS    n    TLS RSA WITH RC4 128 SHA
+  noECC   TLS    n    TLS RSA WITH RC4 128 SHA
-   TLS    v    TLS RSA WITH AES 128 CBC SHA
+  noECC   TLS    v    TLS RSA WITH AES 128 CBC SHA
-   TLS    y    TLS RSA WITH AES 256 CBC SHA
+  noECC   TLS    y    TLS RSA WITH AES 256 CBC SHA
-   TLS    z    TLS RSA WITH NULL SHA
+  noECC   TLS    z    TLS RSA WITH NULL SHA
 #
 # ECC ciphers (SSL3)
 #
   ECC   noTLS  :C001 SSL3 ECDH ECDSA WITH NULL SHA
   ECC   noTLS  :C002 SSL3 ECDH ECDSA WITH RC4 128 SHA
   ECC   noTLS  :C003 SSL3 ECDH ECDSA WITH 3DES EDE CBC SHA
   ECC   noTLS  :C004 SSL3 ECDH ECDSA WITH AES 128 CBC SHA
   ECC   noTLS  :C005 SSL3 ECDH ECDSA WITH AES 256 CBC SHA
   ECC   noTLS  :C006 SSL3 ECDHE ECDSA WITH NULL SHA
   ECC   noTLS  :C007 SSL3 ECDHE ECDSA WITH RC4 128 SHA
   ECC   noTLS  :C008 SSL3 ECDHE ECDSA WITH 3DES EDE CBC SHA
   ECC   noTLS  :C009 SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
   ECC   noTLS  :C00A SSL3 ECDHE ECDSA WITH AES 256 CBC SHA
   ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
   ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
   ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
   ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
   ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
   ECC   noTLS  :C010 SSL3 ECDHE RSA WITH NULL SHA
   ECC   noTLS  :C011 SSL3 ECDHE RSA WITH RC4 128 SHA
   ECC   noTLS  :C012 SSL3 ECDHE RSA WITH 3DES EDE CBC SHA
   ECC   noTLS  :C013 SSL3 ECDHE RSA WITH AES 128 CBC SHA
   ECC   noTLS  :C014 SSL3 ECDHE RSA WITH AES 256 CBC SHA
 #
 # ECC ciphers (TLS)
 #
   ECC    TLS   :C001 TLS ECDH ECDSA WITH NULL SHA
   ECC    TLS   :C002 TLS ECDH ECDSA WITH RC4 128 SHA
   ECC    TLS   :C003 TLS ECDH ECDSA WITH 3DES EDE CBC SHA
   ECC    TLS   :C004 TLS ECDH ECDSA WITH AES 128 CBC SHA
   ECC    TLS   :C005 TLS ECDH ECDSA WITH AES 256 CBC SHA
   ECC    TLS   :C006 TLS ECDHE ECDSA WITH NULL SHA
   ECC    TLS   :C007 TLS ECDHE ECDSA WITH RC4 128 SHA
   ECC    TLS   :C008 TLS ECDHE ECDSA WITH 3DES EDE CBC SHA
   ECC    TLS   :C009 TLS ECDHE ECDSA WITH AES 128 CBC SHA
   ECC    TLS   :C00A TLS ECDHE ECDSA WITH AES 256 CBC SHA
   ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
   ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
   ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
   ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
   ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
   ECC    TLS   :C010 TLS ECDHE RSA WITH NULL SHA
   ECC    TLS   :C011 TLS ECDHE RSA WITH RC4 128 SHA
   ECC    TLS   :C012 TLS ECDHE RSA WITH 3DES EDE CBC SHA
   ECC    TLS   :C013 TLS ECDHE RSA WITH AES 128 CBC SHA
   ECC    TLS   :C014 TLS ECDHE RSA WITH AES 256 CBC SHA
--- a/security/nss/tests/ssl/sslstress.txt
+++ b/security/nss/tests/ssl/sslstress.txt
@ -1,14 +1,29 @@
 #
-# This file defines the tests for client auth.
+# This file defines the stress tests for ssl/tls
 #
 #        expected
-#  return  server     client                         Test Case name
+# Enable  return  server     client                         Test Case name
-#   value  params     params
+#  ECC    value   params     params
-#  ------  ------     ------                         ---------------
+# ------- ------  ------     ------                         ---------------
-     0      _     -c_1000_-C_A             Stress SSL2 RC4 128 with MD5
+  noECC     0      _     -c_1000_-C_A             Stress SSL2 RC4 128 with MD5
-     0      _     -c_1000_-C_c_-T          Stress SSL3 RC4 128 with MD5
+  noECC     0      _     -c_1000_-C_c_-T          Stress SSL3 RC4 128 with MD5
-     0      _     -c_1000_-C_c             Stress TLS  RC4 128 with MD5
+  noECC     0      _     -c_1000_-C_c             Stress TLS  RC4 128 with MD5
 #
 # add client auth versions here...
 #
-#     0       -r  -w_bogus_-n_"Test_User"     TLS Request don't require client auth (bad password)
+# noECC     0      -r    -w_bogus_-n_"Test_User"  TLS Request don't require client auth (bad password)
 #
 ########################## ECC ciphers ##############################
 # Currently, session reuse does not work for ECDH-ECDSA and ECDHE-ECDSA 
 # ciphers (see Bug 238051). Setting up 1000 connections without session
 # reuse would take too long, so use only 10 connections
 #
   ECC      0      -c_:C009  -c_10_-C_:C009_-N_-T Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
   ECC      0      -c_:C013  -c_100_-C_:C013_-T   Stress SSL3 ECDHE-RSA AES 128 CBC with SHA
   ECC      0      -c_:C004  -c_10_-C_:C004_-N    Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
   ECC      0      -c_:C00E  -c_10_-C_:C00E_-N    Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
   ECC      0      -c_:C013  -c_100_-C_:C013      Stress TLS ECDHE-RSA AES 128 CBC with SHA
 #
 # add client auth versions here...
 #
 #  ECC      0      -r        -w_bogus_-n_"Test_User-ec"  TLS Request don't require client auth (bad password)
--- a/security/nss/tests/tools/ectools.sh
+++ b/security/nss/tests/tools/ectools.sh
@ -1,210 +0,0 @@
 #! /bin/sh  
 #
 # ***** BEGIN LICENSE BLOCK *****
 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
 #
 # The contents of this file are subject to the Mozilla Public License Version
 # 1.1 (the "License"); you may not use this file except in compliance with
 # the License. You may obtain a copy of the License at
 # http://www.mozilla.org/MPL/
 #
 # Software distributed under the License is distributed on an "AS IS" basis,
 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 # for the specific language governing rights and limitations under the
 # License.
 #
 # The Original Code is the Netscape security libraries.
 #
 # The Initial Developer of the Original Code is
 # Netscape Communications Corporation.
 # Portions created by the Initial Developer are Copyright (C) 1994-2000
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 # in which case the provisions of the GPL or the LGPL are applicable instead
 # of those above. If you wish to allow use of your version of this file only
 # under the terms of either the GPL or the LGPL, and not to allow others to
 # use your version of this file under the terms of the MPL, indicate your
 # decision by deleting the provisions above and replace them with the notice
 # and other provisions required by the GPL or the LGPL. If you do not delete
 # the provisions above, a recipient may use your version of this file under
 # the terms of any one of the MPL, the GPL or the LGPL.
 #
 # ***** END LICENSE BLOCK *****
 ########################################################################
 #
 # mozilla/security/nss/tests/tools/tools.sh
 #
 # Script to test basic functionallity of NSS tools 
 #
 # needs to work on all Unix and Windows platforms
 #
 # tests implemented:
 #    pk12util
 #    signtool
 #
 # special strings
 # ---------------
 #   FIXME ... known problems, search for this string
 #   NOTE .... unexpected behavior
 ########################################################################
 ############################## tools_init ##############################
 # local shell function to initialize this script 
 ########################################################################
 tools_init()
 {
  SCRIPTNAME=tools.sh      # sourced - $0 would point to all.sh
  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
  fi
  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
      cd ../common
      . ./init.sh
  fi
  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
      cd ../cert
      . ./cert.sh
  fi
  SCRIPTNAME=tools.sh
  html_head "Tools Tests"
  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
      Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
  }
  TOOLSDIR=${HOSTDIR}/tools
  COPYDIR=${TOOLSDIR}/copydir
  R_TOOLSDIR=../tools
  R_COPYDIR=../tools/copydir
  P_R_COPYDIR=${R_COPYDIR}
  if [ -n "${MULTIACCESS_DBM}" ]; then
    P_R_COPYDIR="multiaccess:Tools.$version"
  fi
  mkdir -p ${TOOLSDIR}
  mkdir -p ${COPYDIR}
  mkdir -p ${TOOLSDIR}/html
  cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html
  cd ${TOOLSDIR}
 }
 ############################## tools_p12 ###############################
 # local shell function to test basic functionality of pk12util
 ########################################################################
 tools_p12()
 {
  echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------"
  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
  echo "         -w ${R_PWFILE}"
  pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
           -w ${R_PWFILE} 2>&1 
  ret=$?
  html_msg $ret 0 "Exporting Alice's email cert & key (pk12util -o)"
  check_tmpfile
  echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------"
  echo "pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
  pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
  ret=$?
  html_msg $ret 0 "Importing Alice's email cert & key (pk12util -i)"
  check_tmpfile
  echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
  echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
  echo "         -w ${R_PWFILE}"
  pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
           -w ${R_PWFILE} 2>&1 
  ret=$?
  html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)"
  check_tmpfile
  echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------"
  echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
  pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
  ret=$?
  html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)"
  check_tmpfile
 }
 ############################## tools_sign ##############################
 # local shell function pk12util uses a hardcoded tmp file, if this exists
 # and is owned by another user we don't get reasonable errormessages 
 ########################################################################
 check_tmpfile()
 {
  if [ $ret != "0" -a -f /tmp/Pk12uTemp ] ; then
      echo "Error: pk12util temp file exists. Please remove this file and"
      echo "       rerun the test (/tmp/Pk12uTemp) "
  fi
 }
 ############################## tools_sign ##############################
 # local shell function to test basic functionality of signtool
 ########################################################################
 tools_sign()
 {
  echo "$SCRIPTNAME: Create objsign cert -------------------------------"
  echo "signtool -G \"objectsigner\" -d ${P_R_ALICEDIR} -p \"nss\""
  signtool -G "objsigner" -d ${P_R_ALICEDIR} -p "nss" 2>&1 <<SIGNSCRIPT
 y
 TEST
 MOZ
 NSS
 NY
 US
 liz
 liz@moz.org
 SIGNSCRIPT
  html_msg $? 0 "Create objsign cert (signtool -G)"
  echo "$SCRIPTNAME: Signing a set of files ----------------------------"
  echo "signtool -Z nojs.jar -d ${P_R_ALICEDIR} -p \"nss\" -k objsigner \\"
  echo "         ${R_TOOLSDIR}/html"
  signtool -Z nojs.jar -d ${P_R_ALICEDIR} -p "nss" -k objsigner \
           ${R_TOOLSDIR}/html
  html_msg $? 0 "Signing a set of files (signtool -Z)"
  echo "$SCRIPTNAME: Listing signed files in jar ----------------------"
  echo "signtool -v nojs.jar -d ${P_R_ALICEDIR} -p nss -k objsigner"
  signtool -v nojs.jar -d ${P_R_ALICEDIR} -p nss -k objsigner
  html_msg $? 0 "Listing signed files in jar (signtool -v)"
  echo "$SCRIPTNAME: Show who signed jar ------------------------------"
  echo "signtool -w nojs.jar -d ${P_R_ALICEDIR}"
  signtool -w nojs.jar -d ${P_R_ALICEDIR}
  html_msg $? 0 "Show who signed jar (signtool -w)"
 }
 ############################## tools_cleanup ###########################
 # local shell function to finish this script (no exit since it might be 
 # sourced)
 ########################################################################
 tools_cleanup()
 {
  html "</TABLE><BR>"
  cd ${QADIR}
  . common/cleanup.sh
 }
 ################## main #################################################
 tools_init
 tools_p12
 tools_sign
 tools_cleanup
--- a/security/nss/tests/tools/tools.sh
+++ b/security/nss/tests/tools/tools.sh
@ -21,6 +21,7 @@
 # the Initial Developer. All Rights Reserved.
 #
 # Contributor(s):
 #   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -74,7 +75,12 @@ tools_init()
      . ./cert.sh
  fi
  SCRIPTNAME=tools.sh
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      html_head "Tools Tests with ECC"
  else
      html_head "Tools Tests"
  fi
  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
      Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
@ -125,6 +131,32 @@ tools_p12()
  ret=$?
  html_msg $ret 0 "Listing Alice's pk12 file (pk12util -l)"
  check_tmpfile
  if [ -n "$NSS_ENABLE_ECC" ] ; then
      echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
      echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
      echo "         -w ${R_PWFILE}"
      pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
           -w ${R_PWFILE} 2>&1 
      ret=$?
      html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)"
      check_tmpfile
      echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------"
      echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
      pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
      ret=$?
      html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)"
      check_tmpfile
      echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------"
      echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}"
      pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1
      ret=$?
      html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)"
      check_tmpfile
  fi
 }
 ############################## tools_sign ##############################