Fix for bug 332222 . Allow ssl.sh to support mixed ECC/RSA certs. Patch created by Slavomir Katuscak. r=nelson, rrelyea

2006-08-23 23:32:01 +00:00 · 2006-08-23 23:32:01 +00:00 · f333b2e5a9
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@ -205,6 +205,9 @@ start_selfserv()
  else
      ECC_OPTIONS=""
  fi
+  if [ "$1" = "mixed" ]; then
+      ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
+  fi
  echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
  echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
  echo "selfserv started at `date`"
@ -245,6 +248,8 @@ ssl_cov()
  else
      sparam="$CSHORT"
  fi
+
+  mixed=0
  start_selfserv # Launch the server
               
  p=""
@ -264,7 +269,34 @@ ssl_cov()
              TLS_FLAG=""
          fi

-          is_selfserv_alive
+# These five tests need an EC cert signed with RSA
+# This requires a different certificate loaded in selfserv
+# due to a (current) NSS limitation of only loaded one cert
+# per type so the default selfserv setup will not work.
+#:C00B TLS ECDH RSA WITH NULL SHA
+#:C00C TLS ECDH RSA WITH RC4 128 SHA
+#:C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
+#:C00E TLS ECDH RSA WITH AES 128 CBC SHA
+#:C00F TLS ECDH RSA WITH AES 256 CBC SHA
+
+          if [ $mixed -eq 0 ]; then
+            if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
+              kill_selfserv
+              start_selfserv mixed
+              mixed=1
+            else
+              is_selfserv_alive
+            fi
+          else 
+            if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
+              is_selfserv_alive
+            else
+              kill_selfserv
+              start_selfserv
+              mixed=0
+            fi
+          fi
+
          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
          echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"

@ -339,7 +371,15 @@ ssl_stress()
          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
      elif [ "$ectype" != "#" ]; then
          cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
-          start_selfserv
+
+# This test needs the mixed cert 
+# Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
+          if [ "${sparam}" = "-c_:C00E" ]; then
+              start_selfserv mixed
+          else
+              start_selfserv
+          fi
+
          if [ "`uname -n`" = "sjsu" ] ; then
              echo "debugging disapering selfserv... ps -ef | grep selfserv"
              ps -ef | grep selfserv
--- a/security/nss/tests/ssl/sslcov.txt
+++ b/security/nss/tests/ssl/sslcov.txt
@ -59,11 +59,11 @@
   ECC   noTLS  :C008 SSL3 ECDHE ECDSA WITH 3DES EDE CBC SHA
   ECC   noTLS  :C009 SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
   ECC   noTLS  :C00A SSL3 ECDHE ECDSA WITH AES 256 CBC SHA
-#  ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
-#  ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
-#  ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
-#  ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
-#  ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
+   ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
+   ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
+   ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
+   ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
+   ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
   ECC   noTLS  :C010 SSL3 ECDHE RSA WITH NULL SHA
   ECC   noTLS  :C011 SSL3 ECDHE RSA WITH RC4 128 SHA
   ECC   noTLS  :C012 SSL3 ECDHE RSA WITH 3DES EDE CBC SHA
@ -82,11 +82,11 @@
   ECC    TLS   :C008 TLS ECDHE ECDSA WITH 3DES EDE CBC SHA
   ECC    TLS   :C009 TLS ECDHE ECDSA WITH AES 128 CBC SHA
   ECC    TLS   :C00A TLS ECDHE ECDSA WITH AES 256 CBC SHA
-#  ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
-#  ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
-#  ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
-#  ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
-#  ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
+   ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
+   ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
+   ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
+   ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
+   ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
   ECC    TLS   :C010 TLS ECDHE RSA WITH NULL SHA
   ECC    TLS   :C011 TLS ECDHE RSA WITH RC4 128 SHA
   ECC    TLS   :C012 TLS ECDHE RSA WITH 3DES EDE CBC SHA
--- a/security/nss/tests/ssl/sslstress.txt
+++ b/security/nss/tests/ssl/sslstress.txt
@ -22,10 +22,7 @@
   ECC      0      -c_:C009  -c_100_-C_:C009_-N_-T  Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
   ECC      0      -c_:C013  -c_1000_-C_:C013_-T    Stress SSL3 ECDHE-RSA   AES 128 CBC with SHA
   ECC      0      -c_:C004  -2_-c_100_-C_:C004_-N  Stress TLS  ECDH-ECDSA  AES 128 CBC with SHA (no reuse)
-#
-#  following line commented to woraround bug 332222
-#
-#  ECC      0      -c_:C00E  -2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
+   ECC      0      -c_:C00E  -2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
   ECC      0      -c_:C013  -2_-c_1000_-C_:C013    Stress TLS  ECDHE-RSA   AES 128 CBC with SHA
 #
 # add client auth versions here...
@ -33,8 +30,5 @@
   ECC      0      -r_-r_-c_:C009  -c_10_-C_:C009_-N_-T_-n_TestUser-ec Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse, client auth)
   ECC      0      -r_-r_-c_:C013  -c_100_-C_:C013_-T_-n_TestUser-ec Stress SSL3 ECDHE-RSA AES 128 CBC with SHA (client auth)
   ECC      0      -r_-r_-c_:C004  -c_10_-C_:C004_-N_-n_TestUser-ec Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse, client auth)
-#
-#  following line commented to woraround bug 332222
-#
-#   ECC      0      -r_-r_-c_:C00E  -c_10_-C_:C00E_-N_-n_TestUser-ec Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
+   ECC      0      -r_-r_-c_:C00E  -c_10_-C_:C00E_-N_-n_TestUser-ec Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
   ECC      0      -r_-r_-c_:C013  -c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth)