Add a mini-framework to allow us to test NSS releases without using tet.

security/nss/tests/all.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# Run all our tests
+#
+CURDIR=`pwd`
+TESTS="ssl"
+cd common
+. init.sh
+export MOZILLA_ROOT
+export COMMON
+export DIST
+export SECURITY_ROOT
+export TESTDIR
+export OBJDIR
+export HOSTDIR
+
+LOGFILE=${HOSTDIR}/output.log
+export LOGFILE
+touch ${LOGFILE}
+tail -f ${LOGFILE}  &
+TAILPID=$!
+trap "kill ${TAILPID}; exit" 2 
+for i in ${TESTS}
+do
+	echo "Running Tests for $i"
+#
+# All tells the test suite to run through all their tests.
+# file tells the test suite that the output is going to a log, so any
+#  forked() children need to redirect their output to prevent them from
+#  being over written.
+
+	(cd ${CURDIR}/$i ; ./${i}.sh all file >> ${LOGFILE} 2>&1)
+#	cd ${CURDIR}/$i ; ./${i}.sh 
+done
+kill ${TAILPID}

security/nss/tests/common/arch.sh

@@ -0,0 +1,296 @@
+#!/bin/sh
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# Master "Core Components" macros for getting the OS architecture     #
+#######################################################################
+
+#
+# Macros for getting the OS architecture
+#
+if [ -s "${USE_64}" ]; then
+	A64BIT_TAG=_64
+else
+	A64BIT_TAG=
+fi
+
+#OS_ARCH := $(subst /,_,$(shell uname -s))
+OS_ARCH=`uname -s | sed -e 's;/;_;'`
+
+#
+# Attempt to differentiate between sparc and x86 Solaris
+#
+
+#OS_TEST := $(shell uname -m)
+OS_TEST=`uname -m`
+if [ ${OS_TEST} = "i86pc" ]; then
+	OS_RELEASE=`uname -r`"_"${OS_TEST}
+else
+	OS_RELEASE=`uname -r`
+fi
+
+#
+# Force the IRIX64 machines to use IRIX.
+#
+if [ ${OS_ARCH} = "IRIX64" ]; then
+	OS_ARCH="IRIX"
+fi
+
+#
+# Force the newer BSDI versions to use the old arch name.
+#
+
+if [ ${OS_ARCH} = "BSD_OS" ]; then
+	OS_ARCH=BSD_386
+fi
+
+#
+# Catch Deterim if SVR4 is NCR or UNIXWARE
+#
+
+if  [ ${OS_ARCH} = "UNIX_SV" ]; then
+	if grep NCR /etc/bcheckrc ; then
+		OS_ARCH=NCR
+	else
+		# Make UnixWare something human readable
+		OS_ARCH=UNIXWARE
+	fi
+
+	# Get the OS release number, not 4.2
+	OS_RELEASE=`uname -v`
+fi
+
+if [ ${OS_ARCH} = "UNIX_System_V" ]; then
+	OS_ARCH=NEC
+fi
+
+if [ ${OS_ARCH} = "AIX" ]; then
+	OS_MAJOR=`uname -v`
+	OS_MINOR=`uname -r`
+	OS_RELEASE=${OS_MAJOR}.${OS_MINOR}
+fi
+
+#
+# Distinguish between OSF1 V4.0B and V4.0D
+#
+
+if  [ ${OS_ARCH}${OS_RELEASE} = "OSF1V4.0" ]; then
+	OS_VERSION=`uname -v`
+	if [ ${OS_VERSION} = "564" ]; then
+		OS_RELEASE=V4.0B
+	fi
+	if [ ${OS_VERSION} = "878" ]; then
+		OS_RELEASE=V4.0D
+	fi
+fi
+
+#
+# SINIX changes name to ReliantUNIX with 5.43
+#
+
+if  [ ${OS_ARCH} = "ReliantUNIX-N" ]; then
+	OS_ARCH=ReliantUNIX
+	OS_RELEASE=5.4
+fi
+
+if [ ${OS_ARCH} = "SINIX-N" ]; then
+	OS_ARCH=ReliantUNIX
+	OS_RELEASE=5.4
+fi
+
+#
+# Handle FreeBSD 2.2-STABLE and Linux 2.0.30-osfmach3
+#
+
+#if [(,$(filter-out Linux FreeBSD,${OS_ARCH}))
+#OS_RELEASE	:= $(shell echo $(OS_RELEASE) | sed 's/-.*//')
+#endif
+
+if  [ ${OS_ARCH} = "Linux" ]; then
+	OS_RELEASE=`basename ${OS_RELEASE}`
+fi
+
+#######################################################################
+# Master "Core Components" macros for getting the OS target           #
+#######################################################################
+
+#
+# Note: OS_TARGET should be specified on the command line for gmake.
+# When OS_TARGET=WIN95 is specified, then a Windows 95 target is built.
+# The difference between the Win95 target and the WinNT target is that
+# the WinNT target uses Windows NT specific features not available
+# in Windows 95. The Win95 target will run on Windows NT, but (supposedly)
+# at lesser performance (the Win95 target uses threads; the WinNT target
+# uses fibers).
+#
+# When OS_TARGET=WIN16 is specified, then a Windows 3.11 (16bit) target
+# is built. See: win16_3.11.mk for lots more about the Win16 target.
+#
+# If OS_TARGET is not specified, it defaults to ${OS_ARCH}, i.e., no
+# cross-compilation.
+#
+
+#
+# The following hack allows one to build on a WIN95 machine (as if
+# s/he were cross-compiling on a WINNT host for a WIN95 target).
+# It also accomodates for MKS's uname.exe.  If you never intend
+# to do development on a WIN95 machine, you don't need this. It doesn't
+# work any more anyway.
+#
+if [ ${OS_ARCH} = "WIN95" ]; then
+	OS_ARCH=WINNT
+	OS_TARGET=WIN95
+fi
+if [ ${OS_ARCH} = "Windows_95" ]; then
+	OS_ARCH=Windows_NT
+	OS_TARGET=WIN95
+fi
+
+#
+# On WIN32, we also define the variable CPU_ARCH.
+#
+
+if  [ ${OS_ARCH} = "WINNT" ]; then
+	CPU_ARCH=`uname -p`
+	if [ ${CPU_ARCH} = "I386" ]; then
+		CPU_ARCH=x386
+	fi
+else
+#
+# If uname -s returns "Windows_NT", we assume that we are using
+# the uname.exe in MKS toolkit.
+#
+# The -r option of MKS uname only returns the major version number.
+# So we need to use its -v option to get the minor version number.
+# Moreover, it doesn't have the -p option, so we need to use uname -m.
+#
+if  [ ${OS_ARCH}  = "Windows_NT" ]; then
+	OS_ARCH=WINNT
+	OS_MINOR_RELEASE=`uname -v`
+	if [ ${OS_MINOR_RELEASE} = "00" ]; then
+		OS_MINOR_RELEASE=0
+	fi
+	OS_RELEASE=${OS_RELEASE}.${OS_MINOR_RELEASE}
+	CPU_ARCH=`uname -m`
+	#
+	# MKS's uname -m returns "586" on a Pentium machine.
+	#
+	#ifneq (,$(findstring 86,$(CPU_ARCH)))
+	if (echo $CPU_ARCH | grep 86) ; then
+		CPU_ARCH=x386
+	fi
+fi
+fi
+
+OS_TARGET=${OS_TARGET-${OS_ARCH}}
+
+if [ ${OS_TARGET} = "WIN95" ]; then
+	OS_RELEASE=4.0
+fi
+
+if [ ${OS_TARGET} = "WIN16" ]; then
+	OS_RELEASE=
+#	OS_RELEASE = _3.11
+fi
+
+#
+# This variable is used to get OS_CONFIG.mk.
+#
+
+OS_CONFIG=${OS_TARGET}${OS_RELEASE}
+
+#
+# OBJDIR_TAG depends on the predefined variable BUILD_OPT,
+# to distinguish between debug and release builds.
+#
+
+if [ -s "${BUILD_OPT}" ]; then
+	if [ ${OS_TARGET} = "WIN16" ]; then
+		OBJDIR_TAG=_O
+	else
+		OBJDIR_TAG=${A64BIT_TAG}_OPT
+	fi
+else
+	if [ -s "${BUILD_IDG}" ]; then
+		if [ ${OS_TARGET} = "WIN16" ]; then
+			OBJDIR_TAG=_I
+		else
+			OBJDIR_TAG=${A64BIT_TAG}_IDG
+		fi
+	else
+		if [ ${OS_TARGET} = WIN16 ]; then
+			OBJDIR_TAG=_D
+		else
+			OBJDIR_TAG=${A64BIT_TAG}_DBG
+		fi
+	fi
+fi
+
+#
+# The following flags are defined in the individual $(OS_CONFIG).mk
+# files.
+#
+# CPU_TAG is defined if the CPU is not the most common CPU.
+# COMPILER_TAG is defined if the compiler is not the native compiler.
+# IMPL_STRATEGY may be defined too.
+#
+
+# Name of the binary code directories
+#ifeq (${OS_ARCH}, WINNT)
+#	ifeq ($(CPU_ARCH),x386)
+##		OBJDIR_NAME=$(OS_CONFIG)$(OBJDIR_TAG).OBJ
+#	else
+#		OBJDIR_NAME=$(OS_CONFIG)$(CPU_ARCH)$(OBJDIR_TAG).OBJ
+#	endif
+#else
+#endif
+
+OBJDIR_NAME=${OS_CONFIG}${CPU_TAG}${COMPILER_TAG}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}'.OBJ'
+
+#export OS_CONFIG OS_ARCH OBJDIR_NAME OS_RELEASE OBJDIR_TAG
+
+if [ ${OS_ARCH} = "WINNT" ]; then
+if [  ${OS_TARGET} != "WIN16" ]; then
+if [ ! -s "${BUILD_OPT}" ]; then
+#
+# Define USE_DEBUG_RTL if you want to use the debug runtime library
+# (RTL) in the debug build
+#
+if [ -s "${USE_DEBUG_RTL}" ]; then
+	OBJDIR_NAME=${OS_CONFIG}${CPU_TAG}${COMPILER_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}.OBJD
+fi
+fi
+fi
+fi
+
+echo ${OBJDIR_NAME}

security/nss/tests/common/init.sh

@@ -0,0 +1,59 @@
+#! /bin/sh
+#
+#  Initialize a bunch of variables that may tests would be interested in
+#
+#
+mozilla_root=`(cd ../../../..; pwd)`
+common=`(cd ../common; pwd)`
+MOZILLA_ROOT=${SECURITY_ROOT-$mozilla_root}
+COMMON=${TEST_COMMON-$common}
+DIST=${DIST-${MOZILLA_ROOT}/dist}
+SECURITY_ROOT=${DIST-${MOZILLA_ROOT}/security/nss}
+TESTDIR=${TESTDIR-${MOZILLA_ROOT}/tests_results/security}
+. ../common/arch.sh
+OBJDIR=${OBJDIR_NAME}
+PATH=${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:$PATH
+export PATH
+LD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib
+export LD_LIBRARY_PATH
+echo "Creating ${TESTDIR}"
+if [ ! -d ${TESTDIR} ]; then
+   mkdir -p ${TESTDIR}
+fi
+
+if [ ! -s "${HOSTDIR}" ]; then
+    version=1
+    if [ -f ${TESTDIR}/${HOST} ]; then
+	version=`cat ${TESTDIR}/${HOST}`
+    fi
+    expr $version + 1 > ${TESTDIR}/${HOST}
+
+    HOSTDIR=${TESTDIR}/${HOST}'.'$version
+fi
+
+if [ ! -d ${HOSTDIR} ]; then
+   mkdir -p ${HOSTDIR}
+fi
+
+RESULTS=${HOSTDIR}/results.html
+if [ ! -f "${RESULTS}" ]; then
+
+	cp ${COMMON}/results_header.html ${RESULTS}
+	echo "<H4>Platform: ${OBJDIR}<BR>" >> ${RESULTS}
+	echo "Test Run: ${HOST}.$version</H4>" >> ${RESULTS}
+	echo "<HR><BR>" >> ${RESULTS}
+fi
+
+echo "********************************************"
+echo "   Platform: ${OBJDIR}"
+echo "   Results: ${HOST}.$version"
+echo "********************************************"
+
+KILL="kill"
+if  [ ${OS_ARCH} = "Linux" ]; then
+        KILL="kill -kill"
+fi
+
+export  KILL
+
+

security/nss/tests/common/results_header.html

@@ -0,0 +1,6 @@
+<HTML>
+<HEAD>
+<TITLE>Test Report for NSS</TITLE>
+</HEAD>
+<BODY BGCOLOR="#FFFFFF">
+<CENTER><H3>Test Report for NSS</H3></CENTER>

security/nss/tests/ssl/ssl.sh

@@ -0,0 +1,263 @@
+#! /bin/ksh  
+#
+# This is just a quick script so we can still run our testcases.
+# Longer term we need a scriptable test environment..
+#
+. ../common/init.sh
+CURDIR=`pwd`
+PORT=${PORT-8443}
+
+# Test case files
+SSLCOV=${CURDIR}/sslcov.txt
+SSLAUTH=${CURDIR}/sslauth.txt
+SSLSTRESS=${CURDIR}/sslstress.txt
+REQUEST_FILE=${CURDIR}/sslreq.txt
+
+#temparary files
+PWFILE=/tmp/tests.pw.$$
+CERTSCRIPT=/tmp/tests.certs.$$
+NOISE_FILE=/tmp/tests.noise.$$
+SERVEROUTFILE=/tmp/tests.server.$$
+
+TEMPFILES="${PWFILE} ${CERTSCRIPT} ${SERVEROUTFILE} ${NOISE_FILE}"
+
+none=1
+coverage=0
+auth=0
+stress=0
+fileout=0
+
+for i in $*
+do
+    case $i in
+    [aA][lL]*)
+	none=0; coverage=1; auth=1; stress=1;;
+    [aA][uU]*)
+	none=0; auth=1;;
+    [Cc]*)
+	none=0; coverage=1;;
+    [Ss]*)
+	none=0; stress=1;;
+     f)
+	fileout=1;
+     esac
+done
+
+if [ $none -eq 1 ]; then
+    coverage=1
+    auth=1
+    stress=1
+fi
+    
+
+#
+# should also try to kill any running server
+#
+trap "rm -f ${TEMPFILES};  exit"  2 3
+
+
+# Generate noise for our CA cert.
+#
+# NOTE: these keys are only suitable for testing, as this whole thing bypasses
+# the entropy gathering. Don't use this method to generate keys and certs for
+# product use or deployment.
+#
+ps -efl > ${NOISE_FILE} 2>&1
+ps aux >> ${NOISE_FILE} 2>&1
+netstat >> ${NOISE_FILE} 2>&1
+date >> ${NOISE_FILE} 2>&1
+
+#
+# build the TEMP CA used for testing purposes
+# 
+echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS}
+echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
+CADIR=${HOSTDIR}/CA
+echo "********************** Creating a CA Certificate **********************"
+if [ ! -d ${CADIR} ]; then
+   mkdir -p ${CADIR}
+fi
+cd ${CADIR}
+echo nss > ${PWFILE}
+echo "   certutil -N -d . -f ${PWFILE}"
+certutil -N -d . -f ${PWFILE}
+
+echo 5 > ${CERTSCRIPT}
+echo 9 >> ${CERTSCRIPT}
+echo n >> ${CERTSCRIPT}
+echo y >> ${CERTSCRIPT}
+echo 3 >> ${CERTSCRIPT}
+echo n >> ${CERTSCRIPT}
+echo 5 >> ${CERTSCRIPT}
+echo 6 >> ${CERTSCRIPT}
+echo 7 >> ${CERTSCRIPT}
+echo 9 >> ${CERTSCRIPT}
+echo n >> ${CERTSCRIPT}
+echo    "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE}"
+certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT}
+
+if [ $? -ne 0 ]; then
+    echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
+else
+    echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
+fi
+
+echo "**************** Creating Client CA Issued Certificate ****************"
+netstat >> ${NOISE_FILE} 2>&1
+date >> ${NOISE_FILE} 2>&1
+CLIENTDIR=${HOSTDIR}/client
+if [ ! -d ${CLIENTDIR} ]; then
+   mkdir -p ${CLIENTDIR}
+fi
+cd ${CLIENTDIR}
+cp ${CADIR}/*.db .
+echo  "certutil -S -n \"TestUser\" -s \"CN=Test User, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -t \"u,u,u\" -c "TestCA" -m 3 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}"
+certutil -S -n "TestUser" -s "CN=Test User, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "u,u,u" -c "TestCA" -m 3 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}
+if [ $? -ne 0 ]; then
+    echo "<TR><TD>Creating client Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
+else
+    echo "<TR><TD>Creating client Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
+fi
+
+echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****"
+netstat >> ${NOISE_FILE} 2>&1
+date >> ${NOISE_FILE} 2>&1
+SERVERDIR=${HOSTDIR}/server
+if [ ! -d ${SERVERDIR} ]; then
+   mkdir -p ${SERVERDIR}
+fi
+cd ${SERVERDIR}
+cp ../CA/*.db .
+echo "certutil -S -n \"${HOST}.${DOMSUF}\" -s \"CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -t \"Pu,Pu,Pu\" -c "TestCA" -v 60  -d . -f ${PWFILE} -z ${NOISE_FILE}"
+certutil -S -n "${HOST}.${DOMSUF}" -s "CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" -t "Pu,Pu,Pu" -c "TestCA" -m 1 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}
+if [ $? -ne 0 ]; then
+    echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
+else
+    echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
+fi
+echo "</TABLE><BR>" >> ${RESULTS}
+
+rm -f ${TEMPFILES}
+
+
+# OK now lets run the tests....
+if [ $coverage -eq 1 ]; then
+echo "********************* SSL Cipher Coverage  ****************************"
+echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Cipher Coverage</TH></TR>" >> ${RESULTS}
+echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
+cd ${CLIENTDIR}
+ cat ${SSLCOV} | while read tls param testname
+do
+    if [ $tls != "#" ]; then
+	echo "********************* $testname ****************************"
+	TLS_FLAG=-T
+	if [ $tls = "TLS" ]; then
+	    TLS_FLAG=""
+	fi
+	sparam=""
+	if [ ${param} = "i" ]; then
+		sparam='-c i'
+	fi
+	if [ ${fileout} -eq 1 ]; then
+	    selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 &
+	else
+	    selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &
+	fi
+	SERVERPID=$!
+	sleep 10
+
+	tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f -d . < ${REQUEST_FILE}
+	if [ $? -ne 0 ]; then
+	    echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
+	else
+	    echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
+	fi
+	${KILL} ${SERVERPID}
+	wait ${SERVERPID}
+	if [ ${fileout} -eq 1 ]; then
+	   cat ${SERVEROUTFILE}
+	fi
+    fi
+done 
+
+echo "</TABLE><BR>" >> ${RESULTS}
+fi
+
+if [ $auth -eq 1 ]; then
+echo "********************* SSL Client Auth  ****************************"
+cd ${CLIENTDIR}
+echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Client Authentication</TH></TR>" >> ${RESULTS}
+echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
+
+cat ${SSLAUTH} | while read value sparam cparam testname
+do
+    if [ $value != "#" ]; then
+	echo "***** $testname ****"
+	sparam=`echo $sparam | sed -e 's;_; ;g'`
+	cparam=`echo $cparam | sed -e 's;_; ;g'`
+	echo "selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &"
+	if [ ${fileout} -eq 1 ]; then
+	    selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 &
+	else
+	    selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &
+	fi
+	SERVERPID=$!
+	sleep 10
+	pwd
+	echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam}"
+	tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam} < ${REQUEST_FILE}
+	if [ $? -ne $value ]; then
+	    echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
+	else
+	    echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
+	fi
+	${KILL} ${SERVERPID}
+	wait ${SERVERPID}
+	if [ ${fileout} -eq 1 ]; then
+	   cat ${SERVEROUTFILE}
+	fi
+     fi
+done 
+
+echo "</TABLE><BR>" >> ${RESULTS}
+fi
+
+
+if [ $stress -eq 1 ]; then
+echo "********************* Stress Test  ****************************"
+cd ${CLIENTDIR}
+echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Stress Test</TH></TR>" >> ${RESULTS}
+echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
+
+cat ${SSLSTRESS} | while read value sparam cparam testname
+do
+    if [ $value != "#" ]; then
+	echo "********************* $testname ****************************"
+	sparam=`echo $sparam | sed -e 's;_; ;g'`
+	cparam=`echo $cparam | sed -e 's;_; ;g'`
+	if [ ${fileout} -eq 1 ]; then
+	    selfserv -p ${PORT} -d ${SERVERDIR}  -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 &
+	else
+	    selfserv -p ${PORT} -d ${SERVERDIR}  -n ${HOST}.${DOMSUF} -w nss ${sparam} &
+	fi
+	SERVERPID=$!
+	sleep 10
+
+	strsclnt -p ${PORT} ${HOST} -d . -w nss $cparam 
+	if [ $? -ne $value ]; then
+	    echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
+	else
+	    echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
+	fi
+	${KILL} ${SERVERPID}
+	wait ${SERVERPID}
+	if [ ${fileout} -eq 1 ]; then
+	   cat ${SERVEROUTFILE}
+	fi
+     fi
+done 
+
+echo "</TABLE><BR>" >> ${RESULTS}
+fi
+
+rm -f ${TEMPFILES}

security/nss/tests/ssl/sslauth.txt

@@ -0,0 +1,21 @@
+#
+# This file defines the tests for client auth.
+#
+# expected
+#  return  server     client                         Test Case name
+#   value  params     params
+#  ------  ------     ------                         ---------------
+     0       -r       -w_nss                 TLS Request don't require client auth (client does not provide auth)
+     0       -r  -n_TestUser_-w_bogus     TLS Request don't require client auth (bad password)
+     0       -r   -n_TestUser_-w_nss      TLS Request don't require client auth (client auth)
+     0     -r_-r       -w_nss                TLS Require client auth (client does not provide auth)
+# this one should fail
+    254    -r_-r -n_TestUser_-w_bogus     TLS Require client auth (bad password)
+     0     -r_-r  -n_TestUser_-w_nss      TLS Require client auth (client auth)
+     0       -r       -T_-w_nss             SSL3 Request don't require client auth (client does not provide auth)
+     0       -r  -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
+     0       -r   -T_-n_TestUser_-w_nss  SSL3 Request don't require client auth (client auth)
+     0     -r_-r       -T_-w_nss            SSL3 Require client auth (client does not provide auth)
+# this one should fail
+    254    -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
+     0     -r_-r  -T_-n_TestUser_-w_nss  SSL3 Require client auth (client auth)

security/nss/tests/ssl/sslcov.txt

@@ -0,0 +1,37 @@
+#
+# This file enables test coverage of the various SSL ciphers
+#
+# NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We
+# mix up the enable functions so we can tests boths paths.
+#
+# Enable Cipher Test Name 
+#  TLS
+#
+  noTLS   A    SSL2 RC4 128 WITH MD5
+   TLS    B    SSL2 RC4 128 EXPORT40 WITH MD5
+   TLS    C    SSL2 RC2 128 CBC WITH MD5
+  noTLS   D    SSL2 RC2 128 CBC EXPORT40 WITH MD5
+   TLS    E    SSL2 DES 64 CBC WITH MD5
+  noTLS   F    SSL2 DES 192 EDE3 CBC WITH MD5
+  noTLS   c    SSL3 RSA WITH RC4 128 MD5
+  noTLS   d    SSL3 RSA WITH 3DES EDE CBC SHA
+  noTLS   e    SSL3 RSA WITH DES CBC SHA
+  noTLS   f    SSL3 RSA EXPORT WITH RC4 40 MD5
+  noTLS   g    SSL3 RSA EXPORT WITH RC2 CBC 40 MD5
+  noTLS   j    SSL3 RSA FIPS WITH 3DES EDE CBC SHA
+  noTLS   k    SSL3 RSA FIPS WITH DES CBC SHA
+  noTLS   l    SSL3 RSA EXPORT WITH DES CBC SHA   (new)
+  noTLS   m    SSL3 RSA EXPORT WITH RC4 56 SHA    (new)
+   TLS    c    TLS RSA WITH RC4 128 MD5
+   TLS    d    TLS RSA WITH 3DES EDE CBC SHA
+   TLS    e    TLS RSA WITH DES CBC SHA
+   TLS    f    TLS RSA EXPORT WITH RC4 40 MD5
+   TLS    g    TLS RSA EXPORT WITH RC2 CBC 40 MD5
+   TLS    j    TLS RSA FIPS WITH 3DES EDE CBC SHA
+   TLS    k    TLS RSA FIPS WITH DES CBC SHA
+   TLS    l    TLS RSA EXPORT WITH DES CBC SHA   (new)
+   TLS    m    TLS RSA EXPORT WITH RC4 56 SHA    (new)
+# The NULL ciphers have to be last because we need to restart selfserve
+# (NULL is not enabled by default)
+   TLS    i    TLS RSA WITH NULL MD5
+  noTLS   i    SSL3 RSA WITH NULL MD5

security/nss/tests/ssl/sslreq.txt

@@ -0,0 +1,3 @@
+GET / HTTP/1.0
+
+

security/nss/tests/ssl/sslstress.txt

@@ -0,0 +1,14 @@
+#
+# This file defines the tests for client auth.
+#
+# expected
+#  return  server     client                         Test Case name
+#   value  params     params
+#  ------  ------     ------                         ---------------
+     0      _     -c_1000_-C_A             Stress SSL2 RC4 128 with MD5
+     0      _     -c_1000_-C_A             Stress SSL3 RC4 128 with MD5
+#     0      _     -c_1000_-C_c               Stress TLS RC4 128 with MD5
+#
+# add client auth versions here...
+#
+#     0       -r  -n_"Test_User"_-w_bogus     TLS Request don't require client auth (bad password)