summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/iopr/ssl_iopr.sh
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /security/nss/tests/iopr/ssl_iopr.sh
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/tests/iopr/ssl_iopr.sh')
-rw-r--r--security/nss/tests/iopr/ssl_iopr.sh643
1 files changed, 643 insertions, 0 deletions
diff --git a/security/nss/tests/iopr/ssl_iopr.sh b/security/nss/tests/iopr/ssl_iopr.sh
new file mode 100644
index 0000000000..0f9742662d
--- /dev/null
+++ b/security/nss/tests/iopr/ssl_iopr.sh
@@ -0,0 +1,643 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/iopr/ssl_iopr.sh
+#
+# NSS SSL interoperability QA. This file is included from ssl.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+# FIXME ... known problems, search for this string
+# NOTE .... unexpected behavior
+########################################################################
+IOPR_SSL_SOURCED=1
+
+########################################################################
+# The functions works with variables defined in interoperability
+# configuration file that was downloaded from a webserver.
+# It tries to find unrevoked cert based on value of variable
+# "SslClntValidCertName" defined in the configuration file.
+# Params NONE.
+# Returns 0 if found, 1 otherwise.
+#
+setValidCert() {
+ testUser=$SslClntValidCertName
+ [ -z "$testUser" ] && return 1
+ return 0
+}
+
+########################################################################
+# The funtions works with variables defined in interoperability
+# configuration file that was downloaded from a webserver.
+# The function sets port, url, param and description test parameters
+# that was defind for a particular type of testing.
+# Params:
+# $1 - supported types of testing. Currently have maximum
+# of two: forward and reverse. But more can be defined.
+# No return value
+#
+setTestParam() {
+ type=$1
+ sslPort=`eval 'echo $'${type}Port`
+ sslUrl=`eval 'echo $'${type}Url`
+ testParam=`eval 'echo $'${type}Param`
+ testDescription=`eval 'echo $'${type}Descr`
+ [ -z "$sslPort" ] && sslPort=443
+ [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
+ [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
+}
+
+
+#######################################################################
+# local shell function to perform SSL Cipher Suite Coverage tests
+# in interoperability mode. Tests run against web server by using nss
+# test client
+# Params:
+# $1 - supported type of testing.
+# $2 - testing host
+# $3 - nss db location
+# No return value
+#
+ssl_iopr_cov_ext_server()
+{
+ testType=$1
+ host=$2
+ dbDir=$3
+
+ setTestParam $testType
+ if [ "`echo $testParam | grep NOCOV`" != "" ]; then
+ echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
+ "run by server configuration"
+ return 0
+ fi
+
+ html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
+ "$BYPASS_STRING $NORM_EXT): $testDescription"
+
+ setValidCert; ret=$?
+ if [ $ret -ne 0 ]; then
+ html_failed "Fail to find valid test cert(ws: $host)"
+ return $ret
+ fi
+
+ SSL_REQ_FILE=${TMP}/sslreq.dat.$$
+ echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
+ echo >> $SSL_REQ_FILE
+
+ while read ecc tls param testname therest; do
+ [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
+ "$ecc" = "ECC" ] && continue;
+
+ echo "$SCRIPTNAME: running $testname ----------------------------"
+ TLS_FLAG=-T
+ if [ "$tls" = "TLS" ]; then
+ TLS_FLAG=""
+ fi
+
+ resFile=${TMP}/$HOST.tmpRes.$$
+ rm $resFile 2>/dev/null
+
+ echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
+ echo " -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\"
+ echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
+
+ ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \
+ ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \
+ -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1
+ ret=$?
+ grep "ACCESS=OK" $resFile
+ test $? -eq 0 -a $ret -eq 0
+ ret=$?
+ [ $ret -ne 0 ] && cat $resFile
+ rm -f $resFile 2>/dev/null
+ html_msg $ret 0 "${testname}"
+ done < ${SSLCOV}
+ rm -f $SSL_REQ_FILE 2>/dev/null
+
+ html "</TABLE><BR>"
+}
+
+#######################################################################
+# local shell function to perform SSL Client Authentication tests
+# in interoperability mode. Tests run against web server by using nss
+# test client
+# Params:
+# $1 - supported type of testing.
+# $2 - testing host
+# $3 - nss db location
+# No return value
+#
+ssl_iopr_auth_ext_server()
+{
+ testType=$1
+ host=$2
+ dbDir=$3
+
+ setTestParam $testType
+ if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
+ echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
+ "run by server configuration"
+ return 0
+ fi
+
+ html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
+ $testDescription"
+
+ setValidCert;ret=$?
+ if [ $ret -ne 0 ]; then
+ html_failed "Fail to find valid test cert(ws: $host)"
+ return $ret
+ fi
+
+ SSL_REQ_FILE=${TMP}/sslreq.dat.$$
+ echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
+ echo >> $SSL_REQ_FILE
+
+ SSLAUTH_TMP=${TMP}/authin.tl.tmp
+ grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}
+
+ while read ecc value sparam cparam testname; do
+ [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+
+ cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
+
+ echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
+ echo " -d ${dbDir} -v < ${SSL_REQ_FILE}"
+
+ resFile=${TMP}/$HOST.tmp.$$
+ rm $rsFile 2>/dev/null
+
+ ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
+ -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile 2>&1
+ ret=$?
+ grep "ACCESS=OK" $resFile
+ test $? -eq 0 -a $ret -eq 0
+ ret=$?
+ [ $ret -ne 0 ] && cat $resFile
+ rm $resFile 2>/dev/null
+
+ html_msg $ret $value "${testname}. Client params: $cparam"\
+ "produced a returncode of $ret, expected is $value"
+ done < ${SSLAUTH_TMP}
+ rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
+
+ html "</TABLE><BR>"
+}
+
+########################################################################
+# local shell function to perform SSL interoperability test with/out
+# revoked certs tests. Tests run against web server by using nss
+# test client
+# Params:
+# $1 - supported type of testing.
+# $2 - testing host
+# $3 - nss db location
+# No return value
+#
+ssl_iopr_crl_ext_server()
+{
+ testType=$1
+ host=$2
+ dbDir=$3
+
+ setTestParam $testType
+ if [ "`echo $testParam | grep NOCRL`" != "" ]; then
+ echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
+ "run by server configuration"
+ return 0
+ fi
+
+ html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
+
+ SSL_REQ_FILE=${TMP}/sslreq.dat.$$
+ echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
+ echo >> $SSL_REQ_FILE
+
+ SSLAUTH_TMP=${TMP}/authin.tl.tmp
+ grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
+ grep -v none > ${SSLAUTH_TMP}
+
+ while read ecc value sparam _cparam testname; do
+ [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+
+ rev_modvalue=254
+ for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
+ cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
+
+ echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
+ echo " -f -d ${dbDir} -v ${cparam} < ${SSL_REQ_FILE}"
+ resFile=${TMP}/$HOST.tmp.$$
+ rm -f $resFile 2>/dev/null
+ ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
+ -d ${dbDir} -v < ${SSL_REQ_FILE} \
+ > $resFile 2>&1
+ ret=$?
+ grep "ACCESS=OK" $resFile
+ test $? -eq 0 -a $ret -eq 0
+ ret=$?
+ [ $ret -ne 0 ] && ret=$rev_modvalue;
+ [ $ret -ne 0 ] && cat $resFile
+ rm -f $resFile 2>/dev/null
+
+ if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
+ modvalue=$rev_modvalue
+ testAddMsg="revoked"
+ else
+ testAddMsg="not revoked"
+ modvalue=$value
+ fi
+ html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
+ "produced a returncode of $ret, expected is $modvalue"
+ done
+ done < ${SSLAUTH_TMP}
+ rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
+
+ html "</TABLE><BR>"
+}
+
+
+########################################################################
+# local shell function to perform SSL Cipher Coverage tests of nss server
+# by invoking remote test client on web server side.
+# Invoked only if reverse testing is supported by web server.
+# Params:
+# $1 - remote web server host
+# $2 - open port to connect to invoke CGI script
+# $3 - host where selfserv is running(name of the host nss tests
+# are running)
+# $4 - port where selfserv is running
+# $5 - selfserv nss db location
+# No return value
+#
+ssl_iopr_cov_ext_client()
+{
+ host=$1
+ port=$2
+ sslHost=$3
+ sslPort=$4
+ serDbDir=$5
+
+ html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
+
+ setValidCert
+ ret=$?
+ if [ $res -ne 0 ]; then
+ html_failed "Fail to find valid test cert(ws: $host)"
+ return $ret
+ fi
+
+ # P_R_SERVERDIR switch require for selfserv to work.
+ # Will be restored after test
+ OR_P_R_SERVERDIR=$P_R_SERVERDIR
+ P_R_SERVERDIR=$serDbDir
+ OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
+ P_R_CLIENTDIR=$serDbDir
+ testname=""
+ sparam="-vvvc ABCDEFcdefgijklmnvyz"
+ # Launch the server
+ start_selfserv
+
+ while read ecc tls param cipher therest; do
+ [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+ echo "============= Beginning of the test ===================="
+ echo
+
+ is_selfserv_alive
+
+ TEST_IN=${TMP}/${HOST}_IN.tmp.$$
+ TEST_OUT=${TMP}/$HOST.tmp.$$
+ rm -f $TEST_IN $TEST_OUT 2>/dev/null
+
+ echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
+ echo >> $TEST_IN
+
+ echo "------- Request ----------------------"
+ cat $TEST_IN
+ echo "------- Command ----------------------"
+ echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+ -h $host \< $TEST_IN \>\> $TEST_OUT
+
+ ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+ -h $host <$TEST_IN > $TEST_OUT
+
+ echo "------- Server output Begin ----------"
+ cat $TEST_OUT
+ echo "------- Server output End ----------"
+
+ echo "Checking for errors in log file..."
+ grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
+ if [ $? -eq 0 ]; then
+ grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
+ if [ $? -eq 0 ]; then
+ echo "Skiping test: no support for the cipher $cipher on server side"
+ continue
+ fi
+
+ grep -i "SERVER ERROR:" $TEST_OUT
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ echo "Found problems. Reseting exit code to failure."
+
+ ret=1
+ else
+ ret=0
+ fi
+ else
+ echo "Script was not executed. Reseting exit code to failure."
+ ret=11
+ fi
+
+ html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
+ " produced a returncode of $ret, expected is 0"
+ rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
+ done < ${SSLCOV}
+ kill_selfserv
+
+ P_R_SERVERDIR=$OR_P_R_SERVERDIR
+ P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
+
+ rm -f ${TEST_IN} ${TEST_OUT}
+ html "</TABLE><BR>"
+}
+
+########################################################################
+# local shell function to perform SSL Authentication tests of nss server
+# by invoking remove test client on web server side
+# Invoked only if reverse testing is supported by web server.
+# Params:
+# $1 - remote web server host
+# $2 - open port to connect to invoke CGI script
+# $3 - host where selfserv is running(name of the host nss tests
+# are running)
+# $4 - port where selfserv is running
+# $5 - selfserv nss db location
+# No return value
+#
+ssl_iopr_auth_ext_client()
+{
+ host=$1
+ port=$2
+ sslHost=$3
+ sslPort=$4
+ serDbDir=$5
+
+ html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
+
+ setValidCert
+ ret=$?
+ if [ $res -ne 0 ]; then
+ html_failed "Fail to find valid test cert(ws: $host)"
+ return $ret
+ fi
+
+ OR_P_R_SERVERDIR=$P_R_SERVERDIR
+ P_R_SERVERDIR=${serDbDir}
+ OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
+ P_R_CLIENTDIR=${serDbDir}
+
+ SSLAUTH_TMP=${TMP}/authin.tl.tmp
+
+ grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
+
+ while read ecc value sparam cparam testname; do
+ [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+
+ echo "Server params: $sparam"
+ sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
+ start_selfserv
+
+ TEST_IN=${TMP}/$HOST_IN.tmp.$$
+ TEST_OUT=${TMP}/$HOST.tmp.$$
+ rm -f $TEST_IN $TEST_OUT 2>/dev/null
+
+ echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
+ echo >> $TEST_IN
+
+ echo "------- Request ----------------------"
+ cat $TEST_IN
+ echo "------- Command ----------------------"
+ echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+ -h $host \< $TEST_IN \>\> $TEST_OUT
+
+ ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+ -h $host <$TEST_IN > $TEST_OUT
+
+ echo "------- Server output Begin ----------"
+ cat $TEST_OUT
+ echo "------- Server output End ----------"
+
+ echo "Checking for errors in log file..."
+ grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
+ if [ $? -eq 0 ]; then
+ echo "Checking for error in log file..."
+ grep -i "SERVER ERROR:" $TEST_OUT
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ echo "Found problems. Reseting exit code to failure."
+ ret=1
+ else
+ ret=0
+ fi
+ else
+ echo "Script was not executed. Reseting exit code to failure."
+ ret=11
+ fi
+
+ html_msg $ret $value "${testname}. Server params: $sparam"\
+ "produced a returncode of $ret, expected is $value"
+ kill_selfserv
+ rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
+ done < ${SSLAUTH_TMP}
+
+ P_R_SERVERDIR=$OR_P_R_SERVERDIR
+ P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
+
+ rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
+ html "</TABLE><BR>"
+}
+
+#########################################################################
+# local shell function to perform SSL CRL testing of nss server
+# by invoking remote test client on web server side
+# Invoked only if reverse testing is supported by web server.
+# Params:
+# $1 - remote web server host
+# $2 - open port to connect to invoke CGI script
+# $3 - host where selfserv is running(name of the host nss tests
+# are running)
+# $4 - port where selfserv is running
+# $5 - selfserv nss db location
+# No return value
+#
+ssl_iopr_crl_ext_client()
+{
+ host=$1
+ port=$2
+ sslHost=$3
+ sslPort=$4
+ serDbDir=$5
+
+ html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
+
+ OR_P_R_SERVERDIR=$P_R_SERVERDIR
+ P_R_SERVERDIR=${serDbDir}
+ OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
+ P_R_CLIENTDIR=$serDbDir
+
+ SSLAUTH_TMP=${TMP}/authin.tl.tmp
+ grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
+
+ while read ecc value sparam _cparam testname; do
+ [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+ sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz"
+ start_selfserv
+
+ for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
+
+ is_selfserv_alive
+
+ TEST_IN=${TMP}/${HOST}_IN.tmp.$$
+ TEST_OUT=${TMP}/$HOST.tmp.$$
+ rm -f $TEST_IN $TEST_OUT 2>/dev/null
+
+ echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
+ echo >> $TEST_IN
+
+ echo "------- Request ----------------------"
+ cat $TEST_IN
+ echo "------- Command ----------------------"
+ echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+ -h ${host} \< $TEST_IN \>\> $TEST_OUT
+
+ ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+ -h ${host} <$TEST_IN > $TEST_OUT
+ echo "------- Request ----------------------"
+ cat $TEST_IN
+ echo "------- Server output Begin ----------"
+ cat $TEST_OUT
+ echo "------- Server output End ----------"
+
+ echo "Checking for errors in log file..."
+ grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
+ if [ $? -eq 0 ]; then
+ grep -i "SERVER ERROR:" $TEST_OUT
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ echo "Found problems. Reseting exit code to failure."
+ ret=1
+ else
+ ret=0
+ fi
+ else
+ echo "Script was not executed. Reseting exit code to failure."
+ ret=11
+ fi
+
+ if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
+ modvalue=1
+ testAddMsg="revoked"
+ else
+ testAddMsg="not revoked"
+ modvalue=0
+ fi
+
+ html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
+ "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
+ rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
+ done
+ kill_selfserv
+ done < ${SSLAUTH_TMP}
+
+ P_R_SERVERDIR=$OR_P_R_SERVERDIR
+ P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
+
+ rm -f ${SSLAUTH_TMP}
+ html "</TABLE><BR>"
+}
+
+#####################################################################
+# Initial point for running ssl test againt multiple hosts involved in
+# interoperability testing. Called from nss/tests/ssl/ssl.sh
+# It will only proceed with test run for a specific host if environment variable
+# IOPR_HOSTADDR_LIST was set, had the host name in the list
+# and all needed file were successfully downloaded and installed for the host.
+#
+# Returns 1 if interoperability testing is off, 0 otherwise.
+#
+ssl_iopr_run() {
+ if [ "$IOPR" -ne 1 ]; then
+ return 1
+ fi
+ cd ${CLIENTDIR}
+
+ ORIG_ECC_CERT=${NO_ECC_CERTS}
+ NO_ECC_CERTS=1 # disable ECC for interoperability tests
+
+ NSS_SSL_ENABLE_RENEGOTIATION=u
+ export NSS_SSL_ENABLE_RENEGOTIATION
+
+ num=1
+ IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+ while [ "$IOPR_HOST_PARAM" ]; do
+ IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
+ IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
+ [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
+
+ . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
+ RES=$?
+
+ if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
+ num=`expr $num + 1`
+ IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+ continue
+ fi
+
+ #=======================================================
+ # Check if server is capable to run ssl tests
+ #
+ [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;
+
+ # Testing directories defined by webserver.
+ echo "Testing ssl interoperability.
+ Client: local(tstclnt).
+ Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
+
+ for sslTestType in ${supportedTests_new}; do
+ if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
+ continue
+ fi
+ ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
+ ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
+ ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
+ ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
+ ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
+ ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
+ done
+
+
+ # Testing selfserv with client located at the webserver.
+ echo "Testing ssl interoperability.
+ Client: remote($IOPR_HOSTADDR:$PORT)
+ Server: local(selfserv)"
+ ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
+ ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
+ ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
+ ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
+ ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
+ ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
+ echo "================================================"
+ echo "Done testing interoperability with $IOPR_HOSTADDR"
+ num=`expr $num + 1`
+ IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+ done
+ NO_ECC_CERTS=${ORIG_ECC_CERTS}
+ return 0
+}
+