1#! /bin/bash 2# 3# This Source Code Form is subject to the terms of the Mozilla Public 4# License, v. 2.0. If a copy of the MPL was not distributed with this 5# file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7######################################################################## 8# 9# mozilla/security/nss/tests/iopr/ssl_iopr.sh 10# 11# NSS SSL interoperability QA. This file is included from ssl.sh 12# 13# needs to work on all Unix and Windows platforms 14# 15# special strings 16# --------------- 17# FIXME ... known problems, search for this string 18# NOTE .... unexpected behavior 19######################################################################## 20IOPR_SSL_SOURCED=1 21 22######################################################################## 23# The functions works with variables defined in interoperability 24# configuration file that was downloaded from a webserver. 25# It tries to find unrevoked cert based on value of variable 26# "SslClntValidCertName" defined in the configuration file. 27# Params NONE. 28# Returns 0 if found, 1 otherwise. 29# 30setValidCert() { 31 testUser=$SslClntValidCertName 32 [ -z "$testUser" ] && return 1 33 return 0 34} 35 36######################################################################## 37# The funtions works with variables defined in interoperability 38# configuration file that was downloaded from a webserver. 39# The function sets port, url, param and description test parameters 40# that was defind for a particular type of testing. 41# Params: 42# $1 - supported types of testing. Currently have maximum 43# of two: forward and reverse. But more can be defined. 44# No return value 45# 46setTestParam() { 47 type=$1 48 sslPort=`eval 'echo $'${type}Port` 49 sslUrl=`eval 'echo $'${type}Url` 50 testParam=`eval 'echo $'${type}Param` 51 testDescription=`eval 'echo $'${type}Descr` 52 [ -z "$sslPort" ] && sslPort=443 53 [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html" 54 [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html" 55} 56 57 58####################################################################### 59# local shell function to perform SSL Cipher Suite Coverage tests 60# in interoperability mode. Tests run against web server by using nss 61# test client 62# Params: 63# $1 - supported type of testing. 64# $2 - testing host 65# $3 - nss db location 66# No return value 67# 68ssl_iopr_cov_ext_server() 69{ 70 testType=$1 71 host=$2 72 dbDir=$3 73 74 setTestParam $testType 75 if [ "`echo $testParam | grep NOCOV`" != "" ]; then 76 echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \ 77 "run by server configuration" 78 return 0 79 fi 80 81 html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \ 82 "$BYPASS_STRING $NORM_EXT): $testDescription" 83 84 setValidCert; ret=$? 85 if [ $ret -ne 0 ]; then 86 html_failed "Fail to find valid test cert(ws: $host)" 87 return $ret 88 fi 89 90 SSL_REQ_FILE=${TMP}/sslreq.dat.$$ 91 echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE 92 echo >> $SSL_REQ_FILE 93 94 while read ecc tls param testname therest; do 95 [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \ 96 "$ecc" = "ECC" ] && continue; 97 98 echo "$SCRIPTNAME: running $testname ----------------------------" 99 TLS_FLAG=-T 100 if [ "$tls" = "TLS" ]; then 101 TLS_FLAG="" 102 fi 103 104 resFile=${TMP}/$HOST.tmpRes.$$ 105 rm $resFile 2>/dev/null 106 107 echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\" 108 echo " -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\" 109 echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile" 110 111 ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \ 112 ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \ 113 -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1 114 ret=$? 115 grep "ACCESS=OK" $resFile 116 test $? -eq 0 -a $ret -eq 0 117 ret=$? 118 [ $ret -ne 0 ] && cat $resFile 119 rm -f $resFile 2>/dev/null 120 html_msg $ret 0 "${testname}" 121 done < ${SSLCOV} 122 rm -f $SSL_REQ_FILE 2>/dev/null 123 124 html "</TABLE><BR>" 125} 126 127####################################################################### 128# local shell function to perform SSL Client Authentication tests 129# in interoperability mode. Tests run against web server by using nss 130# test client 131# Params: 132# $1 - supported type of testing. 133# $2 - testing host 134# $3 - nss db location 135# No return value 136# 137ssl_iopr_auth_ext_server() 138{ 139 testType=$1 140 host=$2 141 dbDir=$3 142 143 setTestParam $testType 144 if [ "`echo $testParam | grep NOAUTH`" != "" ]; then 145 echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \ 146 "run by server configuration" 147 return 0 148 fi 149 150 html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): 151 $testDescription" 152 153 setValidCert;ret=$? 154 if [ $ret -ne 0 ]; then 155 html_failed "Fail to find valid test cert(ws: $host)" 156 return $ret 157 fi 158 159 SSL_REQ_FILE=${TMP}/sslreq.dat.$$ 160 echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE 161 echo >> $SSL_REQ_FILE 162 163 SSLAUTH_TMP=${TMP}/authin.tl.tmp 164 grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP} 165 166 while read ecc value sparam cparam testname; do 167 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; 168 169 cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` 170 171 echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\" 172 echo " -d ${dbDir} -v < ${SSL_REQ_FILE}" 173 174 resFile=${TMP}/$HOST.tmp.$$ 175 rm $rsFile 2>/dev/null 176 177 ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ 178 -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile 2>&1 179 ret=$? 180 grep "ACCESS=OK" $resFile 181 test $? -eq 0 -a $ret -eq 0 182 ret=$? 183 [ $ret -ne 0 ] && cat $resFile 184 rm $resFile 2>/dev/null 185 186 html_msg $ret $value "${testname}. Client params: $cparam"\ 187 "produced a returncode of $ret, expected is $value" 188 done < ${SSLAUTH_TMP} 189 rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} 190 191 html "</TABLE><BR>" 192} 193 194######################################################################## 195# local shell function to perform SSL interoperability test with/out 196# revoked certs tests. Tests run against web server by using nss 197# test client 198# Params: 199# $1 - supported type of testing. 200# $2 - testing host 201# $3 - nss db location 202# No return value 203# 204ssl_iopr_crl_ext_server() 205{ 206 testType=$1 207 host=$2 208 dbDir=$3 209 210 setTestParam $testType 211 if [ "`echo $testParam | grep NOCRL`" != "" ]; then 212 echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \ 213 "run by server configuration" 214 return 0 215 fi 216 217 html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription" 218 219 SSL_REQ_FILE=${TMP}/sslreq.dat.$$ 220 echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE 221 echo >> $SSL_REQ_FILE 222 223 SSLAUTH_TMP=${TMP}/authin.tl.tmp 224 grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \ 225 grep -v none > ${SSLAUTH_TMP} 226 227 while read ecc value sparam _cparam testname; do 228 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; 229 230 rev_modvalue=254 231 for testUser in $SslClntValidCertName $SslClntRevokedCertName; do 232 cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` 233 234 echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\" 235 echo " -f -d ${dbDir} -v ${cparam} < ${SSL_REQ_FILE}" 236 resFile=${TMP}/$HOST.tmp.$$ 237 rm -f $resFile 2>/dev/null 238 ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ 239 -d ${dbDir} -v < ${SSL_REQ_FILE} \ 240 > $resFile 2>&1 241 ret=$? 242 grep "ACCESS=OK" $resFile 243 test $? -eq 0 -a $ret -eq 0 244 ret=$? 245 [ $ret -ne 0 ] && ret=$rev_modvalue; 246 [ $ret -ne 0 ] && cat $resFile 247 rm -f $resFile 2>/dev/null 248 249 if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then 250 modvalue=$rev_modvalue 251 testAddMsg="revoked" 252 else 253 testAddMsg="not revoked" 254 modvalue=$value 255 fi 256 html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ 257 "produced a returncode of $ret, expected is $modvalue" 258 done 259 done < ${SSLAUTH_TMP} 260 rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} 261 262 html "</TABLE><BR>" 263} 264 265 266######################################################################## 267# local shell function to perform SSL Cipher Coverage tests of nss server 268# by invoking remote test client on web server side. 269# Invoked only if reverse testing is supported by web server. 270# Params: 271# $1 - remote web server host 272# $2 - open port to connect to invoke CGI script 273# $3 - host where selfserv is running(name of the host nss tests 274# are running) 275# $4 - port where selfserv is running 276# $5 - selfserv nss db location 277# No return value 278# 279ssl_iopr_cov_ext_client() 280{ 281 host=$1 282 port=$2 283 sslHost=$3 284 sslPort=$4 285 serDbDir=$5 286 287 html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" 288 289 setValidCert 290 ret=$? 291 if [ $res -ne 0 ]; then 292 html_failed "Fail to find valid test cert(ws: $host)" 293 return $ret 294 fi 295 296 # P_R_SERVERDIR switch require for selfserv to work. 297 # Will be restored after test 298 OR_P_R_SERVERDIR=$P_R_SERVERDIR 299 P_R_SERVERDIR=$serDbDir 300 OR_P_R_CLIENTDIR=$P_R_CLIENTDIR 301 P_R_CLIENTDIR=$serDbDir 302 testname="" 303 sparam="-vvvc ABCDEFcdefgijklmnvyz" 304 # Launch the server 305 start_selfserv 306 307 while read ecc tls param cipher therest; do 308 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; 309 echo "============= Beginning of the test ====================" 310 echo 311 312 is_selfserv_alive 313 314 TEST_IN=${TMP}/${HOST}_IN.tmp.$$ 315 TEST_OUT=${TMP}/$HOST.tmp.$$ 316 rm -f $TEST_IN $TEST_OUT 2>/dev/null 317 318 echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN 319 echo >> $TEST_IN 320 321 echo "------- Request ----------------------" 322 cat $TEST_IN 323 echo "------- Command ----------------------" 324 echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ 325 -h $host \< $TEST_IN \>\> $TEST_OUT 326 327 ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ 328 -h $host <$TEST_IN > $TEST_OUT 329 330 echo "------- Server output Begin ----------" 331 cat $TEST_OUT 332 echo "------- Server output End ----------" 333 334 echo "Checking for errors in log file..." 335 grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null 336 if [ $? -eq 0 ]; then 337 grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null 338 if [ $? -eq 0 ]; then 339 echo "Skiping test: no support for the cipher $cipher on server side" 340 continue 341 fi 342 343 grep -i "SERVER ERROR:" $TEST_OUT 344 ret=$? 345 if [ $ret -eq 0 ]; then 346 echo "Found problems. Reseting exit code to failure." 347 348 ret=1 349 else 350 ret=0 351 fi 352 else 353 echo "Script was not executed. Reseting exit code to failure." 354 ret=11 355 fi 356 357 html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \ 358 " produced a returncode of $ret, expected is 0" 359 rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null 360 done < ${SSLCOV} 361 kill_selfserv 362 363 P_R_SERVERDIR=$OR_P_R_SERVERDIR 364 P_R_CLIENTDIR=$OR_P_R_CLIENTDIR 365 366 rm -f ${TEST_IN} ${TEST_OUT} 367 html "</TABLE><BR>" 368} 369 370######################################################################## 371# local shell function to perform SSL Authentication tests of nss server 372# by invoking remove test client on web server side 373# Invoked only if reverse testing is supported by web server. 374# Params: 375# $1 - remote web server host 376# $2 - open port to connect to invoke CGI script 377# $3 - host where selfserv is running(name of the host nss tests 378# are running) 379# $4 - port where selfserv is running 380# $5 - selfserv nss db location 381# No return value 382# 383ssl_iopr_auth_ext_client() 384{ 385 host=$1 386 port=$2 387 sslHost=$3 388 sslPort=$4 389 serDbDir=$5 390 391 html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" 392 393 setValidCert 394 ret=$? 395 if [ $res -ne 0 ]; then 396 html_failed "Fail to find valid test cert(ws: $host)" 397 return $ret 398 fi 399 400 OR_P_R_SERVERDIR=$P_R_SERVERDIR 401 P_R_SERVERDIR=${serDbDir} 402 OR_P_R_CLIENTDIR=$P_R_CLIENTDIR 403 P_R_CLIENTDIR=${serDbDir} 404 405 SSLAUTH_TMP=${TMP}/authin.tl.tmp 406 407 grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} 408 409 while read ecc value sparam cparam testname; do 410 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; 411 412 echo "Server params: $sparam" 413 sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz" 414 start_selfserv 415 416 TEST_IN=${TMP}/$HOST_IN.tmp.$$ 417 TEST_OUT=${TMP}/$HOST.tmp.$$ 418 rm -f $TEST_IN $TEST_OUT 2>/dev/null 419 420 echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN 421 echo >> $TEST_IN 422 423 echo "------- Request ----------------------" 424 cat $TEST_IN 425 echo "------- Command ----------------------" 426 echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ 427 -h $host \< $TEST_IN \>\> $TEST_OUT 428 429 ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ 430 -h $host <$TEST_IN > $TEST_OUT 431 432 echo "------- Server output Begin ----------" 433 cat $TEST_OUT 434 echo "------- Server output End ----------" 435 436 echo "Checking for errors in log file..." 437 grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null 438 if [ $? -eq 0 ]; then 439 echo "Checking for error in log file..." 440 grep -i "SERVER ERROR:" $TEST_OUT 441 ret=$? 442 if [ $ret -eq 0 ]; then 443 echo "Found problems. Reseting exit code to failure." 444 ret=1 445 else 446 ret=0 447 fi 448 else 449 echo "Script was not executed. Reseting exit code to failure." 450 ret=11 451 fi 452 453 html_msg $ret $value "${testname}. Server params: $sparam"\ 454 "produced a returncode of $ret, expected is $value" 455 kill_selfserv 456 rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null 457 done < ${SSLAUTH_TMP} 458 459 P_R_SERVERDIR=$OR_P_R_SERVERDIR 460 P_R_CLIENTDIR=$OR_P_R_CLIENTDIR 461 462 rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT} 463 html "</TABLE><BR>" 464} 465 466######################################################################### 467# local shell function to perform SSL CRL testing of nss server 468# by invoking remote test client on web server side 469# Invoked only if reverse testing is supported by web server. 470# Params: 471# $1 - remote web server host 472# $2 - open port to connect to invoke CGI script 473# $3 - host where selfserv is running(name of the host nss tests 474# are running) 475# $4 - port where selfserv is running 476# $5 - selfserv nss db location 477# No return value 478# 479ssl_iopr_crl_ext_client() 480{ 481 host=$1 482 port=$2 483 sslHost=$3 484 sslPort=$4 485 serDbDir=$5 486 487 html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" 488 489 OR_P_R_SERVERDIR=$P_R_SERVERDIR 490 P_R_SERVERDIR=${serDbDir} 491 OR_P_R_CLIENTDIR=$P_R_CLIENTDIR 492 P_R_CLIENTDIR=$serDbDir 493 494 SSLAUTH_TMP=${TMP}/authin.tl.tmp 495 grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} 496 497 while read ecc value sparam _cparam testname; do 498 [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; 499 sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz" 500 start_selfserv 501 502 for testUser in $SslClntValidCertName $SslClntRevokedCertName; do 503 504 is_selfserv_alive 505 506 TEST_IN=${TMP}/${HOST}_IN.tmp.$$ 507 TEST_OUT=${TMP}/$HOST.tmp.$$ 508 rm -f $TEST_IN $TEST_OUT 2>/dev/null 509 510 echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN 511 echo >> $TEST_IN 512 513 echo "------- Request ----------------------" 514 cat $TEST_IN 515 echo "------- Command ----------------------" 516 echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ 517 -h ${host} \< $TEST_IN \>\> $TEST_OUT 518 519 ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \ 520 -h ${host} <$TEST_IN > $TEST_OUT 521 echo "------- Request ----------------------" 522 cat $TEST_IN 523 echo "------- Server output Begin ----------" 524 cat $TEST_OUT 525 echo "------- Server output End ----------" 526 527 echo "Checking for errors in log file..." 528 grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null 529 if [ $? -eq 0 ]; then 530 grep -i "SERVER ERROR:" $TEST_OUT 531 ret=$? 532 if [ $ret -eq 0 ]; then 533 echo "Found problems. Reseting exit code to failure." 534 ret=1 535 else 536 ret=0 537 fi 538 else 539 echo "Script was not executed. Reseting exit code to failure." 540 ret=11 541 fi 542 543 if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then 544 modvalue=1 545 testAddMsg="revoked" 546 else 547 testAddMsg="not revoked" 548 modvalue=0 549 fi 550 551 html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ 552 "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)" 553 rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null 554 done 555 kill_selfserv 556 done < ${SSLAUTH_TMP} 557 558 P_R_SERVERDIR=$OR_P_R_SERVERDIR 559 P_R_CLIENTDIR=$OR_P_R_CLIENTDIR 560 561 rm -f ${SSLAUTH_TMP} 562 html "</TABLE><BR>" 563} 564 565##################################################################### 566# Initial point for running ssl test againt multiple hosts involved in 567# interoperability testing. Called from nss/tests/ssl/ssl.sh 568# It will only proceed with test run for a specific host if environment variable 569# IOPR_HOSTADDR_LIST was set, had the host name in the list 570# and all needed file were successfully downloaded and installed for the host. 571# 572# Returns 1 if interoperability testing is off, 0 otherwise. 573# 574ssl_iopr_run() { 575 if [ "$IOPR" -ne 1 ]; then 576 return 1 577 fi 578 cd ${CLIENTDIR} 579 580 ORIG_ECC_CERT=${NO_ECC_CERTS} 581 NO_ECC_CERTS=1 # disable ECC for interoperability tests 582 583 NSS_SSL_ENABLE_RENEGOTIATION=u 584 export NSS_SSL_ENABLE_RENEGOTIATION 585 586 num=1 587 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` 588 while [ "$IOPR_HOST_PARAM" ]; do 589 IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` 590 IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` 591 [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443 592 593 . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg 594 RES=$? 595 596 if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then 597 num=`expr $num + 1` 598 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` 599 continue 600 fi 601 602 #======================================================= 603 # Check if server is capable to run ssl tests 604 # 605 [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue; 606 607 # Testing directories defined by webserver. 608 echo "Testing ssl interoperability. 609 Client: local(tstclnt). 610 Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)" 611 612 for sslTestType in ${supportedTests_new}; do 613 if [ -z "`echo $sslTestType | grep -i ssl`" ]; then 614 continue 615 fi 616 ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \ 617 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} 618 ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \ 619 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} 620 ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \ 621 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} 622 done 623 624 625 # Testing selfserv with client located at the webserver. 626 echo "Testing ssl interoperability. 627 Client: remote($IOPR_HOSTADDR:$PORT) 628 Server: local(selfserv)" 629 ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ 630 ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} 631 ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ 632 ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} 633 ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ 634 ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} 635 echo "================================================" 636 echo "Done testing interoperability with $IOPR_HOSTADDR" 637 num=`expr $num + 1` 638 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` 639 done 640 NO_ECC_CERTS=${ORIG_ECC_CERTS} 641 return 0 642} 643 644