Compare commits
46 Commits
master
...
private-em
Author | SHA1 | Date |
---|---|---|
Elio Maldonado | d07560c593 | |
Elio Maldonado | a06fcaba6f | |
Elio Maldonado | 90700e6be2 | |
Elio Maldonado | 8baa8a8f80 | |
Elio Maldonado | 0f3f4c9f32 | |
Elio Maldonado | 731ce5035a | |
Elio Maldonado | 93a134afa1 | |
Elio Maldonado | 82cee71d15 | |
Elio Maldonado | 0ee7d5581e | |
Elio Maldonado | 7f2e27a8d5 | |
Elio Maldonado | f1288f2a53 | |
Elio Maldonado | 50d1896848 | |
Elio Maldonado | 80580e8121 | |
Elio Maldonado | 4d5d729ef7 | |
Elio Maldonado | e31a061409 | |
Elio Maldonado | 404526cfc6 | |
Elio Maldonado | 671275a78f | |
Elio Maldonado | a8195b73f1 | |
Elio Maldonado | cb9d721509 | |
Elio Maldonado | d92ceb305d | |
Elio Maldonado | cc245db464 | |
Elio Maldonado | b485416766 | |
Elio Maldonado | a2429f74e9 | |
Elio Maldonado | 730400b5b4 | |
Elio Maldonado | a7a8471319 | |
Elio Maldonado | 9c7caeef40 | |
Elio Maldonado | 740fc1b4ad | |
Elio Maldonado | d9e7eed2ac | |
Elio Maldonado | 00af478fbf | |
Elio Maldonado | 9d9301fe73 | |
Elio Maldonado | 2cf5b75cb2 | |
Elio Maldonado | 5cc547f486 | |
Elio Maldonado | b42c989b2d | |
Elio Maldonado | 5a2c8f6060 | |
Elio Maldonado | 4d367c3b32 | |
Elio Maldonado | 26507f9bc4 | |
Elio Maldonado | b24394dfb6 | |
Elio Maldonado | 7a07302aa1 | |
Elio Maldonado | fdebbfede8 | |
Elio Maldonado | f693c60ed3 | |
Elio Maldonado | 09040cd82a | |
Elio Maldonado | dc93f45359 | |
Elio Maldonado | 681808b309 | |
Elio Maldonado | dc39923fc1 | |
Elio Maldonado | 1d382f933e | |
Elio Maldonado | 4da77f592d |
|
@ -0,0 +1,111 @@
|
|||
--- ./cmd/listsuites/listsuites.c.do_queries 2016-05-17 00:58:45.000000000 -0700
|
||||
+++ ./cmd/listsuites/listsuites.c 2016-06-23 09:39:10.563925342 -0700
|
||||
@@ -7,19 +7,48 @@
|
||||
*
|
||||
* Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include "secport.h"
|
||||
#include "ssl.h"
|
||||
+#include "plgetopt.h"
|
||||
+#include "secutil.h"
|
||||
+#include "utilpars.h"
|
||||
+#include "nspr.h"
|
||||
+#include "nss.h"
|
||||
+
|
||||
+static const char *progName = "listsuites";
|
||||
+char *ignoreVar;
|
||||
+
|
||||
+static char *policy_file_path(char *path)
|
||||
+{
|
||||
+ return (PR_Access(path, PR_ACCESS_READ_OK) == PR_SUCCESS) ? path : "";
|
||||
+}
|
||||
+
|
||||
+static char *ignore_system_policy_value(char *var)
|
||||
+{
|
||||
+ ignoreVar = PR_GetEnvSecure(var);
|
||||
+ return ignoreVar != NULL ? ignoreVar : "";
|
||||
+}
|
||||
+
|
||||
+void Usage(const char *progName)
|
||||
+{
|
||||
+ fprintf(stderr,
|
||||
+ "\nList cipher suites or parse a policy file or query\n"
|
||||
+ "Usage: %s [-i policy_file] file to parse (default is list)\n",
|
||||
+ progName);
|
||||
+ exit(1);
|
||||
+}
|
||||
+
|
||||
|
||||
int
|
||||
-main(int argc, char **argv)
|
||||
+list_suites(void)
|
||||
{
|
||||
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
|
||||
int i;
|
||||
int errCount = 0;
|
||||
|
||||
fputs("This version of libSSL supports these cipher suites:\n\n", stdout);
|
||||
|
||||
/* disable all the SSL3 cipher suites */
|
||||
@@ -56,8 +85,58 @@
|
||||
info.effectiveKeyBits, info.macAlgorithmName,
|
||||
enabled ? "Enabled" : "Disabled",
|
||||
info.isFIPS ? "FIPS" : "",
|
||||
info.isExportable ? "Export" : "Domestic",
|
||||
info.nonStandard ? "nonStandard" : "");
|
||||
}
|
||||
return errCount;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+main(int argc, char **argv)
|
||||
+{
|
||||
+ PLOptState *optstate = NULL;
|
||||
+ PLOptStatus status;
|
||||
+ SECStatus rv;
|
||||
+ FILE *inFile;
|
||||
+ char *ev, *path;
|
||||
+
|
||||
+ optstate = PL_CreateOptState(argc, argv, "?hi:p:q:lL");
|
||||
+ while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
+ switch (optstate->option) {
|
||||
+ case '?':
|
||||
+ case 'h':
|
||||
+ Usage(progName);
|
||||
+ break;
|
||||
+ case 'p':
|
||||
+ path = (char *)optstate->value;
|
||||
+ fprintf(stdout, "%s=%s\n", path, policy_file_path(path));
|
||||
+ break;
|
||||
+ case 'q':
|
||||
+ ev = (char *)optstate->value;
|
||||
+ fprintf(stdout, "%s=%s\n", ev, ignore_system_policy_value(ev));
|
||||
+ break;
|
||||
+ case 'i':
|
||||
+ rv = SECSuccess;
|
||||
+ inFile = fopen(optstate->value, "r");
|
||||
+ if (!inFile) {
|
||||
+ fprintf(stderr,
|
||||
+ "%s: unable to open \"%s\" for reading\n",
|
||||
+ progName, optstate->value);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ rv = SECFailure;/*ParseCryptoPolicy(optstate->value);*/
|
||||
+ fclose(inFile);
|
||||
+ return (rv == SECSuccess) ? 0 : 1;
|
||||
+ break;
|
||||
+ case 'l':
|
||||
+ case 'L':
|
||||
+ return list_suites();
|
||||
+ break;
|
||||
+ default:
|
||||
+ Usage(progName);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
2
nss.spec
2
nss.spec
|
@ -100,6 +100,7 @@ Patch60: nss-conditionally-ignore-system-policy.patch
|
|||
Patch62: nss-skip-util-gtest.patch
|
||||
# TODO: file a bug upstream similar to the one for rsaperf
|
||||
Patch70: nss-skip-ecperf.patch
|
||||
Patch71: listsuites-do-queries.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -185,6 +186,7 @@ pushd nss
|
|||
%patch60 -p1 -b .cond_ignore
|
||||
%patch62 -p0 -b .skip_util_gtest
|
||||
%patch70 -p1 -b .skip_ecperf
|
||||
%patch71 -p1 -b .do_queries
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
diff -up ./tests/ssl/sslauth.txt.expect_other ./tests/ssl/sslauth.txt
|
||||
--- ./tests/ssl/sslauth.txt.expect_other 2016-06-04 12:39:37.866869160 -0700
|
||||
+++ ./tests/ssl/sslauth.txt 2016-06-04 16:00:45.007632304 -0700
|
||||
@@ -9,17 +9,17 @@
|
||||
# ECC value params params
|
||||
# ------- ------ ------ ------ ---------------
|
||||
noECC 0 -r -w_nss_-n_none TLS Request don't require client auth (client does not provide auth)
|
||||
- noECC 0 -r -w_bogus_-n_TestUser TLS Request don't require client auth (bad password)
|
||||
+ noECC 1 -r -w_bogus_-n_TestUser TLS Request don't require client auth (bad password)
|
||||
noECC 0 -r -w_nss_-n_TestUser TLS Request don't require client auth (client auth)
|
||||
- noECC 254 -r_-r -w_nss_-n_none TLS Require client auth (client does not provide auth)
|
||||
- noECC 254 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
|
||||
+ noECC 1 -r_-r -w_nss_-n_none TLS Require client auth (client does not provide auth)
|
||||
+ noECC 1 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
|
||||
noECC 0 -r_-r -w_nss_-n_TestUser_ TLS Require client auth (client auth)
|
||||
- noECC 254 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth)
|
||||
- noECC 254 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
|
||||
- noECC 254 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
|
||||
- noECC 254 -r_-r -V_:ssl3_-w_nss_-n_none SSL3 Require client auth (client does not provide auth)
|
||||
- noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
|
||||
- noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
|
||||
+ noECC 1 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth)
|
||||
+ noECC 1 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
|
||||
+ noECC 1 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
|
||||
+ noECC 1 -r_-r -V_:ssl3_-w_nss_-n_none SSL3 Require client auth (client does not provide auth)
|
||||
+ noECC 1 -r_-r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
|
||||
+ noECC 1 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
|
||||
noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_none TLS Request don't require client auth on 2nd hs (client does not provide auth)
|
||||
noECC 0 -r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser TLS Request don't require client auth on 2nd hs (bad password)
|
||||
noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_TestUser TLS Request don't require client auth on 2nd hs (client auth)
|
||||
@@ -32,9 +32,9 @@
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_none TLS 1.0 Require client auth on 2nd hs (client does not provide auth)
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser TLS 1.0 Require client auth on 2nd hs (bad password)
|
||||
noECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser TLS 1.0 Require client auth on 2nd hs (client auth)
|
||||
- noECC 254 -r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
|
||||
- noECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
|
||||
- noECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
|
||||
+ noECC 1 -r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
|
||||
+ noECC 1 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
|
||||
+ noECC 1 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth)
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
|
||||
noECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
|
||||
@@ -43,11 +43,11 @@
|
||||
#
|
||||
ECC 0 -r -w_bogus_-n_TestUser-ec TLS Request don't require client auth (EC) (bad password)
|
||||
ECC 0 -r -w_nss_-n_TestUser-ec TLS Request don't require client auth (EC) (client auth)
|
||||
- ECC 254 -r_-r -w_bogus_-n_TestUser-ec TLS Require client auth (EC) (bad password)
|
||||
+ ECC 1 -r_-r -w_bogus_-n_TestUser-ec TLS Require client auth (EC) (bad password)
|
||||
ECC 0 -r_-r -w_nss_-n_TestUser-ec_ TLS Require client auth (EC) (client auth)
|
||||
ECC 0 -r -V_:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth (EC) (bad password)
|
||||
ECC 0 -r -V_:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth (EC) (client auth)
|
||||
- ECC 254 -r_-r -V_:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth (EC) (bad password)
|
||||
+ ECC 1 -r_-r -V_:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth (EC) (bad password)
|
||||
ECC 0 -r_-r -V_:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth (EC) (client auth)
|
||||
ECC 0 -r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (bad password)
|
||||
ECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
@@ -57,17 +57,17 @@
|
||||
ECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
ECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec TLS 1.0 Require client auth on 2nd hs (EC) (bad password)
|
||||
ECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_ TLS 1.0 Require client auth on 2nd hs (EC) (client auth)
|
||||
- ECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
|
||||
- ECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
+ ECC 1 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
|
||||
+ ECC 1 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
ECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password)
|
||||
- ECC 254 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
|
||||
+ ECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
|
||||
#
|
||||
# SNI Tests
|
||||
#
|
||||
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
|
||||
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
|
||||
- SNI 254 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
|
||||
+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
|
||||
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
|
||||
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
|
||||
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
|
@ -0,0 +1,132 @@
|
|||
--- ./tests/ssl/ssl.sh.check_policy 2016-05-17 00:58:45.000000000 -0700
|
||||
+++ ./tests/ssl/ssl.sh 2016-06-10 10:06:40.715661079 -0700
|
||||
@@ -56,16 +56,24 @@
|
||||
}
|
||||
fi
|
||||
|
||||
PORT=${PORT-8443}
|
||||
NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
|
||||
nss_ssl_run="stapling signed_cert_timestamps cov auth stress"
|
||||
NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
|
||||
|
||||
+ NSS_POLICY_FILE=[ -f ${POLICY_PATH}/${POLICY_FILE} ] \
|
||||
+ ? "${POLICY_PATH}/${POLICY_FILE}" \
|
||||
+ : ""
|
||||
+ # Means that will use test data that compliant with policy
|
||||
+ # and will invoke selfserv nd tstclnt with the proper range
|
||||
+ ADJUST_FOR_POLICY=[ -n "${NSS_POLICY_FILE}" -a -z "${NSS_IGNORE_SYSTEM_POLICY}" ] \
|
||||
+ ? "1" \
|
||||
+ : ""
|
||||
# Test case files
|
||||
SSLCOV=${QADIR}/ssl/sslcov.txt
|
||||
SSLAUTH=${QADIR}/ssl/sslauth.txt
|
||||
SSLSTRESS=${QADIR}/ssl/sslstress.txt
|
||||
SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
|
||||
REQUEST_FILE=${QADIR}/ssl/sslreq.dat
|
||||
|
||||
#temparary files
|
||||
@@ -117,17 +125,21 @@
|
||||
if [ "${OS_ARCH}" = "WINNT" ] && \
|
||||
[ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
|
||||
PID=${SHELL_SERVERPID}
|
||||
else
|
||||
PID=`cat ${SERVERPID}`
|
||||
fi
|
||||
|
||||
echo "kill -0 ${PID} >/dev/null 2>/dev/null"
|
||||
+ if [ -n "${ADJUST_FOR_POLICY}" ] && [ ${EXP} -eq 0 ]; then
|
||||
+ echo "No server to kill"
|
||||
+ else
|
||||
kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
|
||||
+ fi
|
||||
|
||||
echo "selfserv with PID ${PID} found at `date`"
|
||||
}
|
||||
|
||||
########################### wait_for_selfserv ##########################
|
||||
# local shell function to wait until selfserver is running and initialized
|
||||
########################################################################
|
||||
wait_for_selfserv()
|
||||
@@ -140,17 +152,21 @@
|
||||
if [ $? -ne 0 ]; then
|
||||
sleep 5
|
||||
echo "retrying to connect to selfserv at `date`"
|
||||
echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
|
||||
echo " -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}"
|
||||
${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
|
||||
-d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}
|
||||
if [ $? -ne 0 ]; then
|
||||
+ if [ -n "${ADJUST_FOR_POLICY}" ] && [ ${EXP} -eq 0 ]; then
|
||||
+ html_passed "Server never started"
|
||||
+ else
|
||||
html_failed "Waiting for Server"
|
||||
+ fi
|
||||
fi
|
||||
fi
|
||||
is_selfserv_alive
|
||||
}
|
||||
|
||||
########################### kill_selfserv ##############################
|
||||
# local shell function to kill the selfserver after the tests are done
|
||||
########################################################################
|
||||
@@ -208,28 +224,35 @@
|
||||
[ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1" ] ; then
|
||||
ECC_OPTIONS="-e ${HOSTADDR}-ec"
|
||||
else
|
||||
ECC_OPTIONS=""
|
||||
fi
|
||||
if [ "$1" = "mixed" ]; then
|
||||
ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
|
||||
fi
|
||||
+
|
||||
+ if [ -n "${ADJUST_FOR_POLICY}" ]; then
|
||||
+ VMIN_OPT="-V tls1.0:"
|
||||
+ else
|
||||
+ VMIN_OPT=""
|
||||
+ fi
|
||||
+
|
||||
echo "selfserv starting at `date`"
|
||||
echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
|
||||
echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
|
||||
- echo " $verbose -H 1 &"
|
||||
+ echo " $verbose -H 1 ${VMIN_OPT} &"
|
||||
if [ ${fileout} -eq 1 ]; then
|
||||
${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
|
||||
${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
|
||||
- > ${SERVEROUTFILE} 2>&1 &
|
||||
+ ${VMIN_OPT}> ${SERVEROUTFILE} 2>&1 &
|
||||
RET=$?
|
||||
else
|
||||
${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
|
||||
- ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 &
|
||||
+ ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 ${VMIN_OPT} &
|
||||
RET=$?
|
||||
fi
|
||||
|
||||
# The PID $! returned by the MKS or Cygwin shell is not the PID of
|
||||
# the real background process, but rather the PID of a helper
|
||||
# process (sh.exe). MKS's kill command has a bug: invoking kill
|
||||
# on the helper process does not terminate the real background
|
||||
# process. Our workaround has been to have selfserv save its PID
|
||||
@@ -270,16 +293,21 @@
|
||||
VMAX="tls1.1"
|
||||
|
||||
exec < ${SSLCOV}
|
||||
while read ectype testmax param testname
|
||||
do
|
||||
echo "${testname}" | grep "EXPORT" > /dev/null
|
||||
EXP=$?
|
||||
|
||||
+ # trace these types of tests when build has policy enabled
|
||||
+ if [ -n "${ADJUST_FOR_POLICY}" ] && [ ${EXP} -eq 0 ]; then
|
||||
+ echo "$testname has legacy ciphers"
|
||||
+ fi
|
||||
+
|
||||
if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (ECC only)"
|
||||
elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$EXP" -eq 0 ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||
elif [ "`echo $ectype | cut -b 1`" != "#" ] ; then
|
||||
echo "$SCRIPTNAME: running $testname ----------------------------"
|
||||
VMAX="ssl3"
|
||||
if [ "$testmax" = "TLS10" ]; then
|
Loading…
Reference in New Issue