tests/iopr/ssl_iopr.sh
author Martin Thomson <martin.thomson@gmail.com>
Thu, 06 Oct 2016 00:00:32 +1100
changeset 12685 2d463826e09ac3cd8dafc4c9510c1bd81b16b115
parent 10685 6c43fe3ab5dd41803bbd6705979f73275d7668f6
child 11765 653076b2a38b8260df4dad443e701559657c9043
permissions -rw-r--r--
Bug 1307772 - Require that the server use the draft version, r=ekr

#! /bin/bash
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

########################################################################
#
# mozilla/security/nss/tests/iopr/ssl_iopr.sh
#
# NSS SSL interoperability QA. This file is included from ssl.sh
#
# needs to work on all Unix and Windows platforms
#
# special strings
# ---------------
#   FIXME ... known problems, search for this string
#   NOTE .... unexpected behavior
########################################################################
IOPR_SSL_SOURCED=1

########################################################################
# The functions works with variables defined in interoperability 
# configuration file that was downloaded from a webserver.
# It tries to find unrevoked cert based on value of variable
# "SslClntValidCertName" defined in the configuration file.
# Params NONE.
# Returns 0 if found, 1 otherwise.
#
setValidCert() {
    testUser=$SslClntValidCertName
    [ -z "$testUser" ] && return 1
    return 0
}

########################################################################
# The funtions works with variables defined in interoperability 
# configuration file that was downloaded from a webserver.
# The function sets port, url, param and description test parameters
# that was defind for a particular type of testing.
# Params:
#      $1 - supported types of testing. Currently have maximum
#           of two: forward and reverse. But more can be defined. 
# No return value
#
setTestParam() {
    type=$1
    sslPort=`eval 'echo $'${type}Port`
    sslUrl=`eval 'echo $'${type}Url`
    testParam=`eval 'echo $'${type}Param`
    testDescription=`eval 'echo $'${type}Descr`
    [ -z "$sslPort" ] && sslPort=443
    [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
    [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
}


#######################################################################
# local shell function to perform SSL Cipher Suite Coverage tests
# in interoperability mode. Tests run against web server by using nss
# test client
# Params:
#      $1 - supported type of testing.
#      $2 - testing host
#      $3 - nss db location
# No return value
#  
ssl_iopr_cov_ext_server()
{
  testType=$1
  host=$2
  dbDir=$3

  setTestParam $testType
  if [ "`echo $testParam | grep NOCOV`" != "" ]; then
      echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
           "run by server configuration"
      return 0
  fi

  html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
      "$BYPASS_STRING $NORM_EXT): $testDescription"

  setValidCert; ret=$?
  if [ $ret -ne 0 ]; then
      html_failed "Fail to find valid test cert(ws: $host)" 
      return $ret
  fi

  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
  echo >> $SSL_REQ_FILE
  
  while read ecc tls param testname therest; do
      [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
          "$ecc" = "ECC" ] && continue; 
      
      echo "$SCRIPTNAME: running $testname ----------------------------"
      TLS_FLAG=-T
      if [ "$tls" = "TLS" ]; then
          TLS_FLAG=""
      fi
      
      resFile=${TMP}/$HOST.tmpRes.$$
      rm $resFile 2>/dev/null
      
      echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
      echo "      -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\"
      echo "      -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
      
      ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \
          ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \
          -d ${dbDir} < ${SSL_REQ_FILE} >$resFile  2>&1
      ret=$?
      grep "ACCESS=OK" $resFile
      test $? -eq 0 -a $ret -eq 0
      ret=$?
      [ $ret -ne 0 ] && cat $resFile
      rm -f $resFile 2>/dev/null
      html_msg $ret 0 "${testname}"
  done < ${SSLCOV}
  rm -f $SSL_REQ_FILE 2>/dev/null

  html "</TABLE><BR>"
}

#######################################################################
# local shell function to perform SSL  Client Authentication tests
# in interoperability mode. Tests run against web server by using nss
# test client
# Params:
#      $1 - supported type of testing.
#      $2 - testing host
#      $3 - nss db location
# No return value
#  
ssl_iopr_auth_ext_server()
{
  testType=$1
  host=$2
  dbDir=$3

  setTestParam $testType
  if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
      echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
           "run by server configuration"
      return 0
  fi

  html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
             $testDescription"

  setValidCert;ret=$?
  if [ $ret -ne 0 ]; then
      html_failed "Fail to find valid test cert(ws: $host)" 
      return $ret
  fi

  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
  echo >> $SSL_REQ_FILE
  
  SSLAUTH_TMP=${TMP}/authin.tl.tmp
  grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}

  while read ecc value sparam cparam testname; do
      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;

      cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
      
      echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
      echo "         -d ${dbDir} -v < ${SSL_REQ_FILE}"
      
      resFile=${TMP}/$HOST.tmp.$$
      rm $rsFile 2>/dev/null

      ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
          -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile  2>&1
      ret=$?
      grep "ACCESS=OK" $resFile
      test $? -eq 0 -a $ret -eq 0
      ret=$?
      [ $ret -ne 0 ] && cat $resFile
      rm $resFile 2>/dev/null
      
      html_msg $ret $value "${testname}. Client params: $cparam"\
          "produced a returncode of $ret, expected is $value"
  done < ${SSLAUTH_TMP}
  rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}

  html "</TABLE><BR>"
}

########################################################################
# local shell function to perform SSL interoperability test with/out
# revoked certs tests. Tests run against web server by using nss
# test client
# Params:
#      $1 - supported type of testing.
#      $2 - testing host
#      $3 - nss db location
# No return value
#  
ssl_iopr_crl_ext_server()
{
  testType=$1
  host=$2
  dbDir=$3

  setTestParam $testType
  if [ "`echo $testParam | grep NOCRL`" != "" ]; then
      echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
           "run by server configuration"
      return 0
  fi

  html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
  
  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
  echo >> $SSL_REQ_FILE
  
  SSLAUTH_TMP=${TMP}/authin.tl.tmp
  grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
      grep -v none > ${SSLAUTH_TMP}

  while read ecc value sparam _cparam testname; do
      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;

      rev_modvalue=254
      for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
          cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
	  
          echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
          echo "        -f -d ${dbDir} -v ${cparam}  < ${SSL_REQ_FILE}"
          resFile=${TMP}/$HOST.tmp.$$
          rm -f $resFile 2>/dev/null
          ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
              -d ${dbDir} -v < ${SSL_REQ_FILE} \
              > $resFile  2>&1
          ret=$?
          grep "ACCESS=OK" $resFile
          test $? -eq 0 -a $ret -eq 0
          ret=$?
          [ $ret -ne 0 ] && ret=$rev_modvalue;
          [ $ret -ne 0 ] && cat $resFile
          rm -f $resFile 2>/dev/null

          if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
              modvalue=$rev_modvalue
              testAddMsg="revoked"
          else
              testAddMsg="not revoked"
              modvalue=$value
          fi
          html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
              "produced a returncode of $ret, expected is $modvalue"
      done
  done < ${SSLAUTH_TMP}
  rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
  
  html "</TABLE><BR>"
}


########################################################################
# local shell function to perform SSL Cipher Coverage tests of nss server
# by invoking remote test client on web server side.
# Invoked only if reverse testing is supported by web server.
# Params:
#      $1 - remote web server host
#      $2 - open port to connect to invoke CGI script
#      $3 - host where selfserv is running(name of the host nss tests
#           are running)
#      $4 - port where selfserv is running
#      $5 - selfserv nss db location
# No return value
#  
ssl_iopr_cov_ext_client()
{
  host=$1
  port=$2
  sslHost=$3
  sslPort=$4
  serDbDir=$5

  html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"

  setValidCert
  ret=$?
  if [ $res -ne 0 ]; then
      html_failed "Fail to find valid test cert(ws: $host)" 
      return $ret
  fi

  # P_R_SERVERDIR switch require for selfserv to work.
  # Will be restored after test
  OR_P_R_SERVERDIR=$P_R_SERVERDIR
  P_R_SERVERDIR=$serDbDir
  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
  P_R_CLIENTDIR=$serDbDir
  testname=""
  sparam="-vvvc ABCDEFcdefgijklmnvyz"
  # Launch the server
  start_selfserv 
  
  while read ecc tls param cipher therest; do
      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
      echo "============= Beginning of the test ===================="
      echo
      
      is_selfserv_alive
      
      TEST_IN=${TMP}/${HOST}_IN.tmp.$$
      TEST_OUT=${TMP}/$HOST.tmp.$$
      rm -f $TEST_IN $TEST_OUT 2>/dev/null
      
      echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
      echo >> $TEST_IN
      
      echo "------- Request ----------------------"
      cat $TEST_IN
      echo "------- Command ----------------------"
      echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
          -h $host \< $TEST_IN \>\> $TEST_OUT

      ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
          -h $host <$TEST_IN > $TEST_OUT 

      echo "------- Server output Begin ----------"
      cat $TEST_OUT
      echo "------- Server output End   ----------"
      
      echo "Checking for errors in log file..."
      grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
      if [ $? -eq 0 ]; then
          grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
          if [ $? -eq 0 ]; then
              echo "Skiping test: no support for the cipher $cipher on server side"
              continue
          fi
          
          grep -i "SERVER ERROR:" $TEST_OUT
          ret=$?
          if [ $ret -eq 0 ]; then
              echo "Found problems. Reseting exit code to failure."
              
              ret=1
          else
              ret=0
          fi
      else
          echo "Script was not executed. Reseting exit code to failure."
          ret=11
      fi
      
      html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
          " produced a returncode of $ret, expected is 0"
      rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
  done < ${SSLCOV}
  kill_selfserv
  
  P_R_SERVERDIR=$OR_P_R_SERVERDIR
  P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
  
  rm -f ${TEST_IN} ${TEST_OUT}
  html "</TABLE><BR>"
}

########################################################################
# local shell function to perform SSL Authentication tests of nss server
# by invoking remove test client on web server side
# Invoked only if reverse testing is supported by web server.
# Params:
#      $1 - remote web server host
#      $2 - open port to connect to invoke CGI script
#      $3 - host where selfserv is running(name of the host nss tests
#           are running)
#      $4 - port where selfserv is running
#      $5 - selfserv nss db location
# No return value
#  
ssl_iopr_auth_ext_client()
{
  host=$1
  port=$2
  sslHost=$3
  sslPort=$4
  serDbDir=$5

  html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"

  setValidCert
  ret=$?
  if [ $res -ne 0 ]; then
      html_failed "Fail to find valid test cert(ws: $host)" 
      return $ret
  fi

  OR_P_R_SERVERDIR=$P_R_SERVERDIR
  P_R_SERVERDIR=${serDbDir}
  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
  P_R_CLIENTDIR=${serDbDir}

  SSLAUTH_TMP=${TMP}/authin.tl.tmp

  grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}

  while read ecc value sparam cparam testname; do
      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;

      echo "Server params: $sparam"
      sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
      start_selfserv
      
      TEST_IN=${TMP}/$HOST_IN.tmp.$$
      TEST_OUT=${TMP}/$HOST.tmp.$$
      rm -f $TEST_IN $TEST_OUT 2>/dev/null

      echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
      echo >> $TEST_IN
      
      echo "------- Request ----------------------"
      cat $TEST_IN
      echo "------- Command ----------------------"
      echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
          -h $host \< $TEST_IN \>\> $TEST_OUT
      
      ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
          -h $host <$TEST_IN > $TEST_OUT 
      
      echo "------- Server output Begin ----------"
      cat $TEST_OUT
      echo "------- Server output End   ----------"

      echo "Checking for errors in log file..."
      grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
      if [ $? -eq 0 ]; then
          echo "Checking for error in log file..."
          grep -i "SERVER ERROR:" $TEST_OUT
          ret=$?
          if [ $ret -eq 0 ]; then
              echo "Found problems. Reseting exit code to failure."
              ret=1
          else
              ret=0
          fi
      else
          echo "Script was not executed. Reseting exit code to failure."
          ret=11
      fi
      
      html_msg $ret $value "${testname}. Server params: $sparam"\
          "produced a returncode of $ret, expected is $value"
      kill_selfserv
      rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
  done < ${SSLAUTH_TMP}

  P_R_SERVERDIR=$OR_P_R_SERVERDIR
  P_R_CLIENTDIR=$OR_P_R_CLIENTDIR

  rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
  html "</TABLE><BR>"
}

#########################################################################
# local shell function to perform SSL CRL testing of nss server
# by invoking remote test client on web server side
# Invoked only if reverse testing is supported by web server.
# Params:
#      $1 - remote web server host
#      $2 - open port to connect to invoke CGI script
#      $3 - host where selfserv is running(name of the host nss tests
#           are running)
#      $4 - port where selfserv is running
#      $5 - selfserv nss db location
# No return value
#  
ssl_iopr_crl_ext_client()
{
  host=$1
  port=$2
  sslHost=$3
  sslPort=$4
  serDbDir=$5

  html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
  
  OR_P_R_SERVERDIR=$P_R_SERVERDIR
  P_R_SERVERDIR=${serDbDir}
  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
  P_R_CLIENTDIR=$serDbDir

  SSLAUTH_TMP=${TMP}/authin.tl.tmp
  grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}

  while read ecc value sparam _cparam testname; do
      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
      sparam="$sparam  -vvvc ABCDEFcdefgijklmnvyz"
      start_selfserv

      for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
	  
          is_selfserv_alive
          
          TEST_IN=${TMP}/${HOST}_IN.tmp.$$
          TEST_OUT=${TMP}/$HOST.tmp.$$
          rm -f $TEST_IN $TEST_OUT 2>/dev/null

          echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
          echo >> $TEST_IN
          
          echo "------- Request ----------------------"
          cat $TEST_IN
          echo "------- Command ----------------------"
          echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
              -h ${host} \< $TEST_IN \>\> $TEST_OUT
            
          ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
              -h ${host} <$TEST_IN > $TEST_OUT 
          echo "------- Request ----------------------"
          cat $TEST_IN
          echo "------- Server output Begin ----------"
          cat $TEST_OUT
          echo "------- Server output End   ----------"
          
          echo "Checking for errors in log file..."
          grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
          if [ $? -eq 0 ]; then
              grep -i "SERVER ERROR:" $TEST_OUT
              ret=$?
              if [ $ret -eq 0 ]; then
                  echo "Found problems. Reseting exit code to failure."
                  ret=1
              else
                  ret=0
              fi
          else
              echo "Script was not executed. Reseting exit code to failure."
              ret=11
          fi
          
          if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
              modvalue=1
              testAddMsg="revoked"
          else
              testAddMsg="not revoked"
              modvalue=0
          fi
          
          html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
		"produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
          rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
      done
      kill_selfserv
  done < ${SSLAUTH_TMP}

  P_R_SERVERDIR=$OR_P_R_SERVERDIR
  P_R_CLIENTDIR=$OR_P_R_CLIENTDIR

  rm -f ${SSLAUTH_TMP}
  html "</TABLE><BR>"
}

#####################################################################
# Initial point for running ssl test againt multiple hosts involved in
# interoperability testing. Called from nss/tests/ssl/ssl.sh
# It will only proceed with test run for a specific host if environment variable 
# IOPR_HOSTADDR_LIST was set, had the host name in the list
# and all needed file were successfully downloaded and installed for the host.
#
# Returns 1 if interoperability testing is off, 0 otherwise. 
#
ssl_iopr_run() {
    if [ "$IOPR" -ne 1 ]; then
        return 1
    fi
    cd ${CLIENTDIR}
    
    ORIG_ECC_CERT=${NO_ECC_CERTS}
    NO_ECC_CERTS=1 # disable ECC for interoperability tests

    NSS_SSL_ENABLE_RENEGOTIATION=u
    export NSS_SSL_ENABLE_RENEGOTIATION

    num=1
    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
    while [ "$IOPR_HOST_PARAM" ]; do
        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
        IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
        [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
        
        . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
        RES=$?
        
        if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
            num=`expr $num + 1`
            IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
            continue
        fi
        
        #=======================================================
        # Check if server is capable to run ssl tests
        #
        [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;

        # Testing directories defined by webserver.
        echo "Testing ssl interoperability.
                Client: local(tstclnt).
                Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
        
        for sslTestType in ${supportedTests_new}; do
            if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
                continue
            fi
            ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
            ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
            ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
        done
        
        
        # Testing selfserv with client located at the webserver.
        echo "Testing ssl interoperability.
                Client: remote($IOPR_HOSTADDR:$PORT)
                Server: local(selfserv)"
        ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
        ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
        ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
        echo "================================================"
        echo "Done testing interoperability with $IOPR_HOSTADDR"
        num=`expr $num + 1`
        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
    done
    NO_ECC_CERTS=${ORIG_ECC_CERTS}
    return 0
}