Bug 217538: Shared database support.
authorrrelyea%redhat.com
Mon, 16 Jul 2007 20:37:17 +0000
changeset 7939 15165ccea98530aea04bce3262312b955ff3a7b6
parent 7938 6f4ff2f3b65b2f8bfef65be838734962e34f9e91
child 7940 4a236d1ed1fd87ab05a142acaa5c612f69d69317
push idunknown
push userunknown
push dateunknown
bugs217538
Bug 217538: Shared database support. Shared database tests
security/nss/tests/all.sh
security/nss/tests/cert/cert.sh
security/nss/tests/cipher/cipher.sh
security/nss/tests/common/init.sh
security/nss/tests/smime/smime.sh
security/nss/tests/ssl/ssl.sh
--- a/security/nss/tests/all.sh
+++ b/security/nss/tests/all.sh
@@ -73,45 +73,154 @@
 #    and a completely common environment
 #
 # file tells the test suite that the output is going to a log, so any
 #  forked() children need to redirect their output to prevent them from
 #  being over written.
 #
 ########################################################################
 
+run_tests()
+{
+  for i in ${TESTS}
+    do
+      SCRIPTNAME=${i}.sh
+      if [ "$O_CRON" = "ON" ]
+      then
+        echo "Running tests for $i" >> ${LOGFILE}
+        echo "TIMESTAMP $i BEGIN: `date`" >> ${LOGFILE}
+        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file >> ${LOGFILE} 2>&1)
+        echo "TIMESTAMP $i END: `date`" >> ${LOGFILE}
+      else
+        echo "Running tests for $i" | tee -a ${LOGFILE}
+        echo "TIMESTAMP $i BEGIN: `date`" | tee -a ${LOGFILE}
+        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file 2>&1 | tee -a ${LOGFILE})
+        echo "TIMESTAMP $i END: `date`" | tee -a ${LOGFILE}
+      fi
+    done
+}
+
 LIBPKIX=
+NSS_DEFAULT_DB_TYPE="dbm"
 if [ -n "$BUILD_LIBPKIX_TESTS" ] ; then
     LIBPKIX=libpkix
 fi
 
 tests="cipher perf ${LIBPKIX} cert dbtests tools fips sdr crmf smime ssl ocsp"
 TESTS=${TESTS:-$tests}
 SCRIPTNAME=all.sh
 CLEANUP="${SCRIPTNAME}"
 cd `dirname $0`	# will cause problems if sourced 
 
 #all.sh should be the first one to try to source the init 
 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     cd common
     . ./init.sh
 fi
 
-for i in ${TESTS}
+# test the old DATABASE
+run_tests
+
+# 'reset' the databases to initial values
+echo "Reset databases to their initial values:" | tee -a ${LOGFILE}
+cd ${HOSTDIR}
+certutil -D -n objsigner -d alicedir 2>&1 | tee -a ${LOGFILE} 
+certutil -M -n FIPS_PUB_140_Test_Certificate -t "C,C,C" -d fips -f ${FIPSPWFILE} 2>&1 | tee -a ${LOGFILE} 
+certutil -L -d fips 2>&1 | tee -a ${LOGFILE} 
+rm -f smime/alicehello.env
+
+# test upgrade to the new database
+echo "nss" > ${PWFILE}
+TABLE_ARGS="bgcolor=pink"
+html_head "Legacy to shared Library update"
+dirs="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server SDR server serverCA tools/copydir"
+for i in $dirs
 do
-    SCRIPTNAME=${i}.sh
-    if [ "$O_CRON" = "ON" ]
-    then
-        echo "Running tests for $i" >> ${LOGFILE}
-        echo "TIMESTAMP $i BEGIN: `date`" >> ${LOGFILE}
-        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file >> ${LOGFILE} 2>&1)
-        echo "TIMESTAMP $i END: `date`" >> ${LOGFILE}
-    else
-        echo "Running tests for $i" | tee -a ${LOGFILE}
-        echo "TIMESTAMP $i BEGIN: `date`" | tee -a ${LOGFILE}
-        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file 2>&1 | tee -a ${LOGFILE})
-        echo "TIMESTAMP $i END: `date`" | tee -a ${LOGFILE}
-    fi
+   echo $i
+   if [ -d $i ]; then
+	echo "upgrading db $i"  | tee -a ${LOGFILE}
+	certutil -G -g 512 -d sql:$i -f ${PWFILE} -z ${NOISE_FILE} 2>&1 | tee -a ${LOGFILE} 
+	html_msg $? 0 "Upgrading $i"
+   else
+	echo "skipping db $i" | tee -a ${LOGFILE}
+	html_msg 0 0 "No directory $i"
+   fi
 done
 
+if [ -d fips ]; then
+   echo "upgrading db fips" | tee -a ${LOGFILE}
+   certutil -S -g 512 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2&>1 | tee -a ${LOGFILE}
+   html_msg $? 0 "Upgrading fips"
+   # remove our temp certificate we created in the fist token
+   certutil -F -n tmprsa -d sql:fips -f ${FIPSPWFILE} 2&>1 | tee -a ${LOGFILE}
+   certutil -L -d sql:fips 2&>1 | tee -a ${LOGFILE}
+fi
+
+html "</TABLE><BR>"
+
+NSS_DEFAULT_DB_TYPE="sql"
+export NSS_DEFAULT_DB_TYPE
+
+# run run the subset of tests with the upgraded database
+old_tests=${TESTS}
+TESTS="tools fips sdr crmf smime ssl ocsp"
+run_tests
+
+# test the new DATABASE
+TESTS=${old_tests}
+mkdir -p ${HOSTDIR}/sharedb
+saveHostDIR=${HOSTDIR}
+
+# need a function in init.sh to rebase the directories!
+HOSTDIR=${HOSTDIR}/sharedb
+
+TMP=${HOSTDIR}
+TEMP=${TMP}
+TMPDIR=${TMP}
+
+CADIR=${HOSTDIR}/CA
+SERVERDIR=${HOSTDIR}/server
+CLIENTDIR=${HOSTDIR}/client
+ALICEDIR=${HOSTDIR}/alicedir
+BOBDIR=${HOSTDIR}/bobdir
+DAVEDIR=${HOSTDIR}/dave
+EVEDIR=${HOSTDIR}/eve
+FIPSDIR=${HOSTDIR}/fips
+DBPASSDIR=${HOSTDIR}/dbpass
+ECCURVES_DIR=${HOSTDIR}/eccurves
+
+SERVER_CADIR=${HOSTDIR}/serverCA
+CLIENT_CADIR=${HOSTDIR}/clientCA
+EXT_SERVERDIR=${HOSTDIR}/ext_server
+EXT_CLIENTDIR=${HOSTDIR}/ext_client
+
+IOPR_CADIR=${HOSTDIR}/CA_iopr
+IOPR_SERVERDIR=${HOSTDIR}/server_iopr
+IOPR_CLIENTDIR=${HOSTDIR}/client_iopr
+
+P_SERVER_CADIR=${SERVER_CADIR}
+P_CLIENT_CADIR=${CLIENT_CADIR}
+
+CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
+
+PWFILE=${TMP}/tests.pw.$$
+NOISE_FILE=${TMP}/tests_noise.$$
+CORELIST_FILE=${TMP}/clist.$$
+
+FIPSPWFILE=${TMP}/tests.fipspw.$$
+FIPSBADPWFILE=${TMP}/tests.fipsbadpw.$$
+FIPSP12PWFILE=${TMP}/tests.fipsp12pw.$$
+
+echo "fIps140" > ${FIPSPWFILE}
+echo "fips104" > ${FIPSBADPWFILE}
+echo "pKcs12fips140" > ${FIPSP12PWFILE}
+
+
+# run the tests for native sharedb support
+TABLE_ARGS="bgcolor=yellow"
+html_head "Testing with shared Library"
+html "</TABLE><BR>"
+run_tests
+
+
 SCRIPTNAME=all.sh
 
 . ${QADIR}/common/cleanup.sh
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -134,22 +134,22 @@ noise()
 certu()
 {
     echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
 
     if [ -n "${CU_SUBJECT}" ]; then
         #the subject of the cert contains blanks, and the shell 
         #will strip the quotes off the string, if called otherwise...
         echo "certutil -s \"${CU_SUBJECT}\" $*"
-        certutil -s "${CU_SUBJECT}" $*
+        ${PROFTOOL} certutil -s "${CU_SUBJECT}" $*
         RET=$?
         CU_SUBJECT=""
     else
         echo "certutil $*"
-        certutil $*
+        ${PROFTOOL} certutil $*
         RET=$?
     fi
     if [ "$RET" -ne 0 ]; then
         CERTFAILED=$RET
         html_failed "<TR><TD>${CU_ACTION} ($RET) " 
         cert_log "ERROR: ${CU_ACTION} failed $RET"
     else
         html_passed "<TR><TD>${CU_ACTION}"
@@ -163,17 +163,17 @@ certu()
 # stdout, sets variable RET and writes results to the html file results
 ########################################################################
 crlu()
 {
     echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
     
     CRLUTIL="crlutil -q"
     echo "$CRLUTIL $*"
-    $CRLUTIL $*
+    ${PROFTOOL} $CRLUTIL $*
     RET=$?
     if [ "$RET" -ne 0 ]; then
         CRLFAILED=$RET
         html_failed "<TR><TD>${CU_ACTION} ($RET) " 
         cert_log "ERROR: ${CU_ACTION} failed $RET"
     else
         html_passed "<TR><TD>${CU_ACTION}"
     fi
@@ -1302,16 +1302,43 @@ EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_2}-ec
   fi
 
   ########### Creating second CRL which includes groups 1, 2 and 3 ##############
   CRL_GRP_END=`expr ${CRL_GRP_3_BEGIN} + ${CRL_GRP_3_RANGE} - 1`
   CRL_FILE_GRP_3=${R_SERVERDIR}/root.crl_${CRL_GRP_3_BEGIN}-${CRL_GRP_END}
 
+#################
+# Verify the we can successfully change the password on the database
+#
+cert_test_password()
+{
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Create A Password Test Cert  =============="
+  cert_init_cert "${DBPASSDIR}" "Password Test Cert" 1000 "${D_DBPASSDIR}"
+
+  echo "$SCRIPTNAME: Create A Password Test Ca  --------"
+  ALL_CU_SUBJECT="CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  cert_CA ${DBPASSDIR} PasswordCA -x "CTu,CTu,CTu" ${D_DBPASS} "1"
+
+  # now change the password
+  CU_ACTION="Changing password on ${CERTNAME}'s Cert DB"
+  certu -W -d "${PROFILEDIR}" -f "${R_PWFILE}" -@ "${R_FIPSPWFILE}" 2>&1
+
+  # finally make sure we can use the old key with the new password
+  CU_ACTION="Generate Certificate for ${CERTNAME} with new password"
+  CU_SUBJECT="CN=${CERTNAME}, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -S -n PasswordCert -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -z "${R_NOISE_FILE}" 2>&1
+  if [ "$RET" -eq 0 ]; then
+    cert_log "SUCCESS: PASSORD passed"
+  fi
+}
+
+
   echo "$SCRIPTNAME: Creating CA CRL for groups 1, 2 and 3  ==============="
   sleep 2
   CRLUPDATE=`date "+%Y%m%d%H%M%SZ"`
   CRL_GRP_DATE=`date "+%Y%m%d%H%M%SZ"`
   CU_ACTION="Creating CRL for groups 1, 2 and 3"
   crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3} \
             -i ${CRL_FILE_GRP_2} <<EOF_CRLINI
 update=$CRLUPDATE
@@ -1337,16 +1364,17 @@ EOF_CRLINI
   ############ Importing Server CA Issued CRL for certs of first group #######
 
   echo "$SCRIPTNAME: Importing Server CA Issued CRL for certs ${CRL_GRP_BEGIN} trough ${CRL_GRP_END}"
   CU_ACTION="Importing CRL for groups 1"
   crlu -D -n TestCA  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   if [ -n "$NSS_ENABLE_ECC" ] ; then
+cert_test_password
       CU_ACTION="Importing CRL (ECC) for groups 1"
       crlu -D -n TestCA-ec  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
       crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
 	  -d "${R_SERVERDIR}"
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   fi
 
   if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
--- a/security/nss/tests/cipher/cipher.sh
+++ b/security/nss/tests/cipher/cipher.sh
@@ -97,17 +97,17 @@ cipher_main()
           inOff=0
           res=0
           while [ $inOff -lt 8 ]
           do
              outOff=0
              while [ $outOff -lt 8 ]
              do
                  echo "bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff"
-                 bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
+                 ${PROFTOOL} bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
                  if [ $? -ne 0 ]; then
                      failedStr="$failedStr[$inOff:$outOff]"
                  fi
                  outOff=`expr $outOff + 1`
              done
              inOff=`expr $inOff + 1`
           done
           if [ -n "$failedStr" ]; then
--- a/security/nss/tests/common/init.sh
+++ b/security/nss/tests/common/init.sh
@@ -137,17 +137,18 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
             echo "$*. Core file is detected."
             html "$* ${HTML_FAILED_CORE}"
             return 1
         fi
         return 0
     }
     html_head()
     {
-        html "<TABLE BORDER=1><TR><TH COLSPAN=3>$*</TH></TR>"
+	
+        html "<TABLE BORDER=1 ${TABLE_ARGS}><TR><TH COLSPAN=3>$*</TH></TR>"
         html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" 
         echo "$SCRIPTNAME: $* ==============================="
     }
     html_msg()
     {
         if [ "$1" -ne "$2" ] ; then
             html_failed "<TR><TD>$3"
             if [ -n "$4" ] ; then
@@ -158,16 +159,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
             if [ -n "$4" ] ; then
                 echo "$SCRIPTNAME: $3 $4 PASSED"
             fi
         fi
     }
     HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
     HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
     HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
+    TABLE_ARGS=
 
 
 #directory name init
     SCRIPTNAME=init.sh
 
     mozilla_root=`(cd ../../../..; pwd)`
     MOZILLA_ROOT=${MOZILLA_ROOT-$mozilla_root}
 
@@ -385,16 +387,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
     CADIR=${HOSTDIR}/CA
     SERVERDIR=${HOSTDIR}/server
     CLIENTDIR=${HOSTDIR}/client
     ALICEDIR=${HOSTDIR}/alicedir
     BOBDIR=${HOSTDIR}/bobdir
     DAVEDIR=${HOSTDIR}/dave
     EVEDIR=${HOSTDIR}/eve
     FIPSDIR=${HOSTDIR}/fips
+    DBPASSDIR=${HOSTDIR}/dbpass
     ECCURVES_DIR=${HOSTDIR}/eccurves
 
     SERVER_CADIR=${HOSTDIR}/serverCA
     CLIENT_CADIR=${HOSTDIR}/clientCA
     EXT_SERVERDIR=${HOSTDIR}/ext_server
     EXT_CLIENTDIR=${HOSTDIR}/ext_client
 
     IOPR_CADIR=${HOSTDIR}/CA_iopr
@@ -419,16 +422,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
     D_BOB="Bob.$version"
     D_DAVE="Dave.$version"
     D_EVE="Eve.$version"
     D_SERVER_CA="ServerCA.$version"
     D_CLIENT_CA="ClientCA.$version"
     D_SERVER="Server.$version"
     D_CLIENT="Client.$version"
     D_FIPS="FIPS.$version"
+    D_DBPASS="DBPASS.$version"
     D_ECCURVES="ECCURVES.$version"
     D_EXT_SERVER="ExtendedServer.$version"
     D_EXT_CLIENT="ExtendedClient.$version"
     D_CERT_EXTENSTIONS="CertExtensions.$version"
 
     # we need relative pathnames of these files abd directories, since our 
     # tools can't handle the unix style absolut pathnames on cygnus
 
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -92,88 +92,88 @@ smime_init()
 
 smime_sign()
 {
   HASH_CMD="-H ${HASH}"
   SIG=sig.${HASH}
 
   echo "$SCRIPTNAME: Signing Detached Message {$HASH} ------------------"
   echo "cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}"
-  cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
+  ${PROFTOOL} cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
   html_msg $? 0 "Create Detached Signature Alice (${HASH})" "."
 
   echo "cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
-  cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+  ${PROFTOOL} cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
   html_msg $? 0 "Verifying Alice's Detached Signature (${HASH})" "."
 
   echo "$SCRIPTNAME: Signing Attached Message (${HASH}) ------------------"
   echo "cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}"
-  cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
+  ${PROFTOOL} cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
   html_msg $? 0 "Create Attached Signature Alice (${HASH})" "."
 
   echo "cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}"
-  cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
+  ${PROFTOOL} cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
   html_msg $? 0 "Decode Alice's Attached Signature (${HASH})" "."
 
   echo "diff alice.txt alice.data.${HASH}"
   diff alice.txt alice.data.${HASH}
   html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
 
 # Test ECDSA signing for all hash algorithms.
   if [ -n "$NSS_ENABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
       echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
-      cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
+      ${PROFTOOL} cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
       html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
 
       echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
-      cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+      ${PROFTOOL} cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
       html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
 
       echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
       echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
-      cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
+      ${PROFTOOL} cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
       html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
 
       echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
-      cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
+      ${PROFTOOL} cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
       html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
 
       echo "diff alice.txt alice-ec.data.${HASH}"
       diff alice.txt alice-ec.data.${HASH}
       html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
   fi
 
 }
 
 
 
 smime_p7()
 {
   echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
   echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
-  p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
+  ${PROFTOOL} p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
   html_msg $? 0 "Creating envelope for user Alice" "."
 
   echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
-  p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
+  ${PROFTOOL} p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
   html_msg $? 0 "Verifying file delivered to user Alice" "."
 
   sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
 
   echo "diff alice.txt alice_p7.data.sed"
   diff alice.txt alice_p7.data.sed
   html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
 
   echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
-  p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
+  ${PROFTOOL} p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
   html_msg $? 0 "Signing file for user Alice" "."
 
   echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
-  p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
+  ${PROFTOOL} p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
   html_msg $? 0 "Verifying file delivered to user Alice" "."
 }
 
 ############################## smime_main ##############################
 # local shell function to test basic signed and enveloped messages 
 # from 1 --> 2"
 ########################################################################
 smime_main()
@@ -186,91 +186,91 @@ smime_main()
   HASH=SHA384
   smime_sign
   HASH=SHA512
   smime_sign
 
   echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------"
   echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
   echo "        -o alice.env"
-  cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
+  ${PROFTOOL} cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
   html_msg $? 0 "Create Enveloped Data Alice" "."
 
   echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
-  cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
+  ${PROFTOOL} cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
   html_msg $? 0 "Decode Enveloped Data Alice" "."
 
   echo "diff alice.txt alice.data1"
   diff alice.txt alice.data1
   html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
 
   # multiple recip
   echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
   echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
   echo "        -r bob@bogus.com,dave@bogus.com"
-  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
+  ${PROFTOOL} cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
           -r bob@bogus.com,dave@bogus.com
   ret=$?
   html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "."
   if [ $ret != 0 ] ; then
 	echo "certutil -L -d ${P_R_ALICEDIR}"
 	certutil -L -d ${P_R_ALICEDIR}
 	echo "certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com"
 	certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com
   fi
 
   echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
   echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
   echo "        -r eve@bogus.net"
-  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
+  ${PROFTOOL} cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
           -r eve@bogus.net
   ret=$?
   html_msg $ret 0 "Encrypt to a Multiple Email cert" "."
 
   echo "cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2"
-  cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
+  ${PROFTOOL} cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
   html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Bob" "."
 
   echo "cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3"
-  cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
+  ${PROFTOOL} cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
   html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Dave" "."
 
   echo "cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4"
-  cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
+  ${PROFTOOL} cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
   html_msg $? 0 "Decrypt with a Multiple Email cert" "."
 
   diff alice.txt alice.data2
   html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Bob" "."
 
   diff alice.txt alice.data3
   html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Dave" "."
 
   diff alice.txt alice.data4
   html_msg $? 0 "Compare Decoded with Multiple Email cert" "."
   
   echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------"
   echo "cmsutil -O -r \"Alice,bob@bogus.com,dave@bogus.com\" \\"
   echo "        -d ${P_R_ALICEDIR} > co.der"
-  cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
+  ${PROFTOOL} cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
   html_msg $? 0 "Create Certs-Only Alice" "."
 
   echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}"
-  cmsutil -D -i co.der -d ${P_R_BOBDIR}
+  ${PROFTOOL} cmsutil -D -i co.der -d ${P_R_BOBDIR}
   html_msg $? 0 "Verify Certs-Only by CA" "."
 
   echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------"
   echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\"
   echo "        -r \"bob@bogus.com\" > alice.enc"
-  cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
+  ${PROFTOOL} cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
           -r "bob@bogus.com" > alice.enc
   html_msg $? 0 "Create Encrypted-Data" "."
 
   echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\"
   echo "        -o alice.data2"
-  cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
+  ${PROFTOOL} cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
   html_msg $? 0 "Decode Encrypted-Data" "."
 
   diff alice.txt alice.data2
   html_msg $? 0 "Compare Decoded and Original Data" "."
 }
   
 ############################## smime_cleanup ###########################
 # local shell function to finish this script (no exit since it might be
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@@ -231,21 +231,21 @@ start_selfserv()
   fi
   if [ "$1" = "mixed" ]; then
       ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
   fi
   echo "selfserv starting at `date`"
   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
   echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
   if [ ${fileout} -eq 1 ]; then
-      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+      ${PROFTOOL} selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
                ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose \
                > ${SERVEROUTFILE} 2>&1 &
   else
-      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+      ${PROFTOOL} selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
                ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &
   fi
   # The PID $! returned by the MKS or Cygwin shell is not the PID of
   # the real background process, but rather the PID of a helper
   # process (sh.exe).  MKS's kill command has a bug: invoking kill
   # on the helper process does not terminate the real background
   # process.  Our workaround has been to have selfserv save its PID
   # in the ${SERVERPID} file and "kill" that PID instead.  But this
@@ -328,17 +328,17 @@ ssl_cov()
               mixed=0
             fi
           fi
 
           echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
           echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} -f \
+          ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} -f \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
           html_msg $ret 0 "${testname}" \
                    "produced a returncode of $ret, expected is 0"
       fi
@@ -361,17 +361,17 @@ ssl_auth()
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$ectype" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           start_selfserv
 
           echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} ${CLIENT_OPTIONS} \
+          ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} ${CLIENT_OPTIONS} \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
 
           html_msg $ret $value "${testname}" \
                    "produced a returncode of $ret, expected is $value"
@@ -417,17 +417,17 @@ ssl_stress()
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
               ps -ef | grep selfserv
           fi
 
           echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \\"
           echo "         $verbose ${HOSTADDR}"
           echo "strsclnt started at `date`"
-          strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
+          ${PROFTOOL} strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
                    $verbose ${HOSTADDR}
           ret=$?
           echo "strsclnt completed at `date`"
           html_msg $ret $value \
                    "${testname}" \
                    "produced a returncode of $ret, expected is $value. "
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
@@ -486,17 +486,17 @@ ssl_crl_ssl()
 	  TEMP_NUM=`expr $TEMP_NUM + 1`
 	  USER_NICKNAME="TestUser${CURR_SER_NUM}"
 	  cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
 	  start_selfserv
 	  
 	  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
 	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-	  tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+	  ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
 	      -d ${R_CLIENTDIR} < ${REQUEST_FILE} \
 	      >${TMP}/$HOST.tmp.$$  2>&1
 	  ret=$?
 	  cat ${TMP}/$HOST.tmp.$$ 
 	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
 	  if [ $CURR_SER_NUM -ne $UNREVOKED_CERT ]; then
 	      modvalue=$rev_modvalue
               testAddMsg="revoked"
@@ -583,17 +583,17 @@ load_group_crl() {
         echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
 
         echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
         echo "          -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
         echo "Request:"
         echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
         echo ""
         echo "RELOAD time $i"
-        tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
+        ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
             -d ${R_CLIENTDIR} -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
 	    >${OUTFILE_TMP}  2>&1 <<_EOF_REQUEST_
 GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
 
 _EOF_REQUEST_
         cat ${OUTFILE_TMP}
         grep "CRL ReCache Error" ${OUTFILE_TMP}
         if [ $? -eq 0 ]; then
@@ -670,17 +670,17 @@ ssl_crl_cache()
             TEMP_NUM=`expr $TEMP_NUM + 1`
             USER_NICKNAME="TestUser${CURR_SER_NUM}"
             cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
 
             echo "Server Args: $SERV_ARG"
             echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
             echo "        ${cparam}  < ${REQUEST_FILE}"
             rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-            tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+            ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
 	        -d ${R_CLIENTDIR} < ${REQUEST_FILE} \
                 >${TMP}/$HOST.tmp.$$  2>&1
             ret=$?
             cat ${TMP}/$HOST.tmp.$$ 
             rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
             is_revoked ${CURR_SER_NUM} ${LOADED_GRP}
             isRevoked=$?
             if [ $isRevoked -eq 0 ]; then
@@ -778,17 +778,16 @@ ssl_run()
 
 ################## main #################################################
 
 #this script may be sourced from the distributed stress test - in this case do nothing...
 
 CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz"
 CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz"
 
-
 if [ -z  "$DO_REM_ST" -a -z  "$DO_DIST_ST" ] ; then
 
     ssl_init
 
     # save the directories as setup by init.sh
     ORIG_SERVERDIR=$SERVERDIR
     ORIG_CLIENTDIR=$CLIENTDIR
     ORIG_R_SERVERDIR=$R_SERVERDIR