fixup commit for tag 'MOZILLA_1_9a5_RC2' NSS_3_11_BRANCH MOZILLA_1_9a5_RC2
authorcvs2hg
Thu, 26 Apr 2007 09:09:19 +0000
branchNSS_3_11_BRANCH
changeset 7764 f573db1947197a92c3b0fe46f165075b7a55bdb9
parent 7762 f65468c7d61d566a45408c698a53f10fac0e6cf7 (current diff)
parent 7763 6edf9a91199bac0148a93866375c05f87db4fd23 (diff)
child 7765 9287cd8ce872e8d04e5f3bfe53ee80b359daa704
push idunknown
push userunknown
push dateunknown
fixup commit for tag 'MOZILLA_1_9a5_RC2'
security/nss/tests/iopr/cert_iopr.sh
security/nss/tests/iopr/ocsp_iopr.sh
security/nss/tests/iopr/ssl_iopr.sh
security/nss/tests/ocsp/ocsp.sh
deleted file mode 100644
--- a/security/nss/tests/iopr/cert_iopr.sh
+++ /dev/null
@@ -1,420 +0,0 @@
-#! /bin/sh
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-########################################################################
-#
-# mozilla/security/nss/tests/iopr/cert_iopr.sh
-#
-# Certificate generating and handeling for NSS interoperability QA. This file
-# is included from cert.sh
-#
-# needs to work on all Unix and Windows platforms
-#
-# special strings
-# ---------------
-#   FIXME ... known problems, search for this string
-#   NOTE .... unexpected behavior
-#
-# FIXME - Netscape - NSS
-########################################################################
-
-IOPR_CERT_SOURCED=1
-
-########################################################################
-# function wraps calls to pk12util, also: writes action and options
-# to stdout. 
-# Params are the same as to pk12util.
-# Returns pk12util status
-#
-pk12u()
-{
-    echo "${CU_ACTION} --------------------------"
-
-    echo "pk12util $@"
-    pk12util $@
-    RET=$?
-
-    return $RET
-}
-
-########################################################################
-# Initializes nss db directory and files if they don't exists
-# Params:
-#      $1 - directory location
-#
-createDBDir() {
-    trgDir=$1
-
-    if [ -z "`ls $trgDir | grep db`" ]; then
-        CU_ACTION="Initializing DB at $dir"
-        certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1
-        if [ "$RET" -ne 0 ]; then
-            return $RET
-        fi
-    fi
-}
-########################################################################
-# takes care of downloading config, cert and crl files from remote
-# location. 
-# Params:
-#      $1 - name of the host file will be downloaded from
-#      $2 - path to the file as it appeared in url
-#      $3 - target directory the file will be saved at.
-# Returns tstclnt status.
-#
-download_file() {
-    host=$1
-    filePath=$2
-    trgDir=$3
-
-    file=$trgDir/`basename $filePath`
-
-    createDBDir $trgDir || return $RET
-
-#    echo wget -O $file http://${host}${filePath}
-#    wget -O $file http://${host}${filePath}
-#    ret=$?
-
-    req=$file.$$
-    echo "GET $filePath HTTP/1.0" > $req
-    echo >> $req
-
-    tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
-        -w ${R_PWFILE} -o < $req > $file
-    ret=$?
-    rm -f $_tmp;
-    return $ret
-}
-
-########################################################################
-# Uses pk12util, certutil of cerlutil to import files to an nss db located
-# at <dir>(the value of $1 parameter). Chooses a utility to use based on
-# a file extension. Initializing a db if it does not exists.
-# Params:
-#      $1 - db location directory
-#      $2 - file name to import
-#      $3 - nick name an object in the file will be associated with
-#      $4 - trust arguments 
-# Returns status of import
-#      
-importFile() {
-    dir=$1\
-    file=$2
-    certName=$3
-    certTrust=$4
-
-    [ ! -d $dir ] && mkdir -p $dir;
-
-    createDBDir $dir || return $RET
-            
-    case `basename $file | sed 's/^.*\.//'` in
-        p12)
-            CU_ACTION="Importing p12 $file to DB at $dir"
-            pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr
-            [ $? -ne 0 ] && return 1
-            CU_ACTION="Modifying trust for cert $certName at $dir"
-            certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}"
-            return $?
-            ;;
-        
-        crl) 
-            CU_ACTION="Importing crl $file to DB at $dir"
-            crlu -d ${dir} -I -n TestCA -i $file
-            return $?
-            ;;
-
-        crt | cert)
-            CU_ACTION="Importing cert $certName with trust $certTrust to $dir"
-            certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \
-                -i "$file"
-            return $?
-            ;;
-
-        *)
-            echo "Unknown file extension: $file:"
-            return 1
-            ;;
-    esac
-}
-
-
-#########################################################################
-# Downloads and installs test certs and crl from a remote webserver.
-# Generates server cert for reverse testing if reverse test run is turned on.
-# Params:
-#      $1 - host name to download files from.
-#      $2 - directory at which CA cert will be installed and used for
-#           signing a server cert.
-#      $3 - path to a config file in webserver context.
-#      $4 - ssl server db location
-#      $5 - ssl client db location
-#      $5 - ocsp client db location
-#
-# Returns 0 upon success, otherwise, failed command error code.
-#
-download_install_certs() {
-    host=$1
-    caDir=$2
-    confPath=$3
-    sslServerDir=$4
-    sslClientDir=$5
-    ocspClientDir=$6
-
-    [ ! -d "$caDir" ] && mkdir -p $caDir;
-
-    #=======================================================
-    # Getting config file
-    #
-    download_file $host "$confPath/iopr_server.cfg" $caDir
-    RET=$?
-    if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then
-        html_failed "<TR><TD>Fail to download website config file(ws: $host)" 
-        return 1
-    fi
-
-    . $caDir/iopr_server.cfg
-    RET=$?
-    if [ $RET -ne 0 ]; then
-        html_failed "<TR><TD>Fail to source config file(ws: $host)" 
-        return $RET
-    fi
-
-    #=======================================================
-    # Getting CA file
-    #
-
-    #----------------- !!!WARNING!!! -----------------------
-    # Do NOT copy this scenario. CA should never accompany its
-    # cert with the private key when deliver cert to a customer.
-    #----------------- !!!WARNING!!! -----------------------
-
-    download_file $host $certDir/$caCertName.p12 $caDir
-    RET=$?
-    if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then
-        html_failed "<TR><TD>Fail to download $caCertName cert(ws: $host)" 
-        return 1
-    fi
-    tmpFiles="$caDir/$caCertName.p12"
-
-    importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C"
-    RET=$?
-    if [ $RET -ne 0 ]; then
-        html_failed "<TR><TD>Fail to import $caCertName cert to CA DB(ws: $host)" 
-        return $RET
-    fi
-
-    CU_ACTION="Exporting Root CA cert(ws: $host)"
-    certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert 
-    if [ "$RET" -ne 0 ]; then
-        Exit 7 "Fatal - failed to export $caCertName cert"
-    fi
-
-    #=======================================================
-    # Check what tests we want to run
-    #
-    doSslTests=0; doOcspTests=0
-    # XXX remove "_new" from variables below
-    [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1
-    [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1
-
-    if [ $doSslTests -eq 1 ]; then
-        if [ "$reverseRunCGIScript" ]; then
-            [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir;
-            #=======================================================
-            # Import CA cert to server DB
-            #
-            importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \
-                        "TC,C,C"
-            RET=$?
-            if [ $RET -ne 0 ]; then
-                html_failed "<TR><TD>Fail to import server-client-CA cert to \
-                             server DB(ws: $host)" 
-                return $RET
-            fi
-            
-            #=======================================================
-            # Creating server cert
-            #
-            CERTNAME=$HOSTADDR
-            
-            CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)"
-            CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \
-                        L=Mountain View, ST=California, C=US"
-            certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\
-                -o $sslServerDir/req 2>&1
-            tmpFiles="$tmpFiles $sslServerDir/req"
-            
-            
-            CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)"
-            certu -C -c "$caCertName" -m `date +"%s"` -v 60 -d "${caDir}" \
-                -i  ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \
-                -f "${R_PWFILE}" 2>&1
-            
-            importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",,"
-            RET=$?
-            if [ $RET -ne 0 ]; then
-                html_failed "<TR><TD>Fail to import $CERTNAME cert to server\
-                             DB(ws: $host)" 
-                return $RET
-            fi
-            tmpFiles="$tmpFiles $caDir/$CERTNAME.cert"
-            
-            #=======================================================
-            # Download and import CA crl to server DB
-            #
-            download_file $host "$certDir/$caCrlName.crl" $sslServerDir
-            RET=$?
-            if [ $? -ne 0 ]; then
-                html_failed "<TR><TD>Fail to download $caCertName crl\
-                             (ws: $host)" 
-                return $RET
-            fi
-            tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl"
-            
-            importFile $sslServerDir $sslServerDir/TestCA.crl
-            RET=$?
-            if [ $RET -ne 0 ]; then
-                html_failed "<TR><TD>Fail to import TestCA crt to server\
-                             DB(ws: $host)" 
-                return $RET
-            fi
-        fi # if [ "$reverseRunCGIScript" ]
-        
-        [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir;
-        #=======================================================
-        # Import CA cert to ssl client DB
-        #
-        importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \
-                   "TC,C,C"
-        RET=$?
-        if [ $RET -ne 0 ]; then
-            html_failed "<TR><TD>Fail to import server-client-CA cert to \
-                         server DB(ws: $host)" 
-            return $RET
-        fi
-    fi
-
-    if [ $doOcspTests -eq 1 ]; then
-        [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir;
-        #=======================================================
-        # Import CA cert to ocsp client DB
-        #
-        importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \
-                   "TC,C,C"
-        RET=$?
-        if [ $RET -ne 0 ]; then
-            html_failed "<TR><TD>Fail to import server-client-CA cert to \
-                         server DB(ws: $host)" 
-            return $RET
-        fi
-    fi
-
-    #=======================================================
-    # Import client certs to client DB
-    #
-    for fileName in $downloadFiles; do
-        certName=`echo $fileName | sed 's/\..*//'`
-
-        if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then
-            clientDir=$ocspClientDir
-        elif [ $doSslTests -eq 1 ]; then
-            clientDir=$sslClientDir
-        else
-            continue
-        fi
-
-        download_file $host "$certDir/$fileName" $clientDir
-        RET=$?
-        if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then
-            html_failed "<TR><TD>Fail to download $certName cert(ws: $host)" 
-            return $RET
-        fi
-        tmpFiles="$tmpFiles $clientDir/$fileName"
-        
-        importFile $clientDir $clientDir/$fileName $certName ",,"
-        RET=$?
-        if [ $RET -ne 0 ]; then
-            html_failed "<TR><TD>Fail to import $certName cert to client DB\
-                        (ws: $host)" 
-            return $RET
-        fi
-    done
-
-    rm -f $tmpFiles
-
-    return 0
-}
-
-
-#########################################################################
-# Initial point for downloading config, cert, crl files for multiple hosts
-# involved in interoperability testing. Called from nss/tests/cert/cert.sh
-# It will only proceed with downloading if environment variable 
-# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space.
-#
-# Returns 1 if interoperability testing is off, 0 otherwise. 
-#
-cert_iopr_setup() {
-
-    if [ "$IOPR" -ne 1 ]; then
-        return 1
-    fi
-    num=1
-    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '`
-    while [ "$IOPR_HOST_PARAM" ]; do
-        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
-        IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
-        [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443
-        IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'`
-        [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr"
-        
-        echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\
-              $IOPR_CONF_PATH"
-        
-        download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \
-            ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \
-            ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \
-            ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
-        if [ $? -ne 0 ]; then
-            echo "wsFlags=\"NOIOPR $wsParam\"" >> \
-                ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
-        fi
-        num=`expr $num + 1`
-        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
-    done
-    
-    return 0
-}
deleted file mode 100644
--- a/security/nss/tests/iopr/ocsp_iopr.sh
+++ /dev/null
@@ -1,218 +0,0 @@
-#! /bin/sh
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-########################################################################
-#
-# mozilla/security/nss/tests/iopr/ocsp_iopr.sh
-#
-# NSS SSL interoperability QA. This file is included from ssl.sh
-#
-# needs to work on all Unix and Windows platforms
-#
-# special strings
-# ---------------
-#   FIXME ... known problems, search for this string
-#   NOTE .... unexpected behavior
-#
-# FIXME - Netscape - NSS
-########################################################################
-IOPR_OCSP_SOURCED=1
-
-########################################################################
-# The funtion works with variables defined in interoperability 
-# configuration file that gets downloaded from a webserver.
-# The function sets test parameters defind for a particular type
-# of testing.
-#
-# No return value
-#
-setTestParam() {
-    type=$1
-    testParam=`eval 'echo $'${type}Param`
-    testDescription=`eval 'echo $'${type}Descr`
-    testProto=`eval 'echo $'${type}Proto`
-    testPort=`eval 'echo $'${type}Port`
-    testResponder=`eval 'echo $'${type}ResponderCert`
-    testValidCertNames=`eval 'echo $'${type}ValidCertNames`
-    testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
-    testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
-}
-
-########################################################################
-# The funtion checks status of a cert using ocspclnt.
-# Params:
-#    dbDir - nss cert db location
-#    cert - cert in question
-#    respUrl - responder url is available 
-#    defRespCert - trusted responder cert
-#
-# Return values:
-#    0 - test passed, 1 - otherwise.
-#
-ocsp_get_cert_status() {
-    dbDir=$1
-    cert=$2
-    respUrl=$3
-    defRespCert=$4
-    
-    if [ -n "$respUrl" -o -n "$defRespCert" ]; then
-        if [ -z "$respUrl" -o -z "$defRespCert" ]; then
-            html_failed "<TR><TD>Incorrect test params" 
-            return 1
-        fi
-        clntParam="-l $respUrl -t $defRespCert"
-    fi
-
-    outFile=$dbDir/ocsptest.out.$$
-    echo "ocspclnt -d $dbDir -S $cert $clntParam"
-    ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
-    ret=$?
-    echo "ocspclnt output:"
-    cat $outFile
-    [ -z "`grep succeeded $outFile`" ] && ret=1
-    
-    rm -f $outFile
-    return $ret
-}
-
-########################################################################
-# The funtion checks status of a cert using ocspclnt.
-# Params:
-#    testType - type of the test based on type of used responder
-#    servName - FQDM of the responder server
-#    dbDir - nss cert db location
-#
-# No return value
-#
-ocsp_iopr() {
-    testType=$1
-    servName=$2
-    dbDir=$3
-
-    setTestParam $testType
-    if [ "`echo $testParam | grep NOCOV`" != "" ]; then
-        echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
-            "run by server configuration"
-        return 0
-    fi
-    
-    html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
-        "Test Type: $testDescription"
-
-    if [ -n "$testResponder" ]; then
-        responderUrl="$testProto://$servName:$testPort"
-    else
-        responderUrl=""
-    fi
-
-    for certName in $testValidCertNames; do
-        ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder"
-        html_msg $? 0 "Getting status of a valid cert ($certName)" \
-            "produced a returncode of $ret, expected is 0."
-    done
-
-    for certName in $testRevokedCertNames; do
-        ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder"
-        html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
-            "produced a returncode of $ret, expected is 1." 
-    done
-
-    for certName in $testStatUnknownCertNames; do
-        ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder"
-        html_msg $? 1 "Getting status of a cert with unknown status " \
-                    "($certName) produced a returncode of $ret, expected is 1."
-    done
-}
-
-  
-#####################################################################
-# Initial point for running ocsp test againt multiple hosts involved in
-# interoperability testing. Called from nss/tests/ocsp/ocsp.sh
-# It will only proceed with test run for a specific host if environment variable 
-# IOPR_HOSTADDR_LIST was set, had the host name in the list
-# and all needed file were successfully downloaded and installed for the host.
-#
-# Returns 1 if interoperability testing is off, 0 otherwise. 
-#
-ocsp_iopr_run() {
-    NO_ECC_CERTS=1 # disable ECC for interoperability tests
-
-    if [ "$IOPR" -ne 1 ]; then
-        return 1
-    fi
-    cd ${CLIENTDIR}
-
-    num=1
-    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
-    while [ "$IOPR_HOST_PARAM" ]; do
-        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
-        IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
-        [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
-        
-        . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
-        RES=$?
-        
-        num=`expr $num + 1`
-        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
-
-        if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
-            continue
-        fi
-        
-        #=======================================================
-        # Check what server is configured to run ssl tests
-        #
-        [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
-
-        # Testing directories defined by webserver.
-        echo "Testing ocsp interoperability.
-                Client: local(tstclnt).
-                Responder: remote($IOPR_HOSTADDR)"
-        
-        for ocspTestType in ${supportedTests_new}; do
-            if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
-                continue
-            fi
-            ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
-                ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
-        done
-        echo "================================================"
-        echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
-    done
-    NO_ECC_CERTS=0
-    return 0
-}
-
deleted file mode 100644
--- a/security/nss/tests/iopr/ssl_iopr.sh
+++ /dev/null
@@ -1,666 +0,0 @@
-#! /bin/sh
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-########################################################################
-#
-# mozilla/security/nss/tests/iopr/ssl_iopr.sh
-#
-# NSS SSL interoperability QA. This file is included from ssl.sh
-#
-# needs to work on all Unix and Windows platforms
-#
-# special strings
-# ---------------
-#   FIXME ... known problems, search for this string
-#   NOTE .... unexpected behavior
-#
-# FIXME - Netscape - NSS
-########################################################################
-IOPR_SSL_SOURCED=1
-
-########################################################################
-# The functions works with variables defined in interoperability 
-# configuration file that was downloaded from a webserver.
-# It tries to find unrevoked cert based on value of variable
-# "SslClntValidCertName" defined in the configuration file.
-# Params NONE.
-# Returns 0 if found, 1 otherwise.
-#
-setValidCert() {
-    testUser=$SslClntValidCertName
-    [ -z "$testUser" ] && return 1
-    return 0
-}
-
-########################################################################
-# The funtions works with variables defined in interoperability 
-# configuration file that was downloaded from a webserver.
-# The function sets port, url, param and description test parameters
-# that was defind for a particular type of testing.
-# Params:
-#      $1 - supported types of testing. Currently have maximum
-#           of two: forward and reverse. But more can be defined. 
-# No return value
-#
-setTestParam() {
-    type=$1
-    sslPort=`eval 'echo $'${type}Port`
-    sslUrl=`eval 'echo $'${type}Url`
-    testParam=`eval 'echo $'${type}Param`
-    testDescription=`eval 'echo $'${type}Descr`
-    [ -z "$sslPort" ] && sslPort=443
-    [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
-    [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
-}
-
-
-#######################################################################
-# local shell function to perform SSL Cipher Suite Coverage tests
-# in interoperability mode. Tests run against web server by using nss
-# test client
-# Params:
-#      $1 - supported type of testing.
-#      $2 - testing host
-#      $3 - nss db location
-# No return value
-#  
-ssl_iopr_cov_ext_server()
-{
-  testType=$1
-  host=$2
-  dbDir=$3
-
-  setTestParam $testType
-  if [ "`echo $testParam | grep NOCOV`" != "" ]; then
-      echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
-           "run by server configuration"
-      return 0
-  fi
-
-  html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
-      "$BYPASS_STRING $NORM_EXT): $testDescription"
-
-  setValidCert; ret=$?
-  if [ $ret -ne 0 ]; then
-      html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" 
-      return $ret
-  fi
-
-  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
-  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
-  echo >> $SSL_REQ_FILE
-  
-  while read ecc tls param testname therest; do
-      [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
-          "$ecc" = "ECC" ] && continue; 
-      
-      echo "$SCRIPTNAME: running $testname ----------------------------"
-      TLS_FLAG=-T
-      if [ "$tls" = "TLS" ]; then
-          TLS_FLAG=""
-      fi
-      
-      resFile=${TMP}/$HOST.tmpRes.$$
-      rm $resFile 2>/dev/null
-      
-      echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
-      echo "      -n $testUser -w nss ${CLIEN_OPTIONS} -f \\"
-      echo "      -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
-      
-      tstclnt -w nss -p ${sslPort} -h ${host} -c ${param} \
-          ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -w nss \
-          -d ${dbDir} < ${SSL_REQ_FILE} >$resFile  2>&1
-      ret=$?
-      grep "ACCESS=OK" $resFile
-      test $? -eq 0 -a $ret -eq 0
-      ret=$?
-      [ $ret -ne 0 ] && cat ${TMP}/$HOST.tmp.$$
-      rm -f $resFile 2>/dev/null
-      html_msg $ret 0 "${testname}"
-  done < ${SSLCOV}
-  rm -f $SSL_REQ_FILE 2>/dev/null
-
-  html "</TABLE><BR>"
-}
-
-#######################################################################
-# local shell function to perform SSL  Client Authentication tests
-# in interoperability mode. Tests run against web server by using nss
-# test client
-# Params:
-#      $1 - supported type of testing.
-#      $2 - testing host
-#      $3 - nss db location
-# No return value
-#  
-ssl_iopr_auth_ext_server()
-{
-  testType=$1
-  host=$2
-  dbDir=$3
-
-  setTestParam $testType
-  if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
-      echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
-           "run by server configuration"
-      return 0
-  fi
-
-  html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
-             $testDescription"
-
-  setValidCert;ret=$?
-  if [ $ret -ne 0 ]; then
-      html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" 
-      return $ret
-  fi
-
-  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
-  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
-  echo >> $SSL_REQ_FILE
-  
-  SSLAUTH_TMP=${TMP}/authin.tl.tmp
-  grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}
-
-  while read ecc value sparam cparam testname; do
-      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
-
-      cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
-      
-      echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
-      echo "         -d ${dbDir} < ${SSL_REQ_FILE}"
-      
-      resFile=${TMP}/$HOST.tmp.$$
-      rm $rsFile 2>/dev/null
-
-      tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
-          -d ${dbDir} < ${SSL_REQ_FILE} >$resFile  2>&1
-      ret=$?
-      grep "ACCESS=OK" $resFile
-      test $? -eq 0 -a $ret -eq 0
-      ret=$?
-      [ $ret -ne 0 ] && cat $resFile
-      rm $resFile 2>/dev/null
-      
-      html_msg $ret $value "${testname}. Client params: $cparam"\
-          "produced a returncode of $ret, expected is $value"
-  done < ${SSLAUTH_TMP}
-  rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
-
-  html "</TABLE><BR>"
-}
-
-########################################################################
-# local shell function to perform SSL interoperability test with/out
-# revoked certs tests. Tests run against web server by using nss
-# test client
-# Params:
-#      $1 - supported type of testing.
-#      $2 - testing host
-#      $3 - nss db location
-# No return value
-#  
-ssl_iopr_crl_ext_server()
-{
-  testType=$1
-  host=$2
-  dbDir=$3
-
-  setTestParam $testType
-  if [ "`echo $testParam | grep NOCRL`" != "" ]; then
-      echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
-           "run by server configuration"
-      return 0
-  fi
-
-  html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
-  
-  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
-  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
-  echo >> $SSL_REQ_FILE
-  
-  SSLAUTH_TMP=${TMP}/authin.tl.tmp
-  grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
-      grep -v none > ${SSLAUTH_TMP}
-
-  while read ecc value sparam _cparam testname; do
-      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
-
-      rev_modvalue=254
-      for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
-          cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
-	  
-          echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
-          echo "        -f -d ${dbDir} ${cparam}  < ${SSL_REQ_FILE}"
-          resFile=${TMP}/$HOST.tmp.$$
-          rm -f $resFile 2>/dev/null
-          tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
-              -d ${dbDir} < ${SSL_REQ_FILE} \
-              > $resFile  2>&1
-          ret=$?
-          grep "ACCESS=OK" $resFile
-          test $? -eq 0 -a $ret -eq 0
-          ret=$?
-          [ $ret -ne 0 ] && ret=$rev_modvalue;
-          [ $ret -ne 0 ] && cat $resFile
-          rm -f $resFile 2>/dev/null
-
-          if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
-              modvalue=$rev_modvalue
-              testAddMsg="revoked"
-          else
-              testAddMsg="not revoked"
-              modvalue=$value
-          fi
-          html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
-              "produced a returncode of $ret, expected is $modvalue"
-      done
-  done < ${SSLAUTH_TMP}
-  rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
-  
-  html "</TABLE><BR>"
-}
-
-
-########################################################################
-# local shell function to perform SSL Cipher Coverage tests of nss server
-# by invoking remote test client on web server side.
-# Invoked only if reverse testing is supported by web server.
-# Params:
-#      $1 - remote web server host
-#      $2 - open port to connect to invoke CGI script
-#      $3 - host where selfserv is running(name of the host nss tests
-#           are running)
-#      $4 - port where selfserv is running
-#      $5 - selfserv nss db location
-# No return value
-#  
-ssl_iopr_cov_ext_client()
-{
-  host=$1
-  port=$2
-  sslHost=$3
-  sslPort=$4
-  serDbDir=$5
-
-  html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
-
-  setValidCert
-  ret=$?
-  if [ $res -ne 0 ]; then
-      html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" 
-      return $ret
-  fi
-
-  # P_R_SERVERDIR switch require for selfserv to work.
-  # Will be restored after test
-  OR_P_R_SERVERDIR=$P_R_SERVERDIR
-  P_R_SERVERDIR=$serDbDir
-  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
-  P_R_CLIENTDIR=$serDbDir
-  testname=""
-  sparam="-vvvc ABCDEFcdefgijklmnvyz"
-  # Launch the server
-  start_selfserv 
-  
-  while read ecc tls param cipher therest; do
-      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
-      echo "============= Beginning of the test ===================="
-      echo
-      
-      is_selfserv_alive
-      
-      TEST_IN=${TMP}/${HOST}_IN.tmp.$$
-      TEST_OUT=${TMP}/$HOST.tmp.$$
-      rm -f $TEST_IN $TEST_OUT 2>/dev/null
-      
-      echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
-      echo >> $TEST_IN
-      
-      echo "------- Request ----------------------"
-      cat $TEST_IN
-      echo "------- Command ----------------------"
-      echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
-          -h $host \< $TEST_IN \>\> $TEST_OUT
-
-      tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
-          -h $host <$TEST_IN > $TEST_OUT 
-
-      echo "------- Server output Begin ----------"
-      cat $TEST_OUT
-      echo "------- Server output End   ----------"
-      
-      echo "Checking for errors in log file..."
-      grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
-      if [ $? -eq 0 ]; then
-          grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
-          if [ $? -eq 0 ]; then
-              echo "Skiping test: no support for the cipher $cipher on server side"
-              continue
-          fi
-          
-          grep -i "SERVER ERROR:" $TEST_OUT
-          ret=$?
-          if [ $ret -eq 0 ]; then
-              echo "Found problems. Reseting exit code to failure."
-              
-              ret=1
-          else
-              ret=0
-          fi
-      else
-          echo "Script was not executed. Reseting exit code to failure."
-          ret=11
-      fi
-      
-      html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
-          " produced a returncode of $ret, expected is 0"
-      rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
-  done < ${SSLCOV}
-  kill_selfserv
-  
-  P_R_SERVERDIR=$OR_P_R_SERVERDIR
-  
-  rm -f ${TEST_IN} ${TEST_OUT}
-  html "</TABLE><BR>"
-}
-
-########################################################################
-# local shell function to perform SSL Authentication tests of nss server
-# by invoking remove test client on web server side
-# Invoked only if reverse testing is supported by web server.
-# Params:
-#      $1 - remote web server host
-#      $2 - open port to connect to invoke CGI script
-#      $3 - host where selfserv is running(name of the host nss tests
-#           are running)
-#      $4 - port where selfserv is running
-#      $5 - selfserv nss db location
-# No return value
-#  
-ssl_iopr_auth_ext_client()
-{
-  host=$1
-  port=$2
-  sslHost=$3
-  sslPort=$4
-  serDbDir=$5
-
-  html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
-
-  setValidCert
-  ret=$?
-  if [ $res -ne 0 ]; then
-      html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" 
-      return $ret
-  fi
-
-  OR_P_R_SERVERDIR=$P_R_SERVERDIR
-  P_R_SERVERDIR=${serDbDir}
-  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
-  P_R_CLIENTDIR=$serDbDir
-
-  SSLAUTH_TMP=${TMP}/authin.tl.tmp
-
-  grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
-
-  while read ecc value sparam cparam testname; do
-      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
-
-      echo "Server params: $sparam"
-      sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
-      start_selfserv
-      
-      TEST_IN=${TMP}/$HOST_IN.tmp.$$
-      TEST_OUT=${TMP}/$HOST.tmp.$$
-      rm -f $TEST_IN $TEST_OUT 2>/dev/null
-
-      echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
-      echo >> $TEST_IN
-      
-      echo "------- Request ----------------------"
-      cat $TEST_IN
-      echo "------- Command ----------------------"
-      echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
-          -h $host \< $TEST_IN \>\> $TEST_OUT
-      
-      tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
-          -h $host <$TEST_IN > $TEST_OUT 
-      
-      echo "------- Server output Begin ----------"
-      cat $TEST_OUT
-      echo "------- Server output End   ----------"
-
-      echo "Checking for errors in log file..."
-      grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
-      if [ $? -eq 0 ]; then
-          echo "Checking for error in log file..."
-          grep -i "SERVER ERROR:" $TEST_OUT
-          ret=$?
-          if [ $ret -eq 0 ]; then
-              echo "Found problems. Reseting exit code to failure."
-              ret=1
-          else
-              ret=0
-          fi
-      else
-          echo "Script was not executed. Reseting exit code to failure."
-          ret=11
-      fi
-      
-      html_msg $ret $value "${testname}. Server params: $sparam"\
-          "produced a returncode of $ret, expected is $value"
-      kill_selfserv
-      rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
-  done < ${SSLAUTH_TMP}
-  P_R_SERVERDIR=$OR_P_R_SERVERDIR
-
-  rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
-  html "</TABLE><BR>"
-}
-
-#########################################################################
-# local shell function to perform SSL CRL testing of nss server
-# by invoking remote test client on web server side
-# Invoked only if reverse testing is supported by web server.
-# Params:
-#      $1 - remote web server host
-#      $2 - open port to connect to invoke CGI script
-#      $3 - host where selfserv is running(name of the host nss tests
-#           are running)
-#      $4 - port where selfserv is running
-#      $5 - selfserv nss db location
-# No return value
-#  
-ssl_iopr_crl_ext_client()
-{
-  host=$1
-  port=$2
-  sslHost=$3
-  sslPort=$4
-  serDbDir=$5
-
-  html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
-  
-  OR_P_R_SERVERDIR=$P_R_SERVERDIR
-  P_R_SERVERDIR=${serDbDir}
-  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
-  P_R_CLIENTDIR=$serDbDir
-
-  SSLAUTH_TMP=${TMP}/authin.tl.tmp
-  grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
-
-  while read ecc value sparam _cparam testname; do
-      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
-      sparam="$sparam  -vvvc ABCDEFcdefgijklmnvyz"
-      start_selfserv
-
-      for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
-	  
-          is_selfserv_alive
-          
-          TEST_IN=${TMP}/${HOST}_IN.tmp.$$
-          TEST_OUT=${TMP}/$HOST.tmp.$$
-          rm -f $TEST_IN $TEST_OUT 2>/dev/null
-
-          echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
-          echo >> $TEST_IN
-          
-          echo "------- Request ----------------------"
-          cat $TEST_IN
-          echo "------- Command ----------------------"
-          echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
-              -h ${host} \< $TEST_IN \>\> $TEST_OUT
-            
-          tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \
-              -h ${host} <$TEST_IN > $TEST_OUT 
-          echo "------- Request ----------------------"
-          cat $TEST_IN
-          echo "------- Server output Begin ----------"
-          cat $TEST_OUT
-          echo "------- Server output End   ----------"
-          
-          echo "Checking for errors in log file..."
-          grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
-          if [ $? -eq 0 ]; then
-              grep -i "SERVER ERROR:" $TEST_OUT
-              ret=$?
-              if [ $ret -eq 0 ]; then
-                  echo "Found problems. Reseting exit code to failure."
-                  ret=1
-              else
-                  ret=0
-              fi
-          else
-              echo "Script was not executed. Reseting exit code to failure."
-              ret=11
-          fi
-          
-          if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
-              modvalue=1
-              testAddMsg="revoked"
-          else
-              testAddMsg="not revoked"
-              modvalue=0
-          fi
-          
-          html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
-		"produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
-          rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
-      done
-      kill_selfserv
-  done < ${SSLAUTH_TMP}
-  P_R_SERVERDIR=$OR_P_R_SERVERDIR
-
-  rm -f ${SSLAUTH_TMP}
-  html "</TABLE><BR>"
-}
-
-#####################################################################
-# Initial point for running ssl test againt multiple hosts involved in
-# interoperability testing. Called from nss/tests/ssl/ssl.sh
-# It will only proceed with test run for a specific host if environment variable 
-# IOPR_HOSTADDR_LIST was set, had the host name in the list
-# and all needed file were successfully downloaded and installed for the host.
-#
-# Returns 1 if interoperability testing is off, 0 otherwise. 
-#
-ssl_iopr_run() {
-    NO_ECC_CERTS=1 # disable ECC for interoperability tests
-
-    if [ "$IOPR" -ne 1 ]; then
-        return 1
-    fi
-    cd ${CLIENTDIR}
-
-    num=1
-    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
-    while [ "$IOPR_HOST_PARAM" ]; do
-        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
-        IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
-        [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
-        
-        . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
-        RES=$?
-        
-        if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
-            num=`expr $num + 1`
-            IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
-            continue
-        fi
-        
-        #=======================================================
-        # Check if server is capable to run ssl tests
-        #
-        [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;
-
-        # Testing directories defined by webserver.
-        echo "Testing ssl interoperability.
-                Client: local(tstclnt).
-                Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
-        
-        for sslTestType in ${supportedTests_new}; do
-            if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
-                continue
-            fi
-            ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
-                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
-            ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
-                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
-            ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
-                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
-        done
-        
-        
-        # Testing selfserv with client located at the webserver.
-        echo "Testing ssl interoperability.
-                Client: remote($IOPR_HOSTADDR:$PORT)
-                Server: local(selfserv)"
-        ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
-            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
-        ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
-            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
-        ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
-            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
-        echo "================================================"
-        echo "Done testing interoperability with $IOPR_HOSTADDR"
-        num=`expr $num + 1`
-        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
-    done
-    NO_ECC_CERTS=0
-    return 0
-}
-
deleted file mode 100644
--- a/security/nss/tests/ocsp/ocsp.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#! /bin/sh
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-########################################################################
-#
-# mozilla/security/nss/tests/ocsp/ocsp.sh
-#
-# Script to test NSS OCSP
-#
-# needs to work on all Unix and Windows platforms
-#
-# special strings
-# ---------------
-#   FIXME ... known problems, search for this string
-#   NOTE .... unexpected behavior
-#
-########################################################################
-
-############################## ssl_init ################################
-# local shell function to initialize this script
-########################################################################
-ocsp_init()
-{
-  SCRIPTNAME=ocsp.sh      # sourced - $0 would point to all.sh
-
-  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
-      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
-  fi
-  
-  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
-      cd ../common
-      . ./init.sh
-  fi
-  if [ -z "${IOPR_OCSP_SOURCED}" ]; then
-      . ../iopr/ocsp_iopr.sh
-  fi
-  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
-      cd ../cert
-      . ./cert.sh
-  fi
-  SCRIPTNAME=ocsp.sh
-  echo "$SCRIPTNAME: OCSP tests ==============================="
-
-  cd ${CLIENTDIR}
-}
-
-################## main #################################################
-ocsp_init
-ocsp_iopr_run