Bug 1320708, tests: Check if strsclnt doesn't stuck with empty DB password, r=fkiefer
authorDaiki Ueno <dueno@redhat.com>
Thu, 24 Aug 2017 15:51:16 +0200
changeset 13551 b554de9d2bd5f99ce9f6362424973e0a0bbe718e
parent 13550 37cc4e60403e02d6066b4b83bd76af91a8960f5a
child 13552 16d3e6c47964e33ae3a088939acb43295196f539
push id2341
push userkaie@kuix.de
push dateFri, 25 Aug 2017 19:56:58 +0000
reviewersfkiefer
bugs1320708
Bug 1320708, tests: Check if strsclnt doesn't stuck with empty DB password, r=fkiefer
tests/cert/cert.sh
tests/common/init.sh
tests/ssl/ssl.sh
tests/ssl/sslstress.txt
--- a/tests/cert/cert.sh
+++ b/tests/cert/cert.sh
@@ -462,16 +462,17 @@ cert_add_cert()
 ################################# cert_all_CA ################################
 # local shell function to build the additional Temp. Certificate Authority (CA)
 # used for the "real life" ssl test with 2 different CA's in the
 # client and in the server's dir
 ##########################################################################
 cert_all_CA()
 {
     echo nss > ${PWFILE}
+    echo > ${EMPTY_FILE}
 
     ALL_CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
     cert_CA $CADIR TestCA -x "CTu,CTu,CTu" ${D_CA} "1"
 
     ALL_CU_SUBJECT="CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
     cert_CA $SERVER_CADIR serverCA -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
     ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
     cert_CA $SERVER_CADIR chain-1-serverCA "-c serverCA" "u,u,u" ${D_SERVER_CA} "3"
@@ -1194,16 +1195,22 @@ cert_ssl()
       cert_log "SUCCESS: SSL passed"
   fi
 
   echo "$SCRIPTNAME: Creating database for OCSP stapling tests  ==============="
   echo "cp -r ${SERVERDIR} ${STAPLINGDIR}"
   cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
   pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
   pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
+
+  echo "$SCRIPTNAME: Creating database for strsclnt no login tests  ==============="
+  echo "cp -r ${CLIENTDIR} ${NOLOGINDIR}"
+  cp -r ${R_CLIENTDIR} ${R_NOLOGINDIR}
+  # change the password to empty
+  certu -W -d "${R_NOLOGINDIR}" -f "${R_PWFILE}" -@ "${R_EMPTY_FILE}" 2>&1
 }
 
 ############################## cert_stresscerts ################################
 # local shell function to create client certs for SSL stresstest
 ########################################################################
 cert_stresscerts()
 {
 
--- a/tests/common/init.sh
+++ b/tests/common/init.sh
@@ -71,20 +71,22 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
 
         IOPR_CADIR=${HOSTDIR}/CA_iopr
         IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
         IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr
         IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr
 
         CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
         STAPLINGDIR=${HOSTDIR}/stapling
+        NOLOGINDIR=${HOSTDIR}/nologin
         SSLGTESTDIR=${HOSTDIR}/ssl_gtests
         GTESTDIR=${HOSTDIR}/gtests
 
         PWFILE=${HOSTDIR}/tests.pw
+        EMPTY_FILE=${HOSTDIR}/tests_empty
         NOISE_FILE=${HOSTDIR}/tests_noise
         CORELIST_FILE=${HOSTDIR}/clist
 
         FIPSPWFILE=${HOSTDIR}/tests.fipspw
         FIPSBADPWFILE=${HOSTDIR}/tests.fipsbadpw
         FIPSP12PWFILE=${HOSTDIR}/tests.fipsp12pw
 
         echo "fIps140" > ${FIPSPWFILE}
@@ -523,16 +525,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
     D_ALICE="Alice.$version"
     D_BOB="Bob.$version"
     D_DAVE="Dave.$version"
     D_EVE="Eve.$version"
     D_SERVER_CA="ServerCA.$version"
     D_CLIENT_CA="ClientCA.$version"
     D_SERVER="Server.$version"
     D_CLIENT="Client.$version"
+    D_NOLOGIN="NoLogin.$version"
     D_FIPS="FIPS.$version"
     D_DBPASS="DBPASS.$version"
     D_ECCURVES="ECCURVES.$version"
     D_EXT_SERVER="ExtendedServer.$version"
     D_EXT_CLIENT="ExtendedClient.$version"
     D_CERT_EXTENSTIONS="CertExtensions.$version"
     D_DISTRUST="Distrust.$version"
 
@@ -549,45 +552,49 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
     R_ALICEDIR=../alicedir
     R_BOBDIR=../bobdir
     R_DAVEDIR=../dave
     R_EVEDIR=../eve
     R_EXT_SERVERDIR=../ext_server
     R_EXT_CLIENTDIR=../ext_client
     R_CERT_EXT=../cert_extensions
     R_STAPLINGDIR=../stapling
+    R_NOLOGINDIR=../nologin
     R_SSLGTESTDIR=../ssl_gtests
     R_GTESTDIR=../gtests
 
     #
     # profiles are either paths or domains depending on the setting of
     # MULTIACCESS_DBM
     #
     P_R_CADIR=${R_CADIR}
     P_R_ALICEDIR=${R_ALICEDIR}
     P_R_BOBDIR=${R_BOBDIR}
     P_R_DAVEDIR=${R_DAVEDIR}
     P_R_EVEDIR=${R_EVEDIR}
     P_R_SERVERDIR=${R_SERVERDIR}
     P_R_CLIENTDIR=${R_CLIENTDIR}
+    P_R_NOLOGINDIR=${R_NOLOGINDIR}
     P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
     P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
     if [ -n "${MULTIACCESS_DBM}" ]; then
         P_R_CADIR="multiaccess:${D_CA}"
         P_R_ALICEDIR="multiaccess:${D_ALICE}"
         P_R_BOBDIR="multiaccess:${D_BOB}"
         P_R_DAVEDIR="multiaccess:${D_DAVE}"
         P_R_EVEDIR="multiaccess:${D_EVE}"
         P_R_SERVERDIR="multiaccess:${D_SERVER}"
         P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
+        P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}"
         P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
         P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
     fi
 
     R_PWFILE=../tests.pw
+    R_EMPTY_FILE=../tests_empty
     R_NOISE_FILE=../tests_noise
 
     R_FIPSPWFILE=../tests.fipspw
     R_FIPSBADPWFILE=../tests.fipsbadpw
     R_FIPSP12PWFILE=../tests.fipsp12pw
 
     trap "Exit $0 Signal_caught" 2 3
 
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -549,41 +549,52 @@ ssl_stress()
   do
       if [ -z "$ectype" ]; then
           # silently ignore blank lines
           continue
       fi
 
       echo "${testname}" | grep "client auth" > /dev/null
       CAUTH=$?
+      echo "${testname}" | grep "no login" > /dev/null
+      NOLOGIN=$?
 
       if [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
       elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -ne 0 ] ; then
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+      elif [ "${NOLOGIN}" -eq 0 ] && \
+           [ "${CLIENT_MODE}" = "fips" -o "$NORM_EXT" = "Extended Test" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
       elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           if [ "$ectype" = "SNI" ]; then
               cparam=`echo $cparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
               sparam=`echo $sparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
           fi
 
           start_selfserv
 
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
               ps -ef | grep selfserv
           fi
 
-          echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \\"
+          if [ "${NOLOGIN}" -eq 0 ] ; then
+              dbdir=${P_R_NOLOGINDIR}
+          else
+              dbdir=${P_R_CLIENTDIR}
+          fi
+
+          echo "strsclnt -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\"
           echo "         -V ssl3:tls1.2 $verbose ${HOSTADDR}"
           echo "strsclnt started at `date`"
-          ${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
+          ${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \
                    -V ssl3:tls1.2 $verbose ${HOSTADDR}
           ret=$?
           echo "strsclnt completed at `date`"
           html_msg $ret $value \
                    "${testname}" \
                    "produced a returncode of $ret, expected is $value. "
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
--- a/tests/ssl/sslstress.txt
+++ b/tests/ssl/sslstress.txt
@@ -16,16 +16,17 @@
   noECC     0      -u_-z     -V_ssl3:tls1.2_-c_1000_-C_c_-u_-z         Stress TLS  RC4 128 with MD5 (session ticket, compression)
   noECC     0      -u_-z     -V_ssl3:tls1.2_-c_1000_-C_c_-u_-z_-g      Stress TLS  RC4 128 with MD5 (session ticket, compression, false start)
   SNI       0      -u_-a_Host-sni.Dom -V_tls1.0:tls1.2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI)
 
 #
 # add client auth versions here...
 #
   noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
+  noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth, no login)
   noECC     0      -r_-r     -c_100_-C_c_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
   noECC     0      -r_-r_-u  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
   noECC     0      -r_-r_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
   noECC     0      -r_-r_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 128 with MD5 (compression, client auth, false start)
   noECC     0   -r_-r_-u_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression, client auth)
   noECC     0   -r_-r_-u_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u_-z_-g Stress TLS RC4 128 with MD5 (session ticket, compression, client auth, false start)
   SNI       0   -r_-r_-u_-a_Host-sni.Dom -V_tls1.0:tls1.2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, default virt host)
   SNI       0   -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -V_tls1.0:tls1.2_-c_1000_-C_c_-u_-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, change virt host)