This is the last of the shared database patch. This enables testing of the
authorrrelyea%redhat.com
Tue, 19 Jun 2007 21:07:01 +0000
changeset 7901 d592fe175d5c251d93f175d6e6a2d82e7f7d7491
parent 7900 7cfa79e317400a7007c8c18449a9b1fe29be73ab
child 7902 2dc7eb926c23a8ea7d6a3a263baa4a2aa6533ee0
push idunknown
push userunknown
push dateunknown
bugs217538
This is the last of the shared database patch. This enables testing of the legacy db, shared db, and the upgrade between them. bug 217538
security/nss/tests/all.sh
security/nss/tests/cert/cert.sh
security/nss/tests/cipher/cipher.sh
security/nss/tests/common/init.sh
security/nss/tests/smime/smime.sh
security/nss/tests/ssl/ssl.sh
--- a/security/nss/tests/all.sh
+++ b/security/nss/tests/all.sh
@@ -73,45 +73,154 @@
 #    and a completely common environment
 #
 # file tells the test suite that the output is going to a log, so any
 #  forked() children need to redirect their output to prevent them from
 #  being over written.
 #
 ########################################################################
 
+run_tests()
+{
+  for i in ${TESTS}
+    do
+      SCRIPTNAME=${i}.sh
+      if [ "$O_CRON" = "ON" ]
+      then
+        echo "Running tests for $i" >> ${LOGFILE}
+        echo "TIMESTAMP $i BEGIN: `date`" >> ${LOGFILE}
+        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file >> ${LOGFILE} 2>&1)
+        echo "TIMESTAMP $i END: `date`" >> ${LOGFILE}
+      else
+        echo "Running tests for $i" | tee -a ${LOGFILE}
+        echo "TIMESTAMP $i BEGIN: `date`" | tee -a ${LOGFILE}
+        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file 2>&1 | tee -a ${LOGFILE})
+        echo "TIMESTAMP $i END: `date`" | tee -a ${LOGFILE}
+      fi
+    done
+}
+
 LIBPKIX=
 if [ -n "$BUILD_LIBPKIX_TESTS" ] ; then
     LIBPKIX=libpkix
 fi
 
 tests="cipher perf ${LIBPKIX} cert dbtests tools fips sdr crmf smime ssl ocsp"
+NSS_DEFAULT_DB_TYPE="dbm"
 TESTS=${TESTS:-$tests}
 SCRIPTNAME=all.sh
 CLEANUP="${SCRIPTNAME}"
 cd `dirname $0`	# will cause problems if sourced 
 
 #all.sh should be the first one to try to source the init 
 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     cd common
     . ./init.sh
 fi
 
-for i in ${TESTS}
+# test the old DATABASE
+run_tests
+
+# 'reset' the databases to initial values
+echo "Reset databases to their initial values:" | tee -a ${LOGFILE}
+cd ${HOSTDIR}
+certutil -D -n objsigner -d alicedir 2>&1 | tee -a ${LOGFILE} 
+certutil -M -n FIPS_PUB_140_Test_Certificate -t "C,C,C" -d fips -f ${FIPSPWFILE} 2>&1 | tee -a ${LOGFILE} 
+certutil -L -d fips 2>&1 | tee -a ${LOGFILE} 
+rm -f smime/alicehello.env
+
+# test upgrade to the new database
+echo "nss" > ${PWFILE}
+TABLE_ARGS="bgcolor=pink"
+html_head "Legacy to shared Library update"
+dirs="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server SDR server serverCA tools/copydir"
+for i in $dirs
 do
-    SCRIPTNAME=${i}.sh
-    if [ "$O_CRON" = "ON" ]
-    then
-        echo "Running tests for $i" >> ${LOGFILE}
-        echo "TIMESTAMP $i BEGIN: `date`" >> ${LOGFILE}
-        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file >> ${LOGFILE} 2>&1)
-        echo "TIMESTAMP $i END: `date`" >> ${LOGFILE}
-    else
-        echo "Running tests for $i" | tee -a ${LOGFILE}
-        echo "TIMESTAMP $i BEGIN: `date`" | tee -a ${LOGFILE}
-        (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file 2>&1 | tee -a ${LOGFILE})
-        echo "TIMESTAMP $i END: `date`" | tee -a ${LOGFILE}
-    fi
+   echo $i
+   if [ -d $i ]; then
+	echo "upgrading db $i"  | tee -a ${LOGFILE}
+	certutil -G -g 512 -d sql:$i -f ${PWFILE} -z ${NOISE_FILE} 2>&1 | tee -a ${LOGFILE} 
+	html_msg $? 0 "Upgrading $i"
+   else
+	echo "skipping db $i" | tee -a ${LOGFILE}
+	html_msg 0 0 "No directory $i"
+   fi
 done
 
+if [ -d fips ]; then
+   echo "upgrading db fips" | tee -a ${LOGFILE}
+   certutil -S -g 512 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2&>1 | tee -a ${LOGFILE}
+   html_msg $? 0 "Upgrading fips"
+   # remove our temp certificate we created in the fist token
+   certutil -F -n tmprsa -d sql:fips -f ${FIPSPWFILE} 2&>1 | tee -a ${LOGFILE}
+   certutil -L -d sql:fips 2&>1 | tee -a ${LOGFILE} 
+fi
+
+html "</TABLE><BR>"
+
+NSS_DEFAULT_DB_TYPE="sql"
+export NSS_DEFAULT_DB_TYPE
+
+# run run the subset of tests with the upgraded database
+old_tests=${TESTS}
+TESTS="tools fips sdr crmf smime ssl ocsp"
+run_tests
+
+# test the new DATABASE
+TESTS=${old_tests}
+#TESTS="cert"
+mkdir -p ${HOSTDIR}/sharedb
+saveHostDIR=${HOSTDIR}
+
+# need a function in init.sh to rebase the directories!
+HOSTDIR=${HOSTDIR}/sharedb
+
+TMP=${HOSTDIR}
+TEMP=${TMP}
+TMPDIR=${TMP}
+
+CADIR=${HOSTDIR}/CA
+SERVERDIR=${HOSTDIR}/server
+CLIENTDIR=${HOSTDIR}/client
+ALICEDIR=${HOSTDIR}/alicedir
+BOBDIR=${HOSTDIR}/bobdir
+DAVEDIR=${HOSTDIR}/dave
+EVEDIR=${HOSTDIR}/eve
+FIPSDIR=${HOSTDIR}/fips
+DBPASSDIR=${HOSTDIR}/dbpass
+ECCURVES_DIR=${HOSTDIR}/eccurves
+
+SERVER_CADIR=${HOSTDIR}/serverCA
+CLIENT_CADIR=${HOSTDIR}/clientCA
+EXT_SERVERDIR=${HOSTDIR}/ext_server
+EXT_CLIENTDIR=${HOSTDIR}/ext_client
+
+IOPR_CADIR=${HOSTDIR}/CA_iopr
+IOPR_SERVERDIR=${HOSTDIR}/server_iopr
+IOPR_CLIENTDIR=${HOSTDIR}/client_iopr
+
+P_SERVER_CADIR=${SERVER_CADIR}
+P_CLIENT_CADIR=${CLIENT_CADIR}
+
+CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
+
+PWFILE=${TMP}/tests.pw.$$
+NOISE_FILE=${TMP}/tests_noise.$$
+CORELIST_FILE=${TMP}/clist.$$
+
+FIPSPWFILE=${TMP}/tests.fipspw.$$
+FIPSBADPWFILE=${TMP}/tests.fipsbadpw.$$
+FIPSP12PWFILE=${TMP}/tests.fipsp12pw.$$
+
+echo "fIps140" > ${FIPSPWFILE}
+echo "fips104" > ${FIPSBADPWFILE}
+echo "pKcs12fips140" > ${FIPSP12PWFILE}
+
+
+# run the tests for native sharedb support
+TABLE_ARGS="bgcolor=yellow"
+html_head "Testing with shared Library"
+html "</TABLE><BR>"
+run_tests
+
 SCRIPTNAME=all.sh
 
 . ${QADIR}/common/cleanup.sh
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -134,22 +134,22 @@ noise()
 certu()
 {
     echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
 
     if [ -n "${CU_SUBJECT}" ]; then
         #the subject of the cert contains blanks, and the shell 
         #will strip the quotes off the string, if called otherwise...
         echo "certutil -s \"${CU_SUBJECT}\" $*"
-        certutil -s "${CU_SUBJECT}" $*
+        ${PROFTOOL} certutil -s "${CU_SUBJECT}" $*
         RET=$?
         CU_SUBJECT=""
     else
         echo "certutil $*"
-        certutil $*
+        ${PROFTOOL} certutil $*
         RET=$?
     fi
     if [ "$RET" -ne 0 ]; then
         CERTFAILED=$RET
         html_failed "<TR><TD>${CU_ACTION} ($RET) " 
         cert_log "ERROR: ${CU_ACTION} failed $RET"
     else
         html_passed "<TR><TD>${CU_ACTION}"
@@ -163,17 +163,17 @@ certu()
 # stdout, sets variable RET and writes results to the html file results
 ########################################################################
 crlu()
 {
     echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
     
     CRLUTIL="crlutil -q"
     echo "$CRLUTIL $*"
-    $CRLUTIL $*
+    ${PROFTOOL} $CRLUTIL $*
     RET=$?
     if [ "$RET" -ne 0 ]; then
         CRLFAILED=$RET
         html_failed "<TR><TD>${CU_ACTION} ($RET) " 
         cert_log "ERROR: ${CU_ACTION} failed $RET"
     else
         html_passed "<TR><TD>${CU_ACTION}"
     fi
@@ -1350,16 +1350,43 @@ EOF_CRLINI
 
   if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
       cert_log "ERROR: SSL CRL prep failed $CERTFAILED : $CRL_GEN_RES"
   else
       cert_log "SUCCESS: SSL CRL prep passed"
   fi
 }
 
+#################
+# Verify the we can successfully change the password on the database
+#
+cert_test_password()
+{
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Create A Password Test Cert  =============="
+  cert_init_cert "${DBPASSDIR}" "Password Test Cert" 1000 "${D_DBPASSDIR}"
+
+  echo "$SCRIPTNAME: Create A Password Test Ca  --------"
+  ALL_CU_SUBJECT="CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  cert_CA ${DBPASSDIR} PasswordCA -x "CTu,CTu,CTu" ${D_DBPASS} "1"
+
+  # now change the password
+  CU_ACTION="Changing password on ${CERTNAME}'s Cert DB"
+  certu -W -d "${PROFILEDIR}" -f "${R_PWFILE}" -@ "${R_FIPSPWFILE}" 2>&1
+
+  # finally make sure we can use the old key with the new password
+  CU_ACTION="Generate Certificate for ${CERTNAME} with new password"
+  CU_SUBJECT="CN=${CERTNAME}, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -S -n PasswordCert -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -z "${R_NOISE_FILE}" 2>&1
+  if [ "$RET" -eq 0 ]; then
+    cert_log "SUCCESS: PASSWORD passed"
+  fi
+}
+
+
 ############################## cert_cleanup ############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
 ########################################################################
 cert_cleanup()
 {
   cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
   html "</TABLE><BR>" 
@@ -1385,9 +1412,10 @@ else
 fi
 
 cert_iopr_setup
 
 if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
     cert_stresscerts 
 fi
 
+cert_test_password
 cert_cleanup
--- a/security/nss/tests/cipher/cipher.sh
+++ b/security/nss/tests/cipher/cipher.sh
@@ -97,17 +97,17 @@ cipher_main()
           inOff=0
           res=0
           while [ $inOff -lt 8 ]
           do
              outOff=0
              while [ $outOff -lt 8 ]
              do
                  echo "bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff"
-                 bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
+                 ${PROFTOOL} bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
                  if [ $? -ne 0 ]; then
                      failedStr="$failedStr[$inOff:$outOff]"
                  fi
                  outOff=`expr $outOff + 1`
              done
              inOff=`expr $inOff + 1`
           done
           if [ -n "$failedStr" ]; then
--- a/security/nss/tests/common/init.sh
+++ b/security/nss/tests/common/init.sh
@@ -137,17 +137,18 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
             echo "$*. Core file is detected."
             html "$* ${HTML_FAILED_CORE}"
             return 1
         fi
         return 0
     }
     html_head()
     {
-        html "<TABLE BORDER=1><TR><TH COLSPAN=3>$*</TH></TR>"
+	
+        html "<TABLE BORDER=1 ${TABLE_ARGS}><TR><TH COLSPAN=3>$*</TH></TR>"
         html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" 
         echo "$SCRIPTNAME: $* ==============================="
     }
     html_msg()
     {
         if [ "$1" -ne "$2" ] ; then
             html_failed "<TR><TD>$3"
             if [ -n "$4" ] ; then
@@ -158,16 +159,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
             if [ -n "$4" ] ; then
                 echo "$SCRIPTNAME: $3 $4 PASSED"
             fi
         fi
     }
     HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
     HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
     HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
+    TABLE_ARGS=
 
 
 #directory name init
     SCRIPTNAME=init.sh
 
     mozilla_root=`(cd ../../../..; pwd)`
     MOZILLA_ROOT=${MOZILLA_ROOT-$mozilla_root}
 
@@ -385,16 +387,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
     CADIR=${HOSTDIR}/CA
     SERVERDIR=${HOSTDIR}/server
     CLIENTDIR=${HOSTDIR}/client
     ALICEDIR=${HOSTDIR}/alicedir
     BOBDIR=${HOSTDIR}/bobdir
     DAVEDIR=${HOSTDIR}/dave
     EVEDIR=${HOSTDIR}/eve
     FIPSDIR=${HOSTDIR}/fips
+    DBPASSDIR=${HOSTDIR}/dbpass
     ECCURVES_DIR=${HOSTDIR}/eccurves
 
     SERVER_CADIR=${HOSTDIR}/serverCA
     CLIENT_CADIR=${HOSTDIR}/clientCA
     EXT_SERVERDIR=${HOSTDIR}/ext_server
     EXT_CLIENTDIR=${HOSTDIR}/ext_client
 
     IOPR_CADIR=${HOSTDIR}/CA_iopr
@@ -419,16 +422,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
     D_BOB="Bob.$version"
     D_DAVE="Dave.$version"
     D_EVE="Eve.$version"
     D_SERVER_CA="ServerCA.$version"
     D_CLIENT_CA="ClientCA.$version"
     D_SERVER="Server.$version"
     D_CLIENT="Client.$version"
     D_FIPS="FIPS.$version"
+    D_DBPASS="DBPASS.$version"
     D_ECCURVES="ECCURVES.$version"
     D_EXT_SERVER="ExtendedServer.$version"
     D_EXT_CLIENT="ExtendedClient.$version"
     D_CERT_EXTENSTIONS="CertExtensions.$version"
 
     # we need relative pathnames of these files abd directories, since our 
     # tools can't handle the unix style absolut pathnames on cygnus
 
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -92,88 +92,88 @@ smime_init()
 
 smime_sign()
 {
   HASH_CMD="-H ${HASH}"
   SIG=sig.${HASH}
 
   echo "$SCRIPTNAME: Signing Detached Message {$HASH} ------------------"
   echo "cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}"
-  cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
+  ${PROFTOOL} cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
   html_msg $? 0 "Create Detached Signature Alice (${HASH})" "."
 
   echo "cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
-  cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+  ${PROFTOOL} cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
   html_msg $? 0 "Verifying Alice's Detached Signature (${HASH})" "."
 
   echo "$SCRIPTNAME: Signing Attached Message (${HASH}) ------------------"
   echo "cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}"
-  cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
+  ${PROFTOOL} cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
   html_msg $? 0 "Create Attached Signature Alice (${HASH})" "."
 
   echo "cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}"
-  cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
+  ${PROFTOOL} cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
   html_msg $? 0 "Decode Alice's Attached Signature (${HASH})" "."
 
   echo "diff alice.txt alice.data.${HASH}"
   diff alice.txt alice.data.${HASH}
   html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
 
 # Test ECDSA signing for all hash algorithms.
   if [ -n "$NSS_ENABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
       echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
-      cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
+      ${PROFTOOL} cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
       html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
 
       echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
-      cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+      ${PROFTOOL} cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
       html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
 
       echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
       echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
-      cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
+      ${PROFTOOL} cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
       html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
 
       echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
-      cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
+      ${PROFTOOL} cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
       html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
 
       echo "diff alice.txt alice-ec.data.${HASH}"
       diff alice.txt alice-ec.data.${HASH}
       html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
   fi
 
 }
 
 
 
 smime_p7()
 {
   echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
   echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
-  p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
+  ${PROFTOOL} p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
   html_msg $? 0 "Creating envelope for user Alice" "."
 
   echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
-  p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
+  ${PROFTOOL} p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
   html_msg $? 0 "Verifying file delivered to user Alice" "."
 
   sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
 
   echo "diff alice.txt alice_p7.data.sed"
   diff alice.txt alice_p7.data.sed
   html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
 
   echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
-  p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
+  ${PROFTOOL} p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
   html_msg $? 0 "Signing file for user Alice" "."
 
   echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
-  p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
+  ${PROFTOOL} p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
   html_msg $? 0 "Verifying file delivered to user Alice" "."
 }
 
 ############################## smime_main ##############################
 # local shell function to test basic signed and enveloped messages 
 # from 1 --> 2"
 ########################################################################
 smime_main()
@@ -186,91 +186,91 @@ smime_main()
   HASH=SHA384
   smime_sign
   HASH=SHA512
   smime_sign
 
   echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------"
   echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
   echo "        -o alice.env"
-  cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
+  ${PROFTOOL} cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
   html_msg $? 0 "Create Enveloped Data Alice" "."
 
   echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
-  cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
+  ${PROFTOOL} cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
   html_msg $? 0 "Decode Enveloped Data Alice" "."
 
   echo "diff alice.txt alice.data1"
   diff alice.txt alice.data1
   html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
 
   # multiple recip
   echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
   echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
   echo "        -r bob@bogus.com,dave@bogus.com"
-  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
+  ${PROFTOOL} cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
           -r bob@bogus.com,dave@bogus.com
   ret=$?
   html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "."
   if [ $ret != 0 ] ; then
 	echo "certutil -L -d ${P_R_ALICEDIR}"
 	certutil -L -d ${P_R_ALICEDIR}
 	echo "certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com"
 	certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com
   fi
 
   echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
   echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
   echo "        -r eve@bogus.net"
-  cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
+  ${PROFTOOL} cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
           -r eve@bogus.net
   ret=$?
   html_msg $ret 0 "Encrypt to a Multiple Email cert" "."
 
   echo "cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2"
-  cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
+  ${PROFTOOL} cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
   html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Bob" "."
 
   echo "cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3"
-  cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
+  ${PROFTOOL} cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
   html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Dave" "."
 
   echo "cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4"
-  cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
+  ${PROFTOOL} cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
   html_msg $? 0 "Decrypt with a Multiple Email cert" "."
 
   diff alice.txt alice.data2
   html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Bob" "."
 
   diff alice.txt alice.data3
   html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Dave" "."
 
   diff alice.txt alice.data4
   html_msg $? 0 "Compare Decoded with Multiple Email cert" "."
   
   echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------"
   echo "cmsutil -O -r \"Alice,bob@bogus.com,dave@bogus.com\" \\"
   echo "        -d ${P_R_ALICEDIR} > co.der"
-  cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
+  ${PROFTOOL} cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
   html_msg $? 0 "Create Certs-Only Alice" "."
 
   echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}"
-  cmsutil -D -i co.der -d ${P_R_BOBDIR}
+  ${PROFTOOL} cmsutil -D -i co.der -d ${P_R_BOBDIR}
   html_msg $? 0 "Verify Certs-Only by CA" "."
 
   echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------"
   echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\"
   echo "        -r \"bob@bogus.com\" > alice.enc"
-  cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
+  ${PROFTOOL} cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
           -r "bob@bogus.com" > alice.enc
   html_msg $? 0 "Create Encrypted-Data" "."
 
   echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\"
   echo "        -o alice.data2"
-  cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
+  ${PROFTOOL} cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
   html_msg $? 0 "Decode Encrypted-Data" "."
 
   diff alice.txt alice.data2
   html_msg $? 0 "Compare Decoded and Original Data" "."
 }
   
 ############################## smime_cleanup ###########################
 # local shell function to finish this script (no exit since it might be
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@@ -231,21 +231,21 @@ start_selfserv()
   fi
   if [ "$1" = "mixed" ]; then
       ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
   fi
   echo "selfserv starting at `date`"
   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
   echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
   if [ ${fileout} -eq 1 ]; then
-      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+      ${PROFTOOL} selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
                ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose \
                > ${SERVEROUTFILE} 2>&1 &
   else
-      selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+      ${PROFTOOL} selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
                ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &
   fi
   # The PID $! returned by the MKS or Cygwin shell is not the PID of
   # the real background process, but rather the PID of a helper
   # process (sh.exe).  MKS's kill command has a bug: invoking kill
   # on the helper process does not terminate the real background
   # process.  Our workaround has been to have selfserv save its PID
   # in the ${SERVERPID} file and "kill" that PID instead.  But this
@@ -328,17 +328,17 @@ ssl_cov()
               mixed=0
             fi
           fi
 
           echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
           echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} -f \
+          ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} -f \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
           html_msg $ret 0 "${testname}" \
                    "produced a returncode of $ret, expected is 0"
       fi
@@ -361,17 +361,17 @@ ssl_auth()
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$ectype" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           start_selfserv
 
           echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} ${CLIENT_OPTIONS} \
+          ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} ${CLIENT_OPTIONS} \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
 
           html_msg $ret $value "${testname}" \
                    "produced a returncode of $ret, expected is $value"
@@ -417,17 +417,17 @@ ssl_stress()
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
               ps -ef | grep selfserv
           fi
 
           echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \\"
           echo "         $verbose ${HOSTADDR}"
           echo "strsclnt started at `date`"
-          strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
+          ${PROFTOOL} strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
                    $verbose ${HOSTADDR}
           ret=$?
           echo "strsclnt completed at `date`"
           html_msg $ret $value \
                    "${testname}" \
                    "produced a returncode of $ret, expected is $value. "
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
@@ -486,17 +486,17 @@ ssl_crl_ssl()
 	  TEMP_NUM=`expr $TEMP_NUM + 1`
 	  USER_NICKNAME="TestUser${CURR_SER_NUM}"
 	  cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
 	  start_selfserv
 	  
 	  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
 	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-	  tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+	  ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
 	      -d ${R_CLIENTDIR} < ${REQUEST_FILE} \
 	      >${TMP}/$HOST.tmp.$$  2>&1
 	  ret=$?
 	  cat ${TMP}/$HOST.tmp.$$ 
 	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
 	  if [ $CURR_SER_NUM -ne $UNREVOKED_CERT ]; then
 	      modvalue=$rev_modvalue
               testAddMsg="revoked"
@@ -583,17 +583,17 @@ load_group_crl() {
         echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
 
         echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
         echo "          -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
         echo "Request:"
         echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
         echo ""
         echo "RELOAD time $i"
-        tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
+        ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
             -d ${R_CLIENTDIR} -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
 	    >${OUTFILE_TMP}  2>&1 <<_EOF_REQUEST_
 GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
 
 _EOF_REQUEST_
         cat ${OUTFILE_TMP}
         grep "CRL ReCache Error" ${OUTFILE_TMP}
         if [ $? -eq 0 ]; then
@@ -670,17 +670,17 @@ ssl_crl_cache()
             TEMP_NUM=`expr $TEMP_NUM + 1`
             USER_NICKNAME="TestUser${CURR_SER_NUM}"
             cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
 
             echo "Server Args: $SERV_ARG"
             echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} \\"
             echo "        ${cparam}  < ${REQUEST_FILE}"
             rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-            tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+            ${PROFTOOL} tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
 	        -d ${R_CLIENTDIR} < ${REQUEST_FILE} \
                 >${TMP}/$HOST.tmp.$$  2>&1
             ret=$?
             cat ${TMP}/$HOST.tmp.$$ 
             rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
             is_revoked ${CURR_SER_NUM} ${LOADED_GRP}
             isRevoked=$?
             if [ $isRevoked -eq 0 ]; then
@@ -778,17 +778,16 @@ ssl_run()
 
 ################## main #################################################
 
 #this script may be sourced from the distributed stress test - in this case do nothing...
 
 CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz"
 CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz"
 
-
 if [ -z  "$DO_REM_ST" -a -z  "$DO_DIST_ST" ] ; then
 
     ssl_init
 
     # save the directories as setup by init.sh
     ORIG_SERVERDIR=$SERVERDIR
     ORIG_CLIENTDIR=$CLIENTDIR
     ORIG_R_SERVERDIR=$R_SERVERDIR