diff -up ./tests/ssl/ssl.sh.remove-explicit-ipv4 ./tests/ssl/ssl.sh
--- ./tests/ssl/ssl.sh.remove-explicit-ipv4 2022-06-08 19:00:03.508875175 -0700
+++ ./tests/ssl/ssl.sh 2022-06-08 19:02:17.230744026 -0700
@@ -86,6 +86,8 @@ ssl_init()
NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
nss_ssl_run="stapling signed_cert_timestamps cov auth dtls scheme exporter"
NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
+ IPVER=${NSS_CLIENT_IPVER}
+
# Test case files
if [ "${NSS_NO_SSL2}" = "1" ]; then
@@ -180,16 +182,16 @@ wait_for_selfserv()
{
#verbose="-v"
echo "trying to connect to selfserv at `date`"
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
echo " -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
- ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
+ ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
if [ $? -ne 0 ]; then
sleep 5
echo "retrying to connect to selfserv at `date`"
echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
echo " -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
- ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
+ ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
if [ $? -ne 0 ]; then
if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then
@@ -395,11 +397,11 @@ ssl_cov()
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -451,11 +453,11 @@ ssl_cov_rsa_pss()
echo "$SCRIPTNAME: running $testname (RSA-PSS) ----------------------------"
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -504,10 +506,10 @@ ssl_auth()
fi
start_selfserv `echo "$sparam" | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g'`
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
echo " ${cparam} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -552,10 +554,10 @@ ssl_stapling_sub()
start_selfserv
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
echo " -c v -T -O -F -M 1 -V ssl3:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} $verbose -c v -T -O -F -M 1 -V ssl3:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -596,10 +598,10 @@ ssl_stapling_stress()
echo "${testname}"
start_selfserv
- echo "strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\"
+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\"
echo " -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}"
echo "strsclnt started at `date`"
- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \
+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \
-c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}
ret=$?
@@ -662,10 +664,10 @@ ssl_signed_cert_timestamps()
# Since we don't have server-side support, this test only covers advertising the
# extension in the client hello.
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
echo " -U -V tls1.0:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} $verbose -U -V tls1.0:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -721,10 +723,10 @@ ssl_stress()
dbdir=${P_R_CLIENTDIR}
fi
- echo "strsclnt -4 -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\"
+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\"
echo " -V ssl3:tls1.2 $verbose ${HOSTADDR}"
echo "strsclnt started at `date`"
- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \
+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \
-V ssl3:tls1.2 $verbose ${HOSTADDR}
ret=$?
echo "strsclnt completed at `date`"
@@ -813,10 +815,10 @@ ssl_crl_ssl()
cparam=`echo $_cparam | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g' -e "s/TestUser/$USER_NICKNAME/g" `
start_selfserv `echo "$sparam" | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g'`
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
echo " ${cparam} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
-d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -908,11 +910,11 @@ ssl_policy()
policy=`echo ${policy} | sed -e 's;_; ;g'`
setup_policy "$policy" ${P_R_CLIENTDIR}
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -1090,12 +1092,12 @@ ssl_policy_selfserv()
VMAX="tls1.2"
# Try to connect to the server with a ciphersuite using RSA in key exchange
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
RET_EXP=254
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
RET=$?
@@ -1180,7 +1182,7 @@ load_group_crl() {
fi
echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
echo " -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
echo "Request:"
echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
@@ -1193,7 +1195,7 @@ GET crl://${SERVERDIR}/root.crl_${grpBeg
_EOF_REQUEST_
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f \
-d ${R_CLIENTDIR} $verbose -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
>${OUTFILE_TMP} 2>&1 < ${REQF}
@@ -1281,10 +1283,10 @@ ssl_crl_cache()
cparam=`echo $_cparam | sed -e 's;\([^\]\)_;\1 ;g' -e 's;\\_;_;g' -e "s/TestUser/$USER_NICKNAME/g" `
echo "Server Args: $SERV_ARG"
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
echo " ${cparam} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
-d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
@@ -1349,19 +1351,19 @@ ssl_dtls()
echo "${testname}"
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \\"
echo " -d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss < ${REQUEST_FILE} &"
- (sleep 2; cat ${REQUEST_FILE}) | ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \
+ (sleep 2; cat ${REQUEST_FILE}) | ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \
-d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss 2>&1 &
PID=$!
sleep 1
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \\"
echo " -d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q ${CLIENT_PW} < ${REQUEST_FILE}"
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q ${CLIENT_PW} < ${REQUEST_FILE} 2>&1
ret=$?
html_msg $ret $value "${testname}" \
@@ -1388,9 +1390,9 @@ ssl_scheme()
start_selfserv -V tls1.2:tls1.2 -J "$sscheme"
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
echo " -V tls1.2:tls1.2 -J "$cscheme" ${CLIENT_PW} < ${REQUEST_FILE}"
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${CLIENT_PW} < ${REQUEST_FILE} 2>&1
ret=$?
# If both schemes include just one option and those options don't
@@ -1428,9 +1430,9 @@ ssl_scheme_stress()
start_selfserv -V tls1.2:tls1.2 -J "$sscheme"
- echo "strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
echo " -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} ${CLIENT_PW} < ${REQUEST_FILE}"
- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} ${CLIENT_PW} < ${REQUEST_FILE} 2>&1
ret=$?
# If both schemes include just one option and those options don't
@@ -1467,9 +1469,9 @@ ssl_exporter()
for exporter in "${exporters[@]}"; do
start_selfserv -V tls1.2:tls1.2 -x "$exporter"
- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
echo " -V tls1.2:tls1.2 -x $exporter ${CLIENT_PW} < ${REQUEST_FILE}"
- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -x "$exporter" ${CLIENT_PW} < ${REQUEST_FILE} 2>&1 > client.out
kill_selfserv
diff <(LC_ALL=C grep -A1 "^ *Keying Material:" server.out) \