Commit 8c736f34 authored by Martin Thomson's avatar Martin Thomson

Bug 1208243 - Enable ssl_gtest if built, r=ekr

--HG--
extra : amend_source : 5e545e34d5d6e7d3be9ca7adbd9c41383bc3b039
parent 9a8e90f4
GTest-based Unit Tests
This directory contains GTest-based unit tests for NSS.
This directory contains GTest-based unit tests for NSS libssl.
Currently, these are only loopback-type tests of libsssl,
but could be expanded to other types of tests. To make these
work do:
These aren't built by default, because they require C++.
To build them, set ``NSS_BUILD_GTESTS=1''
- Set NSS_BUILD_GTESTS=1 before starting your build
Once built, they are run as part of running ``test/all.sh''
You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''
- cd tests/
- Set NSS_TESTS=ssl_gtests and NSS_CYCLES=standard
- run ./all.sh
This will run the certutil tests (generating a test db) and
will finalize with a call to the ssl_gtest
You should be able to run the unit tests manually as:
ssl_gtest -d ${SSLGTESTDIR}
Where $SSLGTESTDIR is a directory with a database containing:
- an RSA certificate called server (with its private key)
- an ECDSA certificate called ecdsa (with its private key)
A directory like this is created by ./all.sh and can be found
in a directory named something like
They can be run standalone or under a debugger by invoking the ssl_gtest
executable with a ``-d'' option pointing to the directory created by either
of the above options. You can find that in
tests_results/security/${hostname}.${NUMBER}/ssl_gtests
......@@ -202,7 +202,7 @@ run_cycle_upgrade_db()
# run the subset of tests with the upgraded database
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests"
echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
RET=$?
......@@ -233,7 +233,7 @@ run_cycle_shared_db()
# run the tests for native sharedb support
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests"
echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
RET=$?
......@@ -274,7 +274,7 @@ run_cycles()
cycles="standard pkix upgradedb sharedb"
CYCLES=${NSS_CYCLES:-$cycles}
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests"
TESTS=${NSS_TESTS:-$tests}
ALL_TESTS=${TESTS}
......
......@@ -1201,62 +1201,6 @@ cert_ssl()
pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
}
############################# ssl_gtest ##########################
# local shell function to create serve certs for SSL gtests
##################################################################
cert_ssl_gtests()
{
CERTFAILED=0
echo "$SCRIPTNAME: Creating ssl_gtest DB dir"
cert_init_cert ${SSLGTESTDIR} "server" 1 ${D_EXT_SERVER}
echo "$SCRIPTNAME: Creating database for ssl_gtests"
certu -N -d "${SSLGTESTDIR}" --empty-password 2>&1
# the ssl server used here is special: is a self-signed server
# certificate with name server.
echo "$SCRIPTNAME: Creating certs for ssl_gtests"
certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n server -s "CN=server" \
-t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
0
2
9
n
n
n
CERTSCRIPT
if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create RSA server cert for ssl_gtests"
fi
certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n client -s "CN=client" \
-t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create RSA client cert for ssl_gtests"
fi
certu -S -z ${R_NOISE_FILE} -k ec -q nistp256 -d ${SSLGTESTDIR} -n ecdsa -s CN=ecdsa \
-t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create ECDSA server cert for ssl_gtests"
fi
}
############################## cert_stresscerts ################################
# local shell function to create client certs for SSL stresstest
########################################################################
......@@ -2060,7 +2004,6 @@ cert_init
cert_all_CA
cert_extended_ssl
cert_ssl
cert_ssl_gtests
cert_smime_client
if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
cert_fips
......
......@@ -235,7 +235,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
HTML_UNKNOWN='</TD><TD>Unknown/TD><TR>'
HTML_UNKNOWN='</TD><TD>Unknown</TD><TR>'
TABLE_ARGS=
......
/\<testcase/{
s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\3 '\4: \1 \2'/
t end
s/^.* name="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\2 '\3: \1'/
t end
}
d
: end
......@@ -18,6 +18,55 @@
# NOTE .... unexpected behavior
#
########################################################################
ssl_gtest_certs() {
mkdir -p "${SSLGTESTDIR}"
cd "${SSLGTESTDIR}"
PROFILEDIR=`pwd`
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
PROFILEDIR=`cygpath -m "${PROFILEDIR}"`
fi
${BINDIR}/certutil -N -d "${PROFILEDIR}" --empty-password 2>&1
html_msg $? 0 "create ssl_gtest database"
${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n server -s "CN=server" -t C,C,C -x -m 1 -w -2 -v 120 \
-k rsa -g 1024 -Z SHA256 -1 -2 <<CERTSCRIPT
0
2
9
n
n
n
CERTSCRIPT
html_msg $? 0 "create ssl_gtest server certificate"
${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n client -s "CN=client" -t C,C,C -x -m 1 -w -2 -v 120 \
-k rsa -g 1024 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
html_msg $? 0 "create ssl_gtest client certificate"
${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n ecdsa -s "CN=ecdsa" -t C,C,C -x -m 1 -w -2 -v 120 \
-k ec -q nistp256 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
html_msg $? 0 "create ssl_gtest ECDSA certificate"
}
############################## ssl_gtest_init ##########################
# local shell function to initialize this script
......@@ -33,16 +82,17 @@ ssl_gtest_init()
cd ../common
. ./init.sh
fi
if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
cd ../cert
. ./cert.sh
fi
SCRIPTNAME=ssl_gtest.sh
echo "$SCRIPTNAME: SSL Gtests ==============================="
html_head SSL Gtests
if [ ! -d "${SSLGTESTDIR}" ]; then
ssl_gtest_certs
fi
REQF=${QADIR}/ssl/sslreq.dat
cd ${CLIENTDIR}
cd "${SSLGTESTDIR}"
}
########################## ssl_gtest_start #########################
......@@ -50,8 +100,24 @@ ssl_gtest_init()
####################################################################
ssl_gtest_start()
{
ssl_gtest -d ${SSLGTESTDIR}
html_msg $? 0 "ssl_gtest"
if [ ! -f ${BINDIR}/ssl_gtest ]; then
html_unknown "Skipping ssl_gtest (not built)"
return
fi
SSLGTESTREPORT="${SSLGTESTDIR}/report.xml"
${BINDIR}/ssl_gtest -d "${SSLGTESTDIR}" --gtest_output=xml:"${SSLGTESTREPORT}"
html_msg $? 0 "ssl_gtest run successfully"
sed -f ${QADIR}/ssl_gtests/parsereport.sed "${SSLGTESTREPORT}" | \
while read result name; do
if [ "$result" = "notrun" ]; then
echo "$name" SKIPPED
elif [ "$result" = "run" ]; then
html_passed "$name" > /dev/null
else
html_failed "$name"
fi
done
}
################## main #################################################
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment