From 17896bcb9bc53435b3dd92204f402c00a60dadbd Mon Sep 17 00:00:00 2001
From: "julien.pierre.bugs%sun.com"
 <julien.pierre.bugs%sun.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Wed, 23 Aug 2006 23:32:01 +0000
Subject: [PATCH] Fix for bug 332222 . Allow ssl.sh to support mixed ECC/RSA
 certs. Patch created by Slavomir Katuscak. r=nelson, rrelyea

git-svn-id: svn://10.0.0.236/trunk@208256 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/nss/tests/ssl/ssl.sh        | 44 +++++++++++++++++++-
 mozilla/security/nss/tests/ssl/sslcov.txt    | 20 ++++-----
 mozilla/security/nss/tests/ssl/sslstress.txt | 10 +----
 3 files changed, 54 insertions(+), 20 deletions(-)

diff --git a/mozilla/security/nss/tests/ssl/ssl.sh b/mozilla/security/nss/tests/ssl/ssl.sh
index ecd3e4d5bc2..60795e7a371 100755
--- a/mozilla/security/nss/tests/ssl/ssl.sh
+++ b/mozilla/security/nss/tests/ssl/ssl.sh
@@ -205,6 +205,9 @@ start_selfserv()
   else
       ECC_OPTIONS=""
   fi
+  if [ "$1" = "mixed" ]; then
+      ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
+  fi
   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
   echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
   echo "selfserv started at `date`"
@@ -245,6 +248,8 @@ ssl_cov()
   else
       sparam="$CSHORT"
   fi
+
+  mixed=0
   start_selfserv # Launch the server
                
   p=""
@@ -264,7 +269,34 @@ ssl_cov()
               TLS_FLAG=""
           fi
 
-          is_selfserv_alive
+# These five tests need an EC cert signed with RSA
+# This requires a different certificate loaded in selfserv
+# due to a (current) NSS limitation of only loaded one cert
+# per type so the default selfserv setup will not work.
+#:C00B TLS ECDH RSA WITH NULL SHA
+#:C00C TLS ECDH RSA WITH RC4 128 SHA
+#:C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
+#:C00E TLS ECDH RSA WITH AES 128 CBC SHA
+#:C00F TLS ECDH RSA WITH AES 256 CBC SHA
+
+          if [ $mixed -eq 0 ]; then
+            if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
+              kill_selfserv
+              start_selfserv mixed
+              mixed=1
+            else
+              is_selfserv_alive
+            fi
+          else 
+            if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
+              is_selfserv_alive
+            else
+              kill_selfserv
+              start_selfserv
+              mixed=0
+            fi
+          fi
+
           echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
           echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
 
@@ -339,7 +371,15 @@ ssl_stress()
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$ectype" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
-          start_selfserv
+
+# This test needs the mixed cert 
+# Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
+          if [ "${sparam}" = "-c_:C00E" ]; then
+              start_selfserv mixed
+          else
+              start_selfserv
+          fi
+
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
               ps -ef | grep selfserv
diff --git a/mozilla/security/nss/tests/ssl/sslcov.txt b/mozilla/security/nss/tests/ssl/sslcov.txt
index 0d738a3c33e..7399886456f 100644
--- a/mozilla/security/nss/tests/ssl/sslcov.txt
+++ b/mozilla/security/nss/tests/ssl/sslcov.txt
@@ -59,11 +59,11 @@
    ECC   noTLS  :C008 SSL3 ECDHE ECDSA WITH 3DES EDE CBC SHA
    ECC   noTLS  :C009 SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
    ECC   noTLS  :C00A SSL3 ECDHE ECDSA WITH AES 256 CBC SHA
-#  ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
-#  ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
-#  ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
-#  ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
-#  ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
+   ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
+   ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
+   ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
+   ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
+   ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
    ECC   noTLS  :C010 SSL3 ECDHE RSA WITH NULL SHA
    ECC   noTLS  :C011 SSL3 ECDHE RSA WITH RC4 128 SHA
    ECC   noTLS  :C012 SSL3 ECDHE RSA WITH 3DES EDE CBC SHA
@@ -82,11 +82,11 @@
    ECC    TLS   :C008 TLS ECDHE ECDSA WITH 3DES EDE CBC SHA
    ECC    TLS   :C009 TLS ECDHE ECDSA WITH AES 128 CBC SHA
    ECC    TLS   :C00A TLS ECDHE ECDSA WITH AES 256 CBC SHA
-#  ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
-#  ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
-#  ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
-#  ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
-#  ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
+   ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
+   ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
+   ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
+   ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
+   ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
    ECC    TLS   :C010 TLS ECDHE RSA WITH NULL SHA
    ECC    TLS   :C011 TLS ECDHE RSA WITH RC4 128 SHA
    ECC    TLS   :C012 TLS ECDHE RSA WITH 3DES EDE CBC SHA
diff --git a/mozilla/security/nss/tests/ssl/sslstress.txt b/mozilla/security/nss/tests/ssl/sslstress.txt
index dab9ed0dc16..7e0c7975345 100644
--- a/mozilla/security/nss/tests/ssl/sslstress.txt
+++ b/mozilla/security/nss/tests/ssl/sslstress.txt
@@ -22,10 +22,7 @@
    ECC      0      -c_:C009  -c_100_-C_:C009_-N_-T  Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
    ECC      0      -c_:C013  -c_1000_-C_:C013_-T    Stress SSL3 ECDHE-RSA   AES 128 CBC with SHA
    ECC      0      -c_:C004  -2_-c_100_-C_:C004_-N  Stress TLS  ECDH-ECDSA  AES 128 CBC with SHA (no reuse)
-#
-#  following line commented to woraround bug 332222
-#
-#  ECC      0      -c_:C00E  -2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
+   ECC      0      -c_:C00E  -2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
    ECC      0      -c_:C013  -2_-c_1000_-C_:C013    Stress TLS  ECDHE-RSA   AES 128 CBC with SHA
 #
 # add client auth versions here...
@@ -33,8 +30,5 @@
    ECC      0      -r_-r_-c_:C009  -c_10_-C_:C009_-N_-T_-n_TestUser-ec Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse, client auth)
    ECC      0      -r_-r_-c_:C013  -c_100_-C_:C013_-T_-n_TestUser-ec Stress SSL3 ECDHE-RSA AES 128 CBC with SHA (client auth)
    ECC      0      -r_-r_-c_:C004  -c_10_-C_:C004_-N_-n_TestUser-ec Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse, client auth)
-#
-#  following line commented to woraround bug 332222
-#
-#   ECC      0      -r_-r_-c_:C00E  -c_10_-C_:C00E_-N_-n_TestUser-ec Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
+   ECC      0      -r_-r_-c_:C00E  -c_10_-C_:C00E_-N_-n_TestUser-ec Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
    ECC      0      -r_-r_-c_:C013  -c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth)