diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c index 06c15410856..74dd6a4d7cb 100644 --- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c +++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c @@ -78,6 +78,8 @@ #define MAX_WAIT_FOR_SERVER 600 #define WAIT_INTERVAL 100 +#define EXPECTED_ERROR_SSL_SH 254 + PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; int ssl2CipherSuites[] = { @@ -982,9 +984,15 @@ int main(int argc, char **argv) if (cc < 0) { PRErrorCode err = PR_GetError(); if (err != PR_WOULD_BLOCK_ERROR) { - SECU_PrintError(progName, + SECU_PrintError(progName, "write to SSL socket failed"); - error = 254; + if (err == SSL_ERROR_BAD_CERT_ALERT || + err == SSL_ERROR_REVOKED_CERT_ALERT || + err == SEC_ERROR_BAD_SIGNATURE) { + error = EXPECTED_ERROR_SSL_SH; + } else { + error = 1; + } goto done; } cc = 0; @@ -1022,10 +1030,16 @@ int main(int argc, char **argv) nb = PR_Recv(pollset[SSOCK_FD].fd, buf, sizeof buf, 0, maxInterval); FPRINTF(stderr, "%s: Read from server %d bytes\n", progName, nb); if (nb < 0) { - if (PR_GetError() != PR_WOULD_BLOCK_ERROR) { - SECU_PrintError(progName, "read from socket failed"); - error = 1; - goto done; + PRErrorCode err = PR_GetError(); + if (err != PR_WOULD_BLOCK_ERROR) { + SECU_PrintError(progName, "read from socket failed"); + if (err == SSL_ERROR_BAD_CERT_ALERT || + err == SSL_ERROR_REVOKED_CERT_ALERT) { + error = EXPECTED_ERROR_SSL_SH; + } else { + error = 1; + } + goto done; } } else if (nb == 0) { /* EOF from socket... stop polling socket for read */ diff --git a/mozilla/security/nss/tests/ssl/ssl.sh b/mozilla/security/nss/tests/ssl/ssl.sh index 27b6e1ecdd2..50987021449 100755 --- a/mozilla/security/nss/tests/ssl/ssl.sh +++ b/mozilla/security/nss/tests/ssl/ssl.sh @@ -400,10 +400,6 @@ ssl_auth() cat ${TMP}/$HOST.tmp.$$ rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - #workaround for bug #402058 - [ $ret -ne 0 ] && ret=1 - [ $value -ne 0 ] && value=1 - html_msg $ret $value "${testname}" \ "produced a returncode of $ret, expected is $value" kill_selfserv @@ -515,10 +511,10 @@ ssl_crl_ssl() 3) if [ -z "$pwd" -o -z "$user" ]; then rev_modvalue=0 else - rev_modvalue=1 + rev_modvalue=254 fi ;; - 4) rev_modvalue=1 ;; + 4) rev_modvalue=254 ;; esac TEMP_NUM=0 while [ $TEMP_NUM -lt $CRL_GROUP_RANGE ] @@ -701,10 +697,10 @@ ssl_crl_cache() 3) if [ -z "$pwd" -o -z "$user" ]; then rev_modvalue=0 else - rev_modvalue=1 + rev_modvalue=254 fi ;; - 4) rev_modvalue=1 ;; + 4) rev_modvalue=254 ;; esac TEMP_NUM=0 LOADED_GRP=1 diff --git a/mozilla/security/nss/tests/ssl/sslauth.txt b/mozilla/security/nss/tests/ssl/sslauth.txt index deb30c3b680..cf5a012613f 100644 --- a/mozilla/security/nss/tests/ssl/sslauth.txt +++ b/mozilla/security/nss/tests/ssl/sslauth.txt @@ -20,14 +20,14 @@ noECC 0 -r_-r_-r -w_nss_-n_none TLS Request don't require client auth on 2nd hs (client does not provide auth) noECC 0 -r_-r_-r -w_bogus_-n_TestUser TLS Request don't require client auth on 2nd hs (bad password) noECC 0 -r_-r_-r -w_nss_-n_TestUser TLS Request don't require client auth on 2nd hs (client auth) - noECC 1 -r_-r_-r_-r -w_nss_-n_none TLS Require client auth on 2nd hs (client does not provide auth) - noECC 1 -r_-r_-r_-r -w_bogus_-n_TestUser TLS Require client auth on 2nd hs (bad password) + noECC 254 -r_-r_-r_-r -w_nss_-n_none TLS Require client auth on 2nd hs (client does not provide auth) + noECC 254 -r_-r_-r_-r -w_bogus_-n_TestUser TLS Require client auth on 2nd hs (bad password) noECC 0 -r_-r_-r_-r -w_nss_-n_TestUser_ TLS Require client auth on 2nd hs (client auth) noECC 0 -r_-r_-r -T_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth) noECC 0 -r_-r_-r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password) noECC 0 -r_-r_-r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth) - noECC 1 -r_-r_-r_-r -T_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth) - noECC 1 -r_-r_-r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password) + noECC 254 -r_-r_-r_-r -T_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth) + noECC 254 -r_-r_-r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password) noECC 0 -r_-r_-r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth) # # Use EC cert for client authentication @@ -42,9 +42,9 @@ ECC 0 -r_-r -T_-n_TestUser-ec_-w_nss SSL3 Require client auth (EC) (client auth) ECC 0 -r_-r_-r -w_bogus_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (bad password) ECC 0 -r_-r_-r -w_nss_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (client auth) - ECC 1 -r_-r_-r_-r -w_bogus_-n_TestUser-ec TLS Require client auth on 2nd hs (EC) (bad password) + ECC 254 -r_-r_-r_-r -w_bogus_-n_TestUser-ec TLS Require client auth on 2nd hs (EC) (bad password) ECC 0 -r_-r_-r_-r -w_nss_-n_TestUser-ec_ TLS Require client auth on 2nd hs (EC) (client auth) ECC 0 -r_-r_-r -T_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password) ECC 0 -r_-r_-r -T_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth) - ECC 1 -r_-r_-r_-r -T_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password) + ECC 254 -r_-r_-r_-r -T_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password) ECC 0 -r_-r_-r_-r -T_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)