[apple/security.git] / SecurityTests / clxutils / cltpdvt

#! /bin/csh -f
#
# run CL/TP/SSL X regression tests.
#
set BUILD_DIR=$LOCAL_BUILD_DIR
#
set QUICK_TEST = 1
set QUIET= 
set CERTCRL_QUIET=
set VERB= 
set PINGSSL_QUIET=
set SKIP_BASIC = 0
# when false, no SSL, not even local loopback tests or CRL/OCSP tests
set NO_SSL=0
# when empty, do ssl Ping tests via ssldvt
set SSL_PING_ENABLE=n
set FULL_SSL=NO
set DO_THREAD=1
#
while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case s:
            set QUICK_TEST = 1
            shift
            breaksw
        case l:
            set QUICK_TEST = 0
            shift
            breaksw
        case v:
            set VERB = v
            shift
            breaksw
        case n:
            set NO_SSL = 1
            shift
            breaksw
        case f:
            set SSL_PING_ENABLE =
			set FULL_SSL = YES
            shift
            breaksw
        case t:
            set DO_THREAD = 0
            shift
            breaksw
		case k:
			set SKIP_BASIC = 1
			shift
			breaksw
        case q:
            set QUIET = q
			set CERTCRL_QUIET = -q
			set PINGSSL_QUIET = s
            shift
            breaksw
        default:
            cat cltpdvt_usage
            exit(1)
    endsw
end

#
# Select 'quick' or 'normal' test params
#
# Note that we disable DB storage of certs in cgVerify and cgConstruct, to avoid
# messing with user's ~/Library/Keychains. 
#
if($QUICK_TEST == 1) then
	set CGCONSTRUCT_ARGS="d=0"
    set CGVERIFY_ARGS="d"
    set CGVERIFY_DSA_ARGS="l=20 d"
	set CAVERIFY_ARGS=
	set EXTENTEST_ARGS=
	if($NO_SSL == 1) then
		set THREADTEST_ARGS="ecvsyfF l=10"
	else
		set THREADTEST_ARGS="l=10"
	endif
	set THREADPING_ARGS="ep o=mr3 l=5"
	set P12REENCODE_ARGS="l=2"
else
	set CGCONSTRUCT_ARGS="l=100 d=0"
	set CGVERIFY_ARGS="l=100 d"
	set CAVERIFY_ARGS="l=500"
    set CGVERIFY_DSA_ARGS="l=500 d"
	set EXTENTEST_ARGS="l=100"
	if($NO_SSL == 1) then
		set THREADTEST_ARGS="l=100 ecvsyfF"
	else
		set THREADTEST_ARGS="l=100"
	endif
	set THREADPING_ARGS="ep o=mr3 l=10"
	set P12REENCODE_ARGS="l=10"
endif
#
set CLXUTILS=`pwd`

if($SKIP_BASIC == 0) then
	#
	# test RSA, FEE, ECDSA with the following two...
	#
	$BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS $QUIET $VERB || exit(1)
	$BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=f $QUIET $VERB || exit(1)
	$BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=E $QUIET $VERB || exit(1)
	$BUILD_DIR/cgVerify $CGVERIFY_ARGS n=2 $QUIET $VERB || exit(1)
	$BUILD_DIR/cgVerify $CGVERIFY_ARGS $QUIET $VERB || exit(1)
	$BUILD_DIR/cgVerify $CGVERIFY_ARGS a=e $QUIET $VERB || exit(1)
	$BUILD_DIR/cgVerify $CGVERIFY_ARGS a=5 $QUIET $VERB || exit(1)
	$BUILD_DIR/cgVerify $CGVERIFY_ARGS a=E $QUIET $VERB || exit(1)
	#
	# And one run for DSA partial key processing; run in the test
	# dir to pick up DSA params
	#
	cd $CLXUTILS/cgVerify
	$BUILD_DIR/cgVerify $CGVERIFY_DSA_ARGS a=d $QUIET $VERB || exit(1)
	$BUILD_DIR/caVerify $CAVERIFY_ARGS $QUIET $VERB || exit(1)
	$BUILD_DIR/caVerify a=E $CAVERIFY_ARGS $QUIET $VERB || exit(1)
endif

#
# Anchor and intermediate test: once with normal anchors, one with 
# Trust Settings.
#
###
### Allow expired anchors until Radar 6133507 is fixed
###
echo "### Warning: allowing expired roots in anchorTest..."
$BUILD_DIR/anchorTest e $QUIET $VERB || exit(1)
$BUILD_DIR/anchorTest t e $QUIET $VERB || exit(1)
$CLXUTILS/anchorTest/intermedTest $QUIET || exit(1)
$CLXUTILS/anchorTest/intermedTest t $QUIET || exit(1)
$BUILD_DIR/trustAnchors $QUIET || exit(1)

cd $CLXUTILS
./updateCerts

$BUILD_DIR/certSerialEncodeTest $QUIET || exit(1)

#
# certcrl script tests require files relative to cwd
#
cd $CLXUTILS/certcrl/testSubjects/X509tests
$BUILD_DIR/certcrl -S x509tests.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/smime
$BUILD_DIR/certcrl -S smime.scr $CERTCRL_QUIET || exit(1)
#
# disable expiredRoot test since it makes assumptions about
# store.apple.com which are no longer true %%%FIXME!
#cd $CLXUTILS/certcrl/testSubjects/expiredRoot
#$BUILD_DIR/certcrl -S expiredRoot.scr $CERTCRL_QUIET || exit(1)
#
cd $CLXUTILS/certcrl/testSubjects/expiredCerts
$BUILD_DIR/certcrl -S expiredCerts.scr $CERTCRL_QUIET || exit(1)
#
cd $CLXUTILS/certcrl/testSubjects/anchorAndDb
$BUILD_DIR/certcrl -S anchorAndDb.scr $CERTCRL_QUIET || exit(1)
#
cd $CLXUTILS/certcrl/testSubjects/hostNameDot
$BUILD_DIR/certcrl -S hostNameDot.scr $CERTCRL_QUIET || exit(1)
#
# one with normal anchors, one with Trust Settings
cd $CLXUTILS/certcrl/testSubjects/AppleCerts
$BUILD_DIR/certcrl -S AppleCerts.scr $CERTCRL_QUIET || exit(1)
$BUILD_DIR/certcrl -S AppleCerts.scr -g $CERTCRL_QUIET || exit(1)
#
# one with normal anchors, one with Trust Settings
# This will fail if you have userTrustSettings.plist, from ../trustSettings,
# installed!
# Note this should eventually be renamed to something like SWUpdateSigning...
cd $CLXUTILS/certcrl/testSubjects/AppleCodeSigning
$BUILD_DIR/certcrl -S AppleCodeSigning.scr $CERTCRL_QUIET || exit(1)
$BUILD_DIR/certcrl -S AppleCodeSigning.scr -g $CERTCRL_QUIET || exit(1)
#
cd $CLXUTILS/certcrl/testSubjects/CodePkgSigning
$BUILD_DIR/certcrl -S CodePkgSigning.scr $CERTCRL_QUIET || exit(1)
#
cd $CLXUTILS/certcrl/testSubjects/localTime
$BUILD_DIR/certcrl -S localTime.scr $CERTCRL_QUIET || exit(1)
#
# one with normal anchors, one with Trust Settings
cd $CLXUTILS/certcrl/testSubjects/serverGatedCrypto
$BUILD_DIR/certcrl -S sgc.scr $CERTCRL_QUIET || exit(1)
$BUILD_DIR/certcrl -S sgc.scr -g $CERTCRL_QUIET || exit(1)
#
cd $CLXUTILS/certcrl/testSubjects/crlTime
$BUILD_DIR/certcrl -S crlTime.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/implicitAnchor
$BUILD_DIR/certcrl -S implicitAnchor.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/crossSigned
$BUILD_DIR/certcrl -S crossSigned.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/emptyCert
$BUILD_DIR/certcrl -S emptyCert.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/emptySubject
$BUILD_DIR/certcrl -S emptySubject.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/qualCertStatment
$BUILD_DIR/certcrl -S qualCertStatement.scr $CERTCRL_QUIET || exit(1)
cd $CLXUTILS/certcrl/testSubjects/ipSec
$BUILD_DIR/certcrl -S ipSec.scr $CERTCRL_QUIET || exit(1)
#
# ECDSA certs, lots of 'em
#
cd $CLXUTILS/certcrl/testSubjects/NSS_ECC
$BUILD_DIR/certcrl -S nssecc.scr $CERTCRL_QUIET || exit(1)
$BUILD_DIR/certcrl -S msEcc.scr $CERTCRL_QUIET || exit(1)
$BUILD_DIR/certcrl -S opensslEcc.scr $CERTCRL_QUIET || exit(1)

#
# CRL/OCSP tests
# once each with normal anchors, one with Trust Settings
#
# Until Verisign gets their CRL server fixed, we have to allow the disabling of the 
# CRL test....
#
if($NO_SSL == 0) then
	cd $CLXUTILS
	if($FULL_SSL == YES) then
		cd $CLXUTILS/certcrl/testSubjects/crlFromSsl
		$BUILD_DIR/certcrl -S crlssl.scr $CERTCRL_QUIET || exit(1)
		$BUILD_DIR/certcrl -S crlssl.scr -g $CERTCRL_QUIET || exit(1)
	endif
	cd $CLXUTILS/certcrl/testSubjects/ocspFromSsl
	# this test makes assumptions about store.apple.com which are no longer
	# true, so need to disable the test for now. %%%FIXME!
	#$BUILD_DIR/certcrl -S ocspssl.scr $CERTCRL_QUIET || exit(1)
	#$BUILD_DIR/certcrl -S ocspssl.scr -g $CERTCRL_QUIET || exit(1)
endif
#
$BUILD_DIR/extenTest $EXTENTEST_ARGS $QUIET $VERB || exit(1)
$BUILD_DIR/extenTestTp $EXTENTEST_ARGS $QUIET $VERB || exit(1)
$BUILD_DIR/sslSubjName $QUIET $VERB || exit(1)
$BUILD_DIR/smimePolicy $QUIET $VERB || exit(1)
$BUILD_DIR/certLabelTest $CERTCRL_QUIET || exit(1)

#
# extendAttrTest has to be run from specific directory for access to keys and certs
# 
cd $CLXUTILS/extendAttrTest
$BUILD_DIR/extendAttrTest -k $BUILD_DIR/eat.keychain $CERTCRL_QUIET || exit(1)

#
# threadTest relies on a cert file in cwd
#
if($DO_THREAD == 1) then
	cd $CLXUTILS/threadTest
	$BUILD_DIR/threadTest $THREADTEST_ARGS $QUIET $VERB || exit(1)
endif
#
# CMS tests have to be run from specific directory for access to keychain and certs
# 
cd $CLXUTILS/newCmsTool/blobs
./cmstestHandsoff $CERTCRL_QUIET || exit(1)
./cmsEcdsaHandsoff $CERTCRL_QUIET || exit(1)

#
# This one uses a number of p12 files in cwd
#
# we may never see this again....
#
# echo ==== skipping p12Reencode for now, but I really want this back ===
# cd $CLXUTILS/p12Reencode
# ./doReencode $P12REENCODE_ARGS $QUIET || exit(1)
#

#
# Import/export tests, always run from here with no default ACL (to avoid UI).
#
cd $CLXUTILS/importExport
./importExport n $QUIET || exit(1)

# sslEcdsa test removed pending validation of tls.secg.org server
# 
# $BUILD_DIR/sslEcdsa $CERTCRL_QUIET || exit(1)

#
# Full SSL tests run:
# -- once with blocking socket I/O
# -- once with nonblocking socket I/O
# -- once with RingBuffer I/O, no verifyPing
#
if($NO_SSL == 0) then
	cd $CLXUTILS/sslScripts
	./makeLocalCert a || exit(1)
	./ssldvt $SSL_PING_ENABLE $QUIET $VERB || exit(1)
	./ssldvt $SSL_PING_ENABLE $QUIET $VERB b || exit(1)
	./ssldvt n $QUIET $VERB R || exit(1)
	./removeLocalCerts
endif
if($FULL_SSL == YES) then
	$BUILD_DIR/threadTest $THREADPING_ARGS $QUIET $VERB || exit(1)
endif

echo ==== cltpdvt success ====
Commit	Line	Data
d8f41ccd A	1	#! /bin/csh -f
	2	#
	3	# run CL/TP/SSL X regression tests.
	4	#
	5	set BUILD_DIR=$LOCAL_BUILD_DIR
	6	#
	7	set QUICK_TEST = 1
	8	set QUIET=
	9	set CERTCRL_QUIET=
	10	set VERB=
	11	set PINGSSL_QUIET=
	12	set SKIP_BASIC = 0
	13	# when false, no SSL, not even local loopback tests or CRL/OCSP tests
	14	set NO_SSL=0
	15	# when empty, do ssl Ping tests via ssldvt
	16	set SSL_PING_ENABLE=n
	17	set FULL_SSL=NO
	18	set DO_THREAD=1
	19	#
	20	while ( $#argv > 0 )
	21	switch ( "$argv[1]" )
	22	case s:
	23	set QUICK_TEST = 1
	24	shift
	25	breaksw
	26	case l:
	27	set QUICK_TEST = 0
	28	shift
	29	breaksw
	30	case v:
	31	set VERB = v
	32	shift
	33	breaksw
	34	case n:
	35	set NO_SSL = 1
	36	shift
	37	breaksw
	38	case f:
	39	set SSL_PING_ENABLE =
	40	set FULL_SSL = YES
	41	shift
	42	breaksw
	43	case t:
	44	set DO_THREAD = 0
	45	shift
	46	breaksw
	47	case k:
	48	set SKIP_BASIC = 1
	49	shift
	50	breaksw
	51	case q:
	52	set QUIET = q
	53	set CERTCRL_QUIET = -q
	54	set PINGSSL_QUIET = s
	55	shift
	56	breaksw
	57	default:
	58	cat cltpdvt_usage
	59	exit(1)
	60	endsw
	61	end
	62
	63	#
	64	# Select 'quick' or 'normal' test params
65	#
66	# Note that we disable DB storage of certs in cgVerify and cgConstruct, to avoid
67	# messing with user's ~/Library/Keychains.
68	#
69	if($QUICK_TEST == 1) then
70	set CGCONSTRUCT_ARGS="d=0"
71	set CGVERIFY_ARGS="d"
72	set CGVERIFY_DSA_ARGS="l=20 d"
73	set CAVERIFY_ARGS=
74	set EXTENTEST_ARGS=
75	if($NO_SSL == 1) then
76	set THREADTEST_ARGS="ecvsyfF l=10"
77	else
78	set THREADTEST_ARGS="l=10"
79	endif
80	set THREADPING_ARGS="ep o=mr3 l=5"
81	set P12REENCODE_ARGS="l=2"
82	else
83	set CGCONSTRUCT_ARGS="l=100 d=0"
84	set CGVERIFY_ARGS="l=100 d"
85	set CAVERIFY_ARGS="l=500"
86	set CGVERIFY_DSA_ARGS="l=500 d"
87	set EXTENTEST_ARGS="l=100"
88	if($NO_SSL == 1) then
89	set THREADTEST_ARGS="l=100 ecvsyfF"
90	else
91	set THREADTEST_ARGS="l=100"
92	endif
93	set THREADPING_ARGS="ep o=mr3 l=10"
94	set P12REENCODE_ARGS="l=10"
95	endif
96	#
97	set CLXUTILS=`pwd`
98
99	if($SKIP_BASIC == 0) then
100	#
101	# test RSA, FEE, ECDSA with the following two...
102	#
103	$BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS $QUIET $VERB \|\| exit(1)
104	$BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=f $QUIET $VERB \|\| exit(1)
105	$BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=E $QUIET $VERB \|\| exit(1)
106	$BUILD_DIR/cgVerify $CGVERIFY_ARGS n=2 $QUIET $VERB \|\| exit(1)
107	$BUILD_DIR/cgVerify $CGVERIFY_ARGS $QUIET $VERB \|\| exit(1)
108	$BUILD_DIR/cgVerify $CGVERIFY_ARGS a=e $QUIET $VERB \|\| exit(1)
109	$BUILD_DIR/cgVerify $CGVERIFY_ARGS a=5 $QUIET $VERB \|\| exit(1)
110	$BUILD_DIR/cgVerify $CGVERIFY_ARGS a=E $QUIET $VERB \|\| exit(1)
111	#
112	# And one run for DSA partial key processing; run in the test
113	# dir to pick up DSA params
114	#
115	cd $CLXUTILS/cgVerify
116	$BUILD_DIR/cgVerify $CGVERIFY_DSA_ARGS a=d $QUIET $VERB \|\| exit(1)
117	$BUILD_DIR/caVerify $CAVERIFY_ARGS $QUIET $VERB \|\| exit(1)
118	$BUILD_DIR/caVerify a=E $CAVERIFY_ARGS $QUIET $VERB \|\| exit(1)
119	endif
120
121	#
122	# Anchor and intermediate test: once with normal anchors, one with
123	# Trust Settings.
124	#
125	###
126	### Allow expired anchors until Radar 6133507 is fixed
127	###
128	echo "### Warning: allowing expired roots in anchorTest..."
129	$BUILD_DIR/anchorTest e $QUIET $VERB \|\| exit(1)
130	$BUILD_DIR/anchorTest t e $QUIET $VERB \|\| exit(1)
131	$CLXUTILS/anchorTest/intermedTest $QUIET \|\| exit(1)
132	$CLXUTILS/anchorTest/intermedTest t $QUIET \|\| exit(1)
133	$BUILD_DIR/trustAnchors $QUIET \|\| exit(1)
134
135	cd $CLXUTILS
136	./updateCerts
137
138	$BUILD_DIR/certSerialEncodeTest $QUIET \|\| exit(1)
139
140	#
141	# certcrl script tests require files relative to cwd
142	#
143	cd $CLXUTILS/certcrl/testSubjects/X509tests
144	$BUILD_DIR/certcrl -S x509tests.scr $CERTCRL_QUIET \|\| exit(1)
145	cd $CLXUTILS/certcrl/testSubjects/smime
146	$BUILD_DIR/certcrl -S smime.scr $CERTCRL_QUIET \|\| exit(1)
147	#
148	# disable expiredRoot test since it makes assumptions about
149	# store.apple.com which are no longer true %%%FIXME!
150	#cd $CLXUTILS/certcrl/testSubjects/expiredRoot
151	#$BUILD_DIR/certcrl -S expiredRoot.scr $CERTCRL_QUIET \|\| exit(1)
152	#
153	cd $CLXUTILS/certcrl/testSubjects/expiredCerts
154	$BUILD_DIR/certcrl -S expiredCerts.scr $CERTCRL_QUIET \|\| exit(1)
155	#
156	cd $CLXUTILS/certcrl/testSubjects/anchorAndDb
157	$BUILD_DIR/certcrl -S anchorAndDb.scr $CERTCRL_QUIET \|\| exit(1)
158	#
159	cd $CLXUTILS/certcrl/testSubjects/hostNameDot
160	$BUILD_DIR/certcrl -S hostNameDot.scr $CERTCRL_QUIET \|\| exit(1)
161	#
162	# one with normal anchors, one with Trust Settings
163	cd $CLXUTILS/certcrl/testSubjects/AppleCerts
164	$BUILD_DIR/certcrl -S AppleCerts.scr $CERTCRL_QUIET \|\| exit(1)
165	$BUILD_DIR/certcrl -S AppleCerts.scr -g $CERTCRL_QUIET \|\| exit(1)
166	#
167	# one with normal anchors, one with Trust Settings
168	# This will fail if you have userTrustSettings.plist, from ../trustSettings,
169	# installed!
170	# Note this should eventually be renamed to something like SWUpdateSigning...
171	cd $CLXUTILS/certcrl/testSubjects/AppleCodeSigning
172	$BUILD_DIR/certcrl -S AppleCodeSigning.scr $CERTCRL_QUIET \|\| exit(1)
173	$BUILD_DIR/certcrl -S AppleCodeSigning.scr -g $CERTCRL_QUIET \|\| exit(1)
174	#
175	cd $CLXUTILS/certcrl/testSubjects/CodePkgSigning
176	$BUILD_DIR/certcrl -S CodePkgSigning.scr $CERTCRL_QUIET \|\| exit(1)
177	#
178	cd $CLXUTILS/certcrl/testSubjects/localTime
179	$BUILD_DIR/certcrl -S localTime.scr $CERTCRL_QUIET \|\| exit(1)
180	#
181	# one with normal anchors, one with Trust Settings
182	cd $CLXUTILS/certcrl/testSubjects/serverGatedCrypto
183	$BUILD_DIR/certcrl -S sgc.scr $CERTCRL_QUIET \|\| exit(1)
184	$BUILD_DIR/certcrl -S sgc.scr -g $CERTCRL_QUIET \|\| exit(1)
185	#
186	cd $CLXUTILS/certcrl/testSubjects/crlTime
187	$BUILD_DIR/certcrl -S crlTime.scr $CERTCRL_QUIET \|\| exit(1)
188	cd $CLXUTILS/certcrl/testSubjects/implicitAnchor
189	$BUILD_DIR/certcrl -S implicitAnchor.scr $CERTCRL_QUIET \|\| exit(1)
190	cd $CLXUTILS/certcrl/testSubjects/crossSigned
191	$BUILD_DIR/certcrl -S crossSigned.scr $CERTCRL_QUIET \|\| exit(1)
192	cd $CLXUTILS/certcrl/testSubjects/emptyCert
193	$BUILD_DIR/certcrl -S emptyCert.scr $CERTCRL_QUIET \|\| exit(1)
194	cd $CLXUTILS/certcrl/testSubjects/emptySubject
195	$BUILD_DIR/certcrl -S emptySubject.scr $CERTCRL_QUIET \|\| exit(1)
196	cd $CLXUTILS/certcrl/testSubjects/qualCertStatment
197	$BUILD_DIR/certcrl -S qualCertStatement.scr $CERTCRL_QUIET \|\| exit(1)
198	cd $CLXUTILS/certcrl/testSubjects/ipSec
199	$BUILD_DIR/certcrl -S ipSec.scr $CERTCRL_QUIET \|\| exit(1)
200	#
201	# ECDSA certs, lots of 'em
202	#
203	cd $CLXUTILS/certcrl/testSubjects/NSS_ECC
204	$BUILD_DIR/certcrl -S nssecc.scr $CERTCRL_QUIET \|\| exit(1)
205	$BUILD_DIR/certcrl -S msEcc.scr $CERTCRL_QUIET \|\| exit(1)
206	$BUILD_DIR/certcrl -S opensslEcc.scr $CERTCRL_QUIET \|\| exit(1)
207
208	#
209	# CRL/OCSP tests
210	# once each with normal anchors, one with Trust Settings
211	#
212	# Until Verisign gets their CRL server fixed, we have to allow the disabling of the
213	# CRL test....
214	#
215	if($NO_SSL == 0) then
216	cd $CLXUTILS
217	if($FULL_SSL == YES) then
218	cd $CLXUTILS/certcrl/testSubjects/crlFromSsl
219	$BUILD_DIR/certcrl -S crlssl.scr $CERTCRL_QUIET \|\| exit(1)
220	$BUILD_DIR/certcrl -S crlssl.scr -g $CERTCRL_QUIET \|\| exit(1)
221	endif
222	cd $CLXUTILS/certcrl/testSubjects/ocspFromSsl
223	# this test makes assumptions about store.apple.com which are no longer
224	# true, so need to disable the test for now. %%%FIXME!
225	#$BUILD_DIR/certcrl -S ocspssl.scr $CERTCRL_QUIET \|\| exit(1)
226	#$BUILD_DIR/certcrl -S ocspssl.scr -g $CERTCRL_QUIET \|\| exit(1)
227	endif
228	#
229	$BUILD_DIR/extenTest $EXTENTEST_ARGS $QUIET $VERB \|\| exit(1)
230	$BUILD_DIR/extenTestTp $EXTENTEST_ARGS $QUIET $VERB \|\| exit(1)
231	$BUILD_DIR/sslSubjName $QUIET $VERB \|\| exit(1)
232	$BUILD_DIR/smimePolicy $QUIET $VERB \|\| exit(1)
233	$BUILD_DIR/certLabelTest $CERTCRL_QUIET \|\| exit(1)
234
235	#
236	# extendAttrTest has to be run from specific directory for access to keys and certs
237	#
238	cd $CLXUTILS/extendAttrTest
239	$BUILD_DIR/extendAttrTest -k $BUILD_DIR/eat.keychain $CERTCRL_QUIET \|\| exit(1)
240
241	#
242	# threadTest relies on a cert file in cwd
243	#
244	if($DO_THREAD == 1) then
245	cd $CLXUTILS/threadTest
246	$BUILD_DIR/threadTest $THREADTEST_ARGS $QUIET $VERB \|\| exit(1)
247	endif
248	#
249	# CMS tests have to be run from specific directory for access to keychain and certs
250	#
251	cd $CLXUTILS/newCmsTool/blobs
252	./cmstestHandsoff $CERTCRL_QUIET \|\| exit(1)
253	./cmsEcdsaHandsoff $CERTCRL_QUIET \|\| exit(1)
254
255	#
256	# This one uses a number of p12 files in cwd
257	#
258	# we may never see this again....
259	#
260	# echo ==== skipping p12Reencode for now, but I really want this back ===
261	# cd $CLXUTILS/p12Reencode
262	# ./doReencode $P12REENCODE_ARGS $QUIET \|\| exit(1)
263	#
264
265	#
266	# Import/export tests, always run from here with no default ACL (to avoid UI).
267	#
268	cd $CLXUTILS/importExport
269	./importExport n $QUIET \|\| exit(1)
270
271	# sslEcdsa test removed pending validation of tls.secg.org server
272	#
273	# $BUILD_DIR/sslEcdsa $CERTCRL_QUIET \|\| exit(1)
274
275	#
276	# Full SSL tests run:
277	# -- once with blocking socket I/O
278	# -- once with nonblocking socket I/O
279	# -- once with RingBuffer I/O, no verifyPing
280	#
281	if($NO_SSL == 0) then
282	cd $CLXUTILS/sslScripts
283	./makeLocalCert a \|\| exit(1)
284	./ssldvt $SSL_PING_ENABLE $QUIET $VERB \|\| exit(1)
285	./ssldvt $SSL_PING_ENABLE $QUIET $VERB b \|\| exit(1)
286	./ssldvt n $QUIET $VERB R \|\| exit(1)
287	./removeLocalCerts
288	endif
289	if($FULL_SSL == YES) then
290	$BUILD_DIR/threadTest $THREADPING_ARGS $QUIET $VERB \|\| exit(1)
291	endif
292
293	echo ==== cltpdvt success ====
294