11 files changed, 103 insertions, 48 deletions

diff --git a/cpp/allTests.py b/cpp/allTests.py
index 8691744dd17..1901930c9cc 100755
--- a/cpp/allTests.py
+++ b/cpp/allTests.py
@@ -25,6 +25,11 @@ tests = [ \
     "IceUtil/thread", \
     "IceUtil/unicode", \
     "Slice/errorDetection", \
+    "IceSSL/configuration", \
+    "IceSSL/loadPEM", \
+    "IceSSL/certificateAndKeyParsing", \
+    "IceSSL/certificateVerifier", \
+    "IceSSL/certificateVerification", \
     "Ice/operations", \
     "Ice/exceptions", \
     "Ice/inheritance", \
@@ -35,12 +40,12 @@ tests = [ \
     "IceXML/encoding", \
     "IcePack/simple", \
     "Freeze/cursor", \
+    "Freeze/dbmap", \
     "Freeze/complex", \
     "IceStorm/single", \
     "IceStorm/federation", \
     "IceStorm/federation2", \
     ]
-# "Freeze/dbmap", \
 
 #
 # Only add Glacier tests for Linux systems
diff --git a/cpp/config/TestUtil.py b/cpp/config/TestUtil.py
index b535fe8f9c7..d69d3213a28 100644
--- a/cpp/config/TestUtil.py
+++ b/cpp/config/TestUtil.py
@@ -14,8 +14,8 @@
 # protocol. Otherwise TCP is used.
 #
 
-protocol = "ssl"
-#protocol = ""
+#protocol = "ssl"
+protocol = ""
 
 #
 # Set the host to the host name the test servers are running on. If not
@@ -50,8 +50,8 @@ else:
 commonServerOptions = \
 " --Ice.PrintProcessId --Ice.PrintAdapterReady --Ice.ConnectionWarnings --Ice.ServerIdleTime=30"
 
-serverOptions = commonServerOptions + serverProtocol + "--Ice.Trace.Network=3"
-clientOptions = clientProtocol + defaultHost + "--Ice.Trace.Network=3"
+serverOptions = commonServerOptions + serverProtocol
+clientOptions = clientProtocol + defaultHost
 clientServerOptions = commonServerOptions + clientServerProtocol + defaultHost
 collocatedOptions = clientServerProtocol
 
diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp b/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp
index 82bb908de8f..b000eaab2f1 100644
--- a/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp
+++ b/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp
@@ -589,13 +589,20 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
     PropertiesPtr properties = communicator->getProperties();

     IceSSL::SystemPtr system = communicator->getSslSystem();

 

+    std::string clientTestCertPath = properties->getProperty("Ice.SSL.Test.Client.CertPath");

+

     IceSSL::OpenSSL::RSACertificateGen certGen;

 

     IceSSL::OpenSSL::RSAKeyPairPtr goodKeyPair1;

     IceSSL::OpenSSL::RSAKeyPairPtr goodKeyPair2;

 

-    goodKeyPair1 = certGen.loadKeyPair("../certs/goodKey_1.pem", "../certs/goodCert_1.pem");

-    goodKeyPair2 = certGen.loadKeyPair("../certs/goodKey_2.pem", "../certs/goodCert_2.pem");

+    std::string goodKey1File = clientTestCertPath + "/goodKey_1.pem";

+    std::string goodCert1File = clientTestCertPath + "/goodCert_1.pem";

+    std::string goodKey2File = clientTestCertPath + "/goodKey_2.pem";

+    std::string goodCert2File = clientTestCertPath + "/goodCert_2.pem";

+

+    goodKeyPair1 = certGen.loadKeyPair(goodKey1File, goodCert1File);

+    goodKeyPair2 = certGen.loadKeyPair(goodKey2File, goodCert2File);

 

     Ice::ByteSeq gcert1;

     Ice::ByteSeq gkey1;

@@ -622,8 +629,11 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
     goodKeyPair2->certToBase64(gcert2b64);

     goodKeyPair2->keyToBase64(gkey2b64);

 

-    std::ifstream keyStream("../certs/badKey.b64");

-    std::ifstream certStream("../certs/badCert.b64");

+    std::string badKeyFile = clientTestCertPath + "/badKey.b64"; 

+    std::string badCertFile = clientTestCertPath + "/badCert.b64";

+

+    std::ifstream keyStream(badKeyFile.c_str());

+    std::ifstream certStream(badCertFile.c_str());

 

     keyStream >> badKeyb64;

     certStream >> badCertb64;

@@ -680,7 +690,7 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
     std::cout << "Good certificate as a trusted certificate (Base64)... " << std::flush;

     testExpectContextNotConfiguredException(system, gcert1b64);

 

-    properties->setProperty("Ice.SSL.Client.CertPath", "../certs");

+    properties->setProperty("Ice.SSL.Client.CertPath", clientTestCertPath);

     properties->setProperty("Ice.SSL.Client.Config", "sslconfig_6.xml");

     system->configure(IceSSL::Client);

 

diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/run.py b/cpp/test/IceSSL/certificateAndKeyParsing/run.py
index 8d539d2c092..5bbdaaa3014 100755
--- a/cpp/test/IceSSL/certificateAndKeyParsing/run.py
+++ b/cpp/test/IceSSL/certificateAndKeyParsing/run.py
@@ -21,12 +21,19 @@ else:
 sys.path.append(os.path.join(toplevel, "config"))
 import TestUtil
 
+if TestUtil.protocol != "ssl" :
+    print "This test may only be run with SSL enabled."
+    sys.exit(0)
+
+testOptions = " --Ice.SSL.Test.Client.CertPath=TOPLEVELDIR/test/IceSSL/certs"
+
 testdir = os.path.join(toplevel,"test", "IceSSL", "certificateAndKeyParsing")
 client = os.path.join(testdir, "certificateAndKeyParsing")
 
 updatedOptions = TestUtil.clientServerOptions.replace("TOPLEVELDIR", toplevel)
+testOptions = testOptions.replace("TOPLEVELDIR", toplevel)
 print "starting certificateAndKeyParsing...",
-clientPipe = os.popen(client + updatedOptions)
+clientPipe = os.popen(client + updatedOptions + testOptions)
 output = clientPipe.read().strip()
 if not output:
     print "failed!"
diff --git a/cpp/test/IceSSL/certificateVerification/Client.cpp b/cpp/test/IceSSL/certificateVerification/Client.cpp
index 5929d4d9b5a..02fa34e87c2 100644
--- a/cpp/test/IceSSL/certificateVerification/Client.cpp
+++ b/cpp/test/IceSSL/certificateVerification/Client.cpp
@@ -39,44 +39,48 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
 
     Ice::PropertiesPtr properties = communicator->getProperties();
 
+    // Use test related paths - override values in TestUtil.py
+    std::string clientCertPath = properties->getProperty("Ice.SSL.Test.Client.CertPath");
+    std::string serverCertPath = properties->getProperty("Ice.SSL.Test.Server.CertPath");
+    properties->setProperty("Ice.SSL.Client.CertPath", clientCertPath);
+    properties->setProperty("Ice.SSL.Server.CertPath", serverCertPath);
+
     bool singleCertVerifier = false;
     if (properties->getProperty("Ice.SSL.Client.CertificateVerifier") == "singleCert")
     {
         singleCertVerifier = true;
     }
-

-/*

-

-// Note: This section is commented out because Ice is currently not destroying SslTransceivers

-//       properly, resulting in cached connections (which cause the expected failure sections

-//       to succeed, causing the test to fail).

-
-    if (!singleCertVerifier)

-    {

-        cout << "client and server trusted, client using stock certificate... ";

-

-        properties->setProperty("Ice.SSL.Client.CertPath","../certs");

-        properties->setProperty("Ice.SSL.Client.Config", "sslconfig_6.xml");

-        sslSystem->configure(IceSSL::Client);

-        sslSystem->addTrustedCertificate(IceSSL::Client, serverTrustedCert);

-        try

-        {

-            PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));

-            pinger->ping();

-            cout << "ok" << endl;

-        }

-        catch(const Ice::LocalException& localEx)

-        {

-            cout << localEx << endl;

-            km->shutdown();

-            test(false);

-        }

-    }

-*/

-

-    properties->setProperty("Ice.SSL.Client.CertPath","../certs");

-    properties->setProperty("Ice.SSL.Client.Config", "sslconfig_7.xml");

-

+
+/*
+
+// Note: This section is commented out because Ice is currently not destroying SslTransceivers
+//       properly, resulting in cached connections (which cause the expected failure sections
+//       to succeed, causing the test to fail).
+
+    if (!singleCertVerifier)
+    {
+        cout << "client and server trusted, client using stock certificate... ";
+
+        properties->setProperty("Ice.SSL.Client.Config", "sslconfig_6.xml");
+        sslSystem->configure(IceSSL::Client);
+        sslSystem->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
+        try
+        {
+            PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+            pinger->ping();
+            cout << "ok" << endl;
+        }
+        catch(const Ice::LocalException& localEx)
+        {
+            cout << localEx << endl;
+            km->shutdown();
+            test(false);
+        }
+    }
+*/
+
+    properties->setProperty("Ice.SSL.Client.Config", "sslconfig_7.xml");
+
     cout << "client and server do not trust each other... " << flush;
 
     // Neither Client nor Server will trust.
diff --git a/cpp/test/IceSSL/certificateVerification/Server.cpp b/cpp/test/IceSSL/certificateVerification/Server.cpp
index 7ff69f96663..5e8d7fb04d8 100644
--- a/cpp/test/IceSSL/certificateVerification/Server.cpp
+++ b/cpp/test/IceSSL/certificateVerification/Server.cpp
@@ -99,9 +99,11 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
 {
     Ice::PropertiesPtr properties = communicator->getProperties();
 
+    std::string certPath = properties->getProperty("Ice.SSL.Test.Server.CertPath");
+    properties->setProperty("Ice.SSL.Server.CertPath", certPath);
+
     properties->setProperty("Ice.ConnectionWarnings", "0");
-    properties->setProperty("Ice.SSL.Client.CertPath","../certs");
-    properties->setProperty("Ice.SSL.Client.Config", "sslconfig_8.xml");
+    properties->setProperty("Ice.SSL.Server.Config", "sslconfig_8.xml");
 
     IceSSL::SystemPtr sslSystem = communicator->getSslSystem();
     sslSystem->configure(IceSSL::Server);
diff --git a/cpp/test/IceSSL/certificateVerification/run.py b/cpp/test/IceSSL/certificateVerification/run.py
index d4fa4d49e94..db585eb3e28 100755
--- a/cpp/test/IceSSL/certificateVerification/run.py
+++ b/cpp/test/IceSSL/certificateVerification/run.py
@@ -21,6 +21,18 @@ else:
 sys.path.append(os.path.join(toplevel, "config"))
 import TestUtil
 
+if TestUtil.protocol != "ssl":
+    print "This test may only be run with SSL enabled."
+    sys.exit(0)
+
+TestUtil.clientOptions += \
+    " --Ice.SSL.Test.Client.CertPath=TOPLEVELDIR/test/IceSSL/certs"
+TestUtil.serverOptions += \
+    " --Ice.SSL.Test.Server.CertPath=TOPLEVELDIR/test/IceSSL/certs"
+TestUtil.clientServerOptions += \
+    " --Ice.SSL.Test.Client.CertPath=TOPLEVELDIR/test/IceSSL/certs" + \
+    " --Ice.SSL.Test.Server.CertPath=TOPLEVELDIR/test/IceSSL/certs"
+
 name = os.path.join("IceSSL", "certificateVerification")
 
 print "testing default certificate verifier."
diff --git a/cpp/test/IceSSL/certificateVerifier/run.py b/cpp/test/IceSSL/certificateVerifier/run.py
index fd83d1111c2..f0563cfce87 100755
--- a/cpp/test/IceSSL/certificateVerifier/run.py
+++ b/cpp/test/IceSSL/certificateVerifier/run.py
@@ -21,6 +21,10 @@ else:
 sys.path.append(os.path.join(toplevel, "config"))
 import TestUtil
 
+if TestUtil.protocol != "ssl":
+    print "This test may only be run with SSL enabled."
+    sys.exit(0)
+
 testdir = os.path.join(toplevel,"test", "IceSSL", "certificateVerifier")
 client = os.path.join(testdir, "certificateVerifier")
 
diff --git a/cpp/test/IceSSL/configuration/run.py b/cpp/test/IceSSL/configuration/run.py
index 9063aa37ad5..848756709b9 100755
--- a/cpp/test/IceSSL/configuration/run.py
+++ b/cpp/test/IceSSL/configuration/run.py
@@ -21,6 +21,10 @@ else:
 sys.path.append(os.path.join(toplevel, "config"))
 import TestUtil
 
+if TestUtil.protocol != "ssl":
+    print "This test may only be run with SSL enabled."
+    sys.exit(0)
+
 testdir = os.path.join(toplevel,"test", "IceSSL", "configuration")
 client = os.path.join(testdir, "configuration")
 
diff --git a/cpp/test/IceSSL/loadPEM/LoadPEM.cpp b/cpp/test/IceSSL/loadPEM/LoadPEM.cpp
index 6995edd53ab..9ae6f34f50c 100644
--- a/cpp/test/IceSSL/loadPEM/LoadPEM.cpp
+++ b/cpp/test/IceSSL/loadPEM/LoadPEM.cpp
@@ -191,7 +191,7 @@ int
 run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)

 {

     PropertiesPtr properties = communicator->getProperties();

-    properties->setProperty("Ice.SSL.Client.CertPath", "../certs");

+    // properties->setProperty("Ice.SSL.Client.CertPath", "../certs");

 

     std::cout << "Bad private key and certificate... " << std::flush;

     testExpectCertificateAndPrivateKeyLoadException(communicator, "sslconfig_1.xml");

diff --git a/cpp/test/IceSSL/loadPEM/run.py b/cpp/test/IceSSL/loadPEM/run.py
index 4bfe2a27bb3..08c09599052 100755
--- a/cpp/test/IceSSL/loadPEM/run.py
+++ b/cpp/test/IceSSL/loadPEM/run.py
@@ -21,12 +21,19 @@ else:
 sys.path.append(os.path.join(toplevel, "config"))
 import TestUtil
 
+if TestUtil.protocol != "ssl":
+    print "This test may only be run with SSL enabled."
+    sys.exit(0)
+
+testOptions = " --Ice.SSL.Client.CertPath=TOPLEVELDIR/test/IceSSL/certs"
+
 testdir = os.path.join(toplevel,"test", "IceSSL", "loadPEM")
 client = os.path.join(testdir, "loadPEM")
 
 updatedOptions = TestUtil.clientServerOptions.replace("TOPLEVELDIR", toplevel)
+testOptions = testOptions.replace("TOPLEVELDIR", toplevel)
 print "starting loadPEM...",
-clientPipe = os.popen(client + updatedOptions)
+clientPipe = os.popen(client + updatedOptions + testOptions)
 output = clientPipe.read().strip()
 if not output:
     print "failed!"