Add support for sqlite NSS databases

We do a chdir() to the NSS database location so that libnssckbi.so
is available when the database is opened. Strip off a sql: prefix
if one is available. This allows the new sqlite format to work.

Add an additional test pass configuring NSS using the sqlite format.
This requires a bit of a hack to pass in the value to python but
it will work for now.

Resolves: #1057650

4 files changed, 12 insertions, 10 deletions

diff --git a/test/setup.sh b/test/setup.sh
index 2c6819c..b1e3371 100755
--- a/test/setup.sh
+++ b/test/setup.sh
@@ -5,6 +5,8 @@ server_gid=$USER
 server_port=8000
 server_name=`hostname`
 
+DBPREFIX=$1
+
 test_root=$currentpath/work/httpd
 test_root_esc=`echo ${test_root} | sed -e 's/\\//\\\\\\//g'`
 
@@ -22,20 +24,20 @@ fi
 cp ../.libs/libmodnss.so ${test_root}/lib
 cp ../nss_pcache ${test_root}/bin
 
-bash ../gencert ${test_root}/alias
+bash ../gencert ${DBPREFIX}${test_root}/alias
 echo internal:httptest > ${test_root}/conf/password.conf
 
 # Export the CA cert
-certutil -L -d ${test_root}/alias -n cacert -a > ${test_root}/alias/ca.pem
+certutil -L -d ${DBPREFIX}${test_root}/alias -n cacert -a > ${test_root}/alias/ca.pem
 
 # Export the client cert
 cd ${test_root}
 echo password > pw
 echo httptest > dbpw
-pk12util -o alpha.p12 -d alias -n alpha -w pw -k dbpw
+pk12util -o alpha.p12 -d ${DBPREFIX}${test_root}/alias -n alpha -w pw -k dbpw
 openssl pkcs12  -in alpha.p12 -clcerts -nokeys -out alpha.crt -passin pass:`cat pw`
 openssl pkcs12  -in alpha.p12 -nocerts -nodes -out alpha.key -passin pass:`cat pw`
-pk12util -o beta.p12 -d alias -n beta -w pw -k dbpw
+pk12util -o beta.p12 -d ${DBPREFIX}${test_root}/alias -n beta -w pw -k dbpw
 openssl pkcs12  -in beta.p12 -clcerts -nokeys -out beta.crt -passin pass:`cat pw`
 openssl pkcs12  -in beta.p12 -nocerts -nodes -out beta.key -passin pass:`cat pw`
 /bin/rm -f pw dbpw
diff --git a/test/suite1.tmpl b/test/suite1.tmpl
index 8c9e7a3..233894c 100644
--- a/test/suite1.tmpl
+++ b/test/suite1.tmpl
@@ -12,7 +12,7 @@ Listen 0.0.0.0:8001
 
 LogLevel debug
 
-<VirtualHost *:$SERVER_PORT>
+<VirtualHost $SERVER_NAME:$SERVER_PORT>
 
 NSSEngine on
 NSSFIPS off
@@ -25,7 +25,7 @@ NSSProtocol SSLv3,TLSv1.0
 
 NSSNickname Server-Cert
 
-NSSCertificateDatabase $SERVER_ROOT/alias
+NSSCertificateDatabase $DBPREFIX$SERVER_ROOT/alias
 
 NSSVerifyClient none
 
@@ -86,7 +86,7 @@ NSSUserName SSL_CLIENT_S_DN_UID
 #
 # For testing protocol handling
 #
-<VirtualHost *:8001>
+<VirtualHost $SERVER_NAME:8001>
 
 NSSEngine on
 NSSFIPS off
@@ -99,8 +99,6 @@ NSSProtocol TLSv1.2
 
 NSSNickname Server-Cert
 
-NSSCertificateDatabase $SERVER_ROOT/alias
-
 NSSVerifyClient none
 
 # A bit redundant since the initial handshake should fail if no TLSv1.2
diff --git a/test/test.py b/test/test.py
index 93e8518..75f3b0c 100644
--- a/test/test.py
+++ b/test/test.py
@@ -2,11 +2,12 @@ from test_config import Declarative, write_template_file, restart_apache
 from test_config import stop_apache
 import ssl
 import requests.exceptions
+import os
 
 class test_suite1(Declarative):
     @classmethod
     def setUpClass(cls):
-        write_template_file('suite1.tmpl', 'work/httpd/conf/test.conf', {})
+        write_template_file('suite1.tmpl', 'work/httpd/conf/test.conf', {'DBPREFIX': os.environ.get('DBPREFIX', '')})
         restart_apache()
 
     @classmethod
diff --git a/test/test_config.py b/test/test_config.py
index 838ebd7..24a2f2a 100644
--- a/test/test_config.py
+++ b/test/test_config.py
@@ -33,6 +33,7 @@ DEF_PORT=8000
 FQDN = socket.gethostname()
 
 default_vars = dict(
+    DBPREFIX = '',
     SERVER_PORT = DEF_PORT,
     SERVER_NAME = FQDN,
     TEST_ROOT = '%s/work/httpd' % os.getcwd(),