th5/_dev/tstclnt/Dockerfile

FROM buildpack-deps

RUN hg clone https://hg.mozilla.org/projects/nspr
RUN hg clone https://hg.mozilla.org/projects/nss

ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
# Incremental build snapshot disabled as dependencies don't seem to be solid:
# the same value changed in a header file would apply to one .c file and not another
# RUN cd nss && make nss_build_all

# Draft 15
# ARG REVISION=c483e5f9e0bc

# Draft 16
# ARG REVISION=3e7b53b18112

# Draft 18
# ARG REVISION=b6dfef6d0ff0

# Draft 18, NSS_3_34_1_RTM (with TLS 1.3 keylogging support)
# ARG REVISION=e61c0f657100

# Draft 22
ARG REVISION=88c3f3fa581b

RUN cd nss && hg pull
RUN cd nss && hg checkout -C $REVISION

ADD *.patch ./
RUN for p in *.patch; do patch -p1 -d nss < $p; done

RUN cd nss && make nss_build_all

# ENV HOST=localhost
# RUN cd nss/tests/ssl_gtests && ./ssl_gtests.sh

RUN cd nss && make install

RUN mv /dist/$(uname -s)$(uname -r | cut -f 1-2 -d . -)_$(uname -m)_${CC:-cc}_glibc_PTH_64_$([ -n "$BUILD_OPT" ] && echo OPT || echo DBG).OBJ /dist/OBJ-PATH

ENV LD_LIBRARY_PATH=/dist/OBJ-PATH/lib

ENV SSLTRACE=100 SSLDEBUG=100

# Init test key using an empty noise (seed) file (-z /dev/null).
# Use different subjects, otherwise NSS seems to merge keys under the same nickname.
RUN mkdir /certdb && \
    /dist/OBJ-PATH/bin/certutil -d /certdb -N --empty-password && \
    /dist/OBJ-PATH/bin/certutil -d /certdb -S -n rsa-server -t u -x -s CN=localhost -k rsa -z /dev/null && \
    /dist/OBJ-PATH/bin/certutil -d /certdb -S -n ecdsa-server -t u -x -s CN=localhost,O=EC -k ec -z /dev/null -q nistp256

ADD httpreq.txt /httpreq.txt
ADD run.sh /run.sh
ADD server.sh /server.sh
ENTRYPOINT ["/run.sh"]