Domů Procházet Nápověda
Přihlásit se
OWEALs
/
openssl
zrcadlo git://git.openssl.org/openssl.git
2
0
Rozštěpit 0
Soubory Úkoly 1 Wiki
Strom: 3a88efd48c
Větve Značky
openssl
/
test
/
testssl.com

testssl.com 6.1 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. $! TESTSSL.COM
    2. 

  2. $
    3. 

  3. $	__arch := VAX
    4. 

  4. $	if f$getsyi("cpu") .ge. 128 then -
    5. 

  5. 	   __arch := f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
    6. 

  6. $	if __arch .eqs. "" then __arch := UNK
    7. 

  7. $	texe_dir := sys$disk:[-.'__arch'.exe.test]
    8. 

  8. $	exe_dir := sys$disk:[-.'__arch'.exe.apps]
    9. 

  9. $
    10. 

  10. $	if p1 .eqs. ""
    11. 

  11. $	then
    12. 

  12. $	    key="[-.apps]server.pem"
    13. 

  13. $	else
    14. 

  14. $	    key=p1
    15. 

  15. $	endif
    16. 

  16. $	if p2 .eqs. ""
    17. 

  17. $	then
    18. 

  18. $	    cert="[-.apps]server.pem"
    19. 

  19. $	else
    20. 

  20. $	    cert=p2
    21. 

  21. $	endif
    22. 

  22. $	ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
    23. 

  23. $
    24. 

  24. $	define/user sys$output testssl-x509-output.
    25. 

  25. $	define/user sys$error nla0:
    26. 

  26. $	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
    27. 

  27. $	set noon
    28. 

  28. $	define/user sys$error nla0:
    29. 

  29. $	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
    30. 

  30. $	if $severity .eq. 1
    31. 

  31. $	then
    32. 

  32. $	    dsa_cert := YES
    33. 

  33. $	else
    34. 

  34. $	    dsa_cert := NO
    35. 

  35. $	endif
    36. 

  36. $	set on
    37. 

  37. $	delete testssl-x509-output.;*
    38. 

  38. $
    39. 

  39. $	if p3 .eqs. ""
    40. 

  40. $	then
    41. 

  41. $	    copy/concatenate [-.certs]*.pem certs.tmp
    42. 

  42. $	    CA = """-CAfile"" certs.tmp"
    43. 

  43. $	else
    44. 

  44. $	    CA = """-CAfile"" "+p3
    45. 

  45. $	endif
    46. 

  46. $
    47. 

  47. $!###########################################################################
    48. 

  48. $
    49. 

  49. $	write sys$output "test sslv2"
    50. 

  50. $	'ssltest' -ssl2
    51. 

  51. $	if $severity .ne. 1 then goto exit3
    52. 

  52. $
    53. 

  53. $	write sys$output "test sslv2 with server authentication"
    54. 

  54. $	'ssltest' -ssl2 -server_auth 'CA'
    55. 

  55. $	if $severity .ne. 1 then goto exit3
    56. 

  56. $
    57. 

  57. $	if .not. dsa_cert
    58. 

  58. $	then
    59. 

  59. $	    write sys$output "test sslv2 with client authentication"
    60. 

  60. $	    'ssltest' -ssl2 -client_auth 'CA'
    61. 

  61. $	    if $severity .ne. 1 then goto exit3
    62. 

  62. $
    63. 

  63. $	    write sys$output "test sslv2 with both client and server authentication"
    64. 

  64. $	    'ssltest' -ssl2 -server_auth -client_auth 'CA'
    65. 

  65. $	    if $severity .ne. 1 then goto exit3
    66. 

  66. $	endif
    67. 

  67. $
    68. 

  68. $	write sys$output "test sslv3"
    69. 

  69. $	'ssltest' -ssl3
    70. 

  70. $	if $severity .ne. 1 then goto exit3
    71. 

  71. $
    72. 

  72. $	write sys$output "test sslv3 with server authentication"
    73. 

  73. $	'ssltest' -ssl3 -server_auth 'CA'
    74. 

  74. $	if $severity .ne. 1 then goto exit3
    75. 

  75. $
    76. 

  76. $	write sys$output "test sslv3 with client authentication"
    77. 

  77. $	'ssltest' -ssl3 -client_auth 'CA'
    78. 

  78. $	if $severity .ne. 1 then goto exit3
    79. 

  79. $
    80. 

  80. $	write sys$output "test sslv3 with both client and server authentication"
    81. 

  81. $	'ssltest' -ssl3 -server_auth -client_auth 'CA'
    82. 

  82. $	if $severity .ne. 1 then goto exit3
    83. 

  83. $
    84. 

  84. $	write sys$output "test sslv2/sslv3"
    85. 

  85. $	'ssltest'
    86. 

  86. $	if $severity .ne. 1 then goto exit3
    87. 

  87. $
    88. 

  88. $	write sys$output "test sslv2/sslv3 with server authentication"
    89. 

  89. $	'ssltest' -server_auth 'CA'
    90. 

  90. $	if $severity .ne. 1 then goto exit3
    91. 

  91. $
    92. 

  92. $	write sys$output "test sslv2/sslv3 with client authentication"
    93. 

  93. $	'ssltest' -client_auth 'CA'
    94. 

  94. $	if $severity .ne. 1 then goto exit3
    95. 

  95. $
    96. 

  96. $	write sys$output "test sslv2/sslv3 with both client and server authentication"
    97. 

  97. $	'ssltest' -server_auth -client_auth 'CA'
    98. 

  98. $	if $severity .ne. 1 then goto exit3
    99. 

  99. $
    100. 

  100. $	write sys$output "test sslv2 via BIO pair"
    101. 

  101. $	'ssltest' -bio_pair -ssl2 
    102. 

  102. $	if $severity .ne. 1 then goto exit3
    103. 

  103. $
    104. 

  104. $	write sys$output "test sslv2 with server authentication via BIO pair"
    105. 

  105. $	'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
    106. 

  106. $	if $severity .ne. 1 then goto exit3
    107. 

  107. $
    108. 

  108. $	if .not. dsa_cert
    109. 

  109. $	then
    110. 

  110. $	    write sys$output "test sslv2 with client authentication via BIO pair"
    111. 

  111. $	    'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
    112. 

  112. $	    if $severity .ne. 1 then goto exit3
    113. 

  113. $
    114. 

  114. $	    write sys$output "test sslv2 with both client and server authentication via BIO pair"
    115. 

  115. $	    'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
    116. 

  116. $	    if $severity .ne. 1 then goto exit3
    117. 

  117. $	endif
    118. 

  118. $
    119. 

  119. $	write sys$output "test sslv3 via BIO pair"
    120. 

  120. $	'ssltest' -bio_pair -ssl3 
    121. 

  121. $	if $severity .ne. 1 then goto exit3
    122. 

  122. $
    123. 

  123. $	write sys$output "test sslv3 with server authentication via BIO pair"
    124. 

  124. $	'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
    125. 

  125. $	if $severity .ne. 1 then goto exit3
    126. 

  126. $
    127. 

  127. $	write sys$output "test sslv3 with client authentication via BIO pair"
    128. 

  128. $	'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
    129. 

  129. $	if $severity .ne. 1 then goto exit3
    130. 

  130.  
    131. 

  131. $	write sys$output "test sslv3 with both client and server authentication via BIO pair"
    132. 

  132. $	'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
    133. 

  133. $	if $severity .ne. 1 then goto exit3
    134. 

  134. $
    135. 

  135. $	write sys$output "test sslv2/sslv3 via BIO pair"
    136. 

  136. $	'ssltest' 
    137. 

  137. $	if $severity .ne. 1 then goto exit3
    138. 

  138. $
    139. 

  139. $	if .not. dsa_cert
    140. 

  140. $	then
    141. 

  141. $	    write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
    142. 

  142. $	    'ssltest' -bio_pair -no_dhe
    143. 

  143. $	    if $severity .ne. 1 then goto exit3
    144. 

  144. $	endif
    145. 

  145. $
    146. 

  146. $	write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
    147. 

  147. $	'ssltest' -bio_pair -dhe1024dsa -v
    148. 

  148. $	if $severity .ne. 1 then goto exit3
    149. 

  149. $
    150. 

  150. $	write sys$output "test sslv2/sslv3 with server authentication"
    151. 

  151. $	'ssltest' -bio_pair -server_auth 'CA' 
    152. 

  152. $	if $severity .ne. 1 then goto exit3
    153. 

  153. $
    154. 

  154. $	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
    155. 

  155. $	'ssltest' -bio_pair -client_auth 'CA' 
    156. 

  156. $	if $severity .ne. 1 then goto exit3
    157. 

  157. $
    158. 

  158. $	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
    159. 

  159. $	'ssltest' -bio_pair -server_auth -client_auth 'CA' 
    160. 

  160. $	if $severity .ne. 1 then goto exit3
    161. 

  161. $
    162. 

  162. $!###########################################################################
    163. 

  163. $
    164. 

  164. $	set noon
    165. 

  165. $	define/user sys$output nla0:
    166. 

  166. $	mcr 'exe_dir'openssl no-rsa
    167. 

  167. $	no_rsa=$SEVERITY
    168. 

  168. $	define/user sys$output nla0:
    169. 

  169. $	mcr 'exe_dir'openssl no-dh
    170. 

  170. $	no_dh=$SEVERITY
    171. 

  171. $	set on
    172. 

  172. $
    173. 

  173. $	if no_dh
    174. 

  174. $	then
    175. 

  175. $	    write sys$output "skipping anonymous DH tests"
    176. 

  176. $	else
    177. 

  177. $	    write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
    178. 

  178. $	    'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
    179. 

  179. $	    if $severity .ne. 1 then goto exit3
    180. 

  180. $	endif
    181. 

  181. $
    182. 

  182. $	if no_rsa
    183. 

  183. $	then
    184. 

  184. $	    write sys$output "skipping RSA tests"
    185. 

  185. $	else
    186. 

  186. $	    write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
    187. 

  187. $	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
    188. 

  188. $	    if $severity .ne. 1 then goto exit3
    189. 

  189. $
    190. 

  190. $	    if no_dh
    191. 

  191. $	    then
    192. 

  192. $		write sys$output "skipping RSA+DHE tests"
    193. 

  193. $	    else
    194. 

  194. $		write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
    195. 

  195. $		mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
    196. 

  196. $		if $severity .ne. 1 then goto exit3
    197. 

  197. $	    endif
    198. 

  198. $	endif
    199. 

  199. $
    200. 

  200. $	RET = 1
    201. 

  201. $	goto exit
    202. 

  202. $ exit3:
    203. 

  203. $	RET = 3
    204. 

  204. $ exit:
    205. 

  205. $	if p3 .eqs. "" then delete certs.tmp;*
    206. 

  206. $	exit 'RET'
    207.