2
0

testssl.com 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. $! TESTSSL.COM
  2. $
  3. $ __arch := VAX
  4. $ if f$getsyi("cpu") .ge. 128 then __arch := AXP
  5. $ texe_dir := sys$disk:[-.'__arch'.exe.test]
  6. $ exe_dir := sys$disk:[-.'__arch'.exe.apps]
  7. $
  8. $ if p1 .eqs. ""
  9. $ then
  10. $ key="[-.apps]server.pem"
  11. $ else
  12. $ key=p1
  13. $ endif
  14. $ if p2 .eqs. ""
  15. $ then
  16. $ cert="[-.apps]server.pem"
  17. $ else
  18. $ cert=p2
  19. $ endif
  20. $ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
  21. $
  22. $ define/user sys$output testssl-x509-output.
  23. $ define/user sys$error nla0:
  24. $ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
  25. $ set noon
  26. $ define/user sys$error nla0:
  27. $ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
  28. $ if $severity .eq. 1
  29. $ then
  30. $ dsa_cert := YES
  31. $ else
  32. $ dsa_cert := NO
  33. $ endif
  34. $ set on
  35. $ delete testssl-x509-output.;*
  36. $
  37. $ if p3 .eqs. ""
  38. $ then
  39. $ copy/concatenate [-.certs]*.pem certs.tmp
  40. $ CA = """-CAfile"" certs.tmp"
  41. $ else
  42. $ CA = """-CAfile"" "+p3
  43. $ endif
  44. $
  45. $!###########################################################################
  46. $
  47. $ write sys$output "test sslv2"
  48. $ 'ssltest' -ssl2
  49. $ if $severity .ne. 1 then goto exit3
  50. $
  51. $ write sys$output "test sslv2 with server authentication"
  52. $ 'ssltest' -ssl2 -server_auth 'CA'
  53. $ if $severity .ne. 1 then goto exit3
  54. $
  55. $ if .not. dsa_cert
  56. $ then
  57. $ write sys$output "test sslv2 with client authentication"
  58. $ 'ssltest' -ssl2 -client_auth 'CA'
  59. $ if $severity .ne. 1 then goto exit3
  60. $
  61. $ write sys$output "test sslv2 with both client and server authentication"
  62. $ 'ssltest' -ssl2 -server_auth -client_auth 'CA'
  63. $ if $severity .ne. 1 then goto exit3
  64. $ endif
  65. $
  66. $ write sys$output "test sslv3"
  67. $ 'ssltest' -ssl3
  68. $ if $severity .ne. 1 then goto exit3
  69. $
  70. $ write sys$output "test sslv3 with server authentication"
  71. $ 'ssltest' -ssl3 -server_auth 'CA'
  72. $ if $severity .ne. 1 then goto exit3
  73. $
  74. $ write sys$output "test sslv3 with client authentication"
  75. $ 'ssltest' -ssl3 -client_auth 'CA'
  76. $ if $severity .ne. 1 then goto exit3
  77. $
  78. $ write sys$output "test sslv3 with both client and server authentication"
  79. $ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
  80. $ if $severity .ne. 1 then goto exit3
  81. $
  82. $ write sys$output "test sslv2/sslv3"
  83. $ 'ssltest'
  84. $ if $severity .ne. 1 then goto exit3
  85. $
  86. $ write sys$output "test sslv2/sslv3 with server authentication"
  87. $ 'ssltest' -server_auth 'CA'
  88. $ if $severity .ne. 1 then goto exit3
  89. $
  90. $ write sys$output "test sslv2/sslv3 with client authentication"
  91. $ 'ssltest' -client_auth 'CA'
  92. $ if $severity .ne. 1 then goto exit3
  93. $
  94. $ write sys$output "test sslv2/sslv3 with both client and server authentication"
  95. $ 'ssltest' -server_auth -client_auth 'CA'
  96. $ if $severity .ne. 1 then goto exit3
  97. $
  98. $ write sys$output "test sslv2 via BIO pair"
  99. $ 'ssltest' -bio_pair -ssl2
  100. $ if $severity .ne. 1 then goto exit3
  101. $
  102. $ write sys$output "test sslv2 with server authentication via BIO pair"
  103. $ 'ssltest' -bio_pair -ssl2 -server_auth 'CA'
  104. $ if $severity .ne. 1 then goto exit3
  105. $
  106. $ if .not. dsa_cert
  107. $ then
  108. $ write sys$output "test sslv2 with client authentication via BIO pair"
  109. $ 'ssltest' -bio_pair -ssl2 -client_auth 'CA'
  110. $ if $severity .ne. 1 then goto exit3
  111. $
  112. $ write sys$output "test sslv2 with both client and server authentication via BIO pair"
  113. $ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA'
  114. $ if $severity .ne. 1 then goto exit3
  115. $ endif
  116. $
  117. $ write sys$output "test sslv3 via BIO pair"
  118. $ 'ssltest' -bio_pair -ssl3
  119. $ if $severity .ne. 1 then goto exit3
  120. $
  121. $ write sys$output "test sslv3 with server authentication via BIO pair"
  122. $ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
  123. $ if $severity .ne. 1 then goto exit3
  124. $
  125. $ write sys$output "test sslv3 with client authentication via BIO pair"
  126. $ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
  127. $ if $severity .ne. 1 then goto exit3
  128. $ write sys$output "test sslv3 with both client and server authentication via BIO pair"
  129. $ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
  130. $ if $severity .ne. 1 then goto exit3
  131. $
  132. $ write sys$output "test sslv2/sslv3 via BIO pair"
  133. $ 'ssltest'
  134. $ if $severity .ne. 1 then goto exit3
  135. $
  136. $ if .not. dsa_cert
  137. $ then
  138. $ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
  139. $ 'ssltest' -bio_pair -no_dhe
  140. $ if $severity .ne. 1 then goto exit3
  141. $ endif
  142. $
  143. $ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
  144. $ 'ssltest' -bio_pair -dhe1024dsa -v
  145. $ if $severity .ne. 1 then goto exit3
  146. $
  147. $ write sys$output "test sslv2/sslv3 with server authentication"
  148. $ 'ssltest' -bio_pair -server_auth 'CA'
  149. $ if $severity .ne. 1 then goto exit3
  150. $
  151. $ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
  152. $ 'ssltest' -bio_pair -client_auth 'CA'
  153. $ if $severity .ne. 1 then goto exit3
  154. $
  155. $ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
  156. $ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
  157. $ if $severity .ne. 1 then goto exit3
  158. $
  159. $!###########################################################################
  160. $
  161. $ set noon
  162. $ define/user sys$output nla0:
  163. $ mcr 'exe_dir'openssl no-rsa
  164. $ no_rsa=$SEVERITY
  165. $ define/user sys$output nla0:
  166. $ mcr 'exe_dir'openssl no-dh
  167. $ no_dh=$SEVERITY
  168. $ set on
  169. $
  170. $ if no_dh
  171. $ then
  172. $ write sys$output "skipping anonymous DH tests"
  173. $ else
  174. $ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
  175. $ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
  176. $ if $severity .ne. 1 then goto exit3
  177. $ endif
  178. $
  179. $ if no_rsa
  180. $ then
  181. $ write sys$output "skipping RSA tests"
  182. $ else
  183. $ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
  184. $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
  185. $ if $severity .ne. 1 then goto exit3
  186. $
  187. $ if no_dh
  188. $ then
  189. $ write sys$output "skipping RSA+DHE tests"
  190. $ else
  191. $ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
  192. $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
  193. $ if $severity .ne. 1 then goto exit3
  194. $ endif
  195. $ endif
  196. $
  197. $ RET = 1
  198. $ goto exit
  199. $ exit3:
  200. $ RET = 3
  201. $ exit:
  202. $ if p3 .eqs. "" then delete certs.tmp;*
  203. $ exit 'RET'