123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 |
- $! TESTSSL.COM
- $
- $ __arch := VAX
- $ if f$getsyi("cpu") .ge. 128 then __arch := AXP
- $ texe_dir := sys$disk:[-.'__arch'.exe.test]
- $ exe_dir := sys$disk:[-.'__arch'.exe.apps]
- $
- $ if p1 .eqs. ""
- $ then
- $ key="[-.apps]server.pem"
- $ else
- $ key=p1
- $ endif
- $ if p2 .eqs. ""
- $ then
- $ cert="[-.apps]server.pem"
- $ else
- $ cert=p2
- $ endif
- $ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
- $
- $ define/user sys$output testssl-x509-output.
- $ define/user sys$error nla0:
- $ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
- $ set noon
- $ define/user sys$error nla0:
- $ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
- $ if $severity .eq. 1
- $ then
- $ dsa_cert := YES
- $ else
- $ dsa_cert := NO
- $ endif
- $ set on
- $ delete testssl-x509-output.;*
- $
- $ if p3 .eqs. ""
- $ then
- $ copy/concatenate [-.certs]*.pem certs.tmp
- $ CA = """-CAfile"" certs.tmp"
- $ else
- $ CA = """-CAfile"" "+p3
- $ endif
- $
- $!###########################################################################
- $
- $ write sys$output "test sslv2"
- $ 'ssltest' -ssl2
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2 with server authentication"
- $ 'ssltest' -ssl2 -server_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ if .not. dsa_cert
- $ then
- $ write sys$output "test sslv2 with client authentication"
- $ 'ssltest' -ssl2 -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2 with both client and server authentication"
- $ 'ssltest' -ssl2 -server_auth -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $ endif
- $
- $ write sys$output "test sslv3"
- $ 'ssltest' -ssl3
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv3 with server authentication"
- $ 'ssltest' -ssl3 -server_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv3 with client authentication"
- $ 'ssltest' -ssl3 -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv3 with both client and server authentication"
- $ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3"
- $ 'ssltest'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 with server authentication"
- $ 'ssltest' -server_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 with client authentication"
- $ 'ssltest' -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 with both client and server authentication"
- $ 'ssltest' -server_auth -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2 via BIO pair"
- $ 'ssltest' -bio_pair -ssl2
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2 with server authentication via BIO pair"
- $ 'ssltest' -bio_pair -ssl2 -server_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ if .not. dsa_cert
- $ then
- $ write sys$output "test sslv2 with client authentication via BIO pair"
- $ 'ssltest' -bio_pair -ssl2 -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2 with both client and server authentication via BIO pair"
- $ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $ endif
- $
- $ write sys$output "test sslv3 via BIO pair"
- $ 'ssltest' -bio_pair -ssl3
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv3 with server authentication via BIO pair"
- $ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv3 with client authentication via BIO pair"
- $ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
-
- $ write sys$output "test sslv3 with both client and server authentication via BIO pair"
- $ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 via BIO pair"
- $ 'ssltest'
- $ if $severity .ne. 1 then goto exit3
- $
- $ if .not. dsa_cert
- $ then
- $ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
- $ 'ssltest' -bio_pair -no_dhe
- $ if $severity .ne. 1 then goto exit3
- $ endif
- $
- $ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
- $ 'ssltest' -bio_pair -dhe1024dsa -v
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 with server authentication"
- $ 'ssltest' -bio_pair -server_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
- $ 'ssltest' -bio_pair -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
- $ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
- $ if $severity .ne. 1 then goto exit3
- $
- $!###########################################################################
- $
- $ set noon
- $ define/user sys$output nla0:
- $ mcr 'exe_dir'openssl no-rsa
- $ no_rsa=$SEVERITY
- $ define/user sys$output nla0:
- $ mcr 'exe_dir'openssl no-dh
- $ no_dh=$SEVERITY
- $ set on
- $
- $ if no_dh
- $ then
- $ write sys$output "skipping anonymous DH tests"
- $ else
- $ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
- $ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
- $ if $severity .ne. 1 then goto exit3
- $ endif
- $
- $ if no_rsa
- $ then
- $ write sys$output "skipping RSA tests"
- $ else
- $ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
- $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
- $ if $severity .ne. 1 then goto exit3
- $
- $ if no_dh
- $ then
- $ write sys$output "skipping RSA+DHE tests"
- $ else
- $ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
- $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
- $ if $severity .ne. 1 then goto exit3
- $ endif
- $ endif
- $
- $ RET = 1
- $ goto exit
- $ exit3:
- $ RET = 3
- $ exit:
- $ if p3 .eqs. "" then delete certs.tmp;*
- $ exit 'RET'
|