Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 668d643eab
Branches Tags
openssl
/
test
/
testssl.com

testssl.com 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 
  1. $! TESTSSL.COM
    2. 

  2. $
    3. 

  3. $	__arch = "VAX"
    4. 

  4. $	if f$getsyi("cpu") .ge. 128 then -
    5. 

  5. 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
    6. 

  6. $	if __arch .eqs. "" then __arch = "UNK"
    7. 

  7. $!
    8. 

  8. $	if (p4 .eqs. "64") then __arch = __arch+ "_64"
    9. 

  9. $!
    10. 

  10. $	texe_dir = "sys$disk:[-.''__arch'.exe.test]"
    11. 

  11. $	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
    12. 

  12. $
    13. 

  13. $	if p1 .eqs. ""
    14. 

  14. $	then
    15. 

  15. $	    key="[-.apps]server.pem"
    16. 

  16. $	else
    17. 

  17. $	    key=p1
    18. 

  18. $	endif
    19. 

  19. $	if p2 .eqs. ""
    20. 

  20. $	then
    21. 

  21. $	    cert="[-.apps]server.pem"
    22. 

  22. $	else
    23. 

  23. $	    cert=p2
    24. 

  24. $	endif
    25. 

  25. $	ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
    26. 

  26. 	 " -cert ''cert' -c_key ''key' -c_cert ''cert'"
    27. 

  27. $!
    28. 

  28. $	set noon
    29. 

  29. $	define/user sys$output testssl-x509-output.
    30. 

  30. $	define/user sys$error nla0:
    31. 

  31. $	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
    32. 

  32. $	define/user sys$error nla0:
    33. 

  33. $	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
    34. 

  34. $	if $severity .eq. 1
    35. 

  35. $	then
    36. 

  36. $	    dsa_cert = "YES"
    37. 

  37. $	else
    38. 

  38. $	    dsa_cert = "NO"
    39. 

  39. $	endif
    40. 

  40. $	delete testssl-x509-output.;*
    41. 

  41. $
    42. 

  42. $	if p3 .eqs. ""
    43. 

  43. $	then
    44. 

  44. $	    copy/concatenate [-.certs]*.pem certs.tmp
    45. 

  45. $	    CA = """-CAfile"" certs.tmp"
    46. 

  46. $	else
    47. 

  47. $	    CA = """-CAfile"" "+p3
    48. 

  48. $	endif
    49. 

  49. $
    50. 

  50. $!###########################################################################
    51. 

  51. $
    52. 

  52. $	write sys$output "test sslv2"
    53. 

  53. $	'ssltest' -ssl2
    54. 

  54. $	if $severity .ne. 1 then goto exit3
    55. 

  55. $
    56. 

  56. $	write sys$output "test sslv2 with server authentication"
    57. 

  57. $	'ssltest' -ssl2 -server_auth 'CA'
    58. 

  58. $	if $severity .ne. 1 then goto exit3
    59. 

  59. $
    60. 

  60. $	if .not. dsa_cert
    61. 

  61. $	then
    62. 

  62. $	    write sys$output "test sslv2 with client authentication"
    63. 

  63. $	    'ssltest' -ssl2 -client_auth 'CA'
    64. 

  64. $	    if $severity .ne. 1 then goto exit3
    65. 

  65. $
    66. 

  66. $	    write sys$output "test sslv2 with both client and server authentication"
    67. 

  67. $	    'ssltest' -ssl2 -server_auth -client_auth 'CA'
    68. 

  68. $	    if $severity .ne. 1 then goto exit3
    69. 

  69. $	endif
    70. 

  70. $
    71. 

  71. $	write sys$output "test sslv3"
    72. 

  72. $	'ssltest' -ssl3
    73. 

  73. $	if $severity .ne. 1 then goto exit3
    74. 

  74. $
    75. 

  75. $	write sys$output "test sslv3 with server authentication"
    76. 

  76. $	'ssltest' -ssl3 -server_auth 'CA'
    77. 

  77. $	if $severity .ne. 1 then goto exit3
    78. 

  78. $
    79. 

  79. $	write sys$output "test sslv3 with client authentication"
    80. 

  80. $	'ssltest' -ssl3 -client_auth 'CA'
    81. 

  81. $	if $severity .ne. 1 then goto exit3
    82. 

  82. $
    83. 

  83. $	write sys$output "test sslv3 with both client and server authentication"
    84. 

  84. $	'ssltest' -ssl3 -server_auth -client_auth 'CA'
    85. 

  85. $	if $severity .ne. 1 then goto exit3
    86. 

  86. $
    87. 

  87. $	write sys$output "test sslv2/sslv3"
    88. 

  88. $	'ssltest'
    89. 

  89. $	if $severity .ne. 1 then goto exit3
    90. 

  90. $
    91. 

  91. $	write sys$output "test sslv2/sslv3 with server authentication"
    92. 

  92. $	'ssltest' -server_auth 'CA'
    93. 

  93. $	if $severity .ne. 1 then goto exit3
    94. 

  94. $
    95. 

  95. $	write sys$output "test sslv2/sslv3 with client authentication"
    96. 

  96. $	'ssltest' -client_auth 'CA'
    97. 

  97. $	if $severity .ne. 1 then goto exit3
    98. 

  98. $
    99. 

  99. $	write sys$output "test sslv2/sslv3 with both client and server authentication"
    100. 

  100. $	'ssltest' -server_auth -client_auth 'CA'
    101. 

  101. $	if $severity .ne. 1 then goto exit3
    102. 

  102. $
    103. 

  103. $	write sys$output "test sslv2 via BIO pair"
    104. 

  104. $	'ssltest' -bio_pair -ssl2 
    105. 

  105. $	if $severity .ne. 1 then goto exit3
    106. 

  106. $
    107. 

  107. $	write sys$output "test sslv2 with server authentication via BIO pair"
    108. 

  108. $	'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
    109. 

  109. $	if $severity .ne. 1 then goto exit3
    110. 

  110. $
    111. 

  111. $	if .not. dsa_cert
    112. 

  112. $	then
    113. 

  113. $	    write sys$output "test sslv2 with client authentication via BIO pair"
    114. 

  114. $	    'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
    115. 

  115. $	    if $severity .ne. 1 then goto exit3
    116. 

  116. $
    117. 

  117. $	    write sys$output "test sslv2 with both client and server authentication via BIO pair"
    118. 

  118. $	    'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
    119. 

  119. $	    if $severity .ne. 1 then goto exit3
    120. 

  120. $	endif
    121. 

  121. $
    122. 

  122. $	write sys$output "test sslv3 via BIO pair"
    123. 

  123. $	'ssltest' -bio_pair -ssl3 
    124. 

  124. $	if $severity .ne. 1 then goto exit3
    125. 

  125. $
    126. 

  126. $	write sys$output "test sslv3 with server authentication via BIO pair"
    127. 

  127. $	'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
    128. 

  128. $	if $severity .ne. 1 then goto exit3
    129. 

  129. $
    130. 

  130. $	write sys$output "test sslv3 with client authentication via BIO pair"
    131. 

  131. $	'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
    132. 

  132. $	if $severity .ne. 1 then goto exit3
    133. 

  133.  
    134. 

  134. $	write sys$output "test sslv3 with both client and server authentication via BIO pair"
    135. 

  135. $	'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
    136. 

  136. $	if $severity .ne. 1 then goto exit3
    137. 

  137. $
    138. 

  138. $	write sys$output "test sslv2/sslv3 via BIO pair"
    139. 

  139. $	'ssltest' 
    140. 

  140. $	if $severity .ne. 1 then goto exit3
    141. 

  141. $
    142. 

  142. $	if .not. dsa_cert
    143. 

  143. $	then
    144. 

  144. $	    write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
    145. 

  145. $	    'ssltest' -bio_pair -no_dhe
    146. 

  146. $	    if $severity .ne. 1 then goto exit3
    147. 

  147. $	endif
    148. 

  148. $
    149. 

  149. $	write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
    150. 

  150. $	'ssltest' -bio_pair -dhe1024dsa -v
    151. 

  151. $	if $severity .ne. 1 then goto exit3
    152. 

  152. $
    153. 

  153. $	write sys$output "test sslv2/sslv3 with server authentication"
    154. 

  154. $	'ssltest' -bio_pair -server_auth 'CA' 
    155. 

  155. $	if $severity .ne. 1 then goto exit3
    156. 

  156. $
    157. 

  157. $	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
    158. 

  158. $	'ssltest' -bio_pair -client_auth 'CA' 
    159. 

  159. $	if $severity .ne. 1 then goto exit3
    160. 

  160. $
    161. 

  161. $	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
    162. 

  162. $	'ssltest' -bio_pair -server_auth -client_auth 'CA' 
    163. 

  163. $	if $severity .ne. 1 then goto exit3
    164. 

  164. $
    165. 

  165. $!###########################################################################
    166. 

  166. $
    167. 

  167. $	define/user sys$output nla0:
    168. 

  168. $	mcr 'exe_dir'openssl no-rsa
    169. 

  169. $	no_rsa=$SEVERITY
    170. 

  170. $	define/user sys$output nla0:
    171. 

  171. $	mcr 'exe_dir'openssl no-dh
    172. 

  172. $	no_dh=$SEVERITY
    173. 

  173. $
    174. 

  174. $	if no_dh
    175. 

  175. $	then
    176. 

  176. $	    write sys$output "skipping anonymous DH tests"
    177. 

  177. $	else
    178. 

  178. $	    write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
    179. 

  179. $	    'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
    180. 

  180. $	    if $severity .ne. 1 then goto exit3
    181. 

  181. $	endif
    182. 

  182. $
    183. 

  183. $	if no_rsa
    184. 

  184. $	then
    185. 

  185. $	    write sys$output "skipping RSA tests"
    186. 

  186. $	else
    187. 

  187. $	    write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
    188. 

  188. $	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
    189. 

  189. $	    if $severity .ne. 1 then goto exit3
    190. 

  190. $
    191. 

  191. $	    if no_dh
    192. 

  192. $	    then
    193. 

  193. $		write sys$output "skipping RSA+DHE tests"
    194. 

  194. $	    else
    195. 

  195. $		write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
    196. 

  196. $		mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
    197. 

  197. $		if $severity .ne. 1 then goto exit3
    198. 

  198. $	    endif
    199. 

  199. $	endif
    200. 

  200. $
    201. 

  201. $	RET = 1
    202. 

  202. $	goto exit
    203. 

  203. $ exit3:
    204. 

  204. $	RET = 3
    205. 

  205. $ exit:
    206. 

  206. $	if p3 .eqs. "" then delete certs.tmp;*
    207. 

  207. $	set on
    208. 

  208. $	exit 'RET'
    209.