Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: f68854b4c3
Branches Tags
openssl
/
test
/
testssl.com

testssl.com 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. $! TESTSSL.COM
    2. 

  2. $
    3. 

  3. $	__arch := VAX
    4. 

  4. $	if f$getsyi("cpu") .ge. 128 then __arch := AXP
    5. 

  5. $	texe_dir := sys$disk:[-.'__arch'.exe.test]
    6. 

  6. $	exe_dir := sys$disk:[-.'__arch'.exe.apps]
    7. 

  7. $
    8. 

  8. $	if p1 .eqs. ""
    9. 

  9. $	then
    10. 

  10. $	    key="[-.apps]server.pem"
    11. 

  11. $	else
    12. 

  12. $	    key=p1
    13. 

  13. $	endif
    14. 

  14. $	if p2 .eqs. ""
    15. 

  15. $	then
    16. 

  16. $	    cert="[-.apps]server.pem"
    17. 

  17. $	else
    18. 

  18. $	    cert=p2
    19. 

  19. $	endif
    20. 

  20. $	ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
    21. 

  21. $
    22. 

  22. $	define/user sys$output testssl-x509-output.
    23. 

  23. $	define/user sys$error nla0:
    24. 

  24. $	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
    25. 

  25. $	set noon
    26. 

  26. $	define/user sys$error nla0:
    27. 

  27. $	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
    28. 

  28. $	if $severity .eq. 1
    29. 

  29. $	then
    30. 

  30. $	    dsa_cert := YES
    31. 

  31. $	else
    32. 

  32. $	    dsa_cert := NO
    33. 

  33. $	endif
    34. 

  34. $	set on
    35. 

  35. $	delete testssl-x509-output.;*
    36. 

  36. $
    37. 

  37. $	if p3 .eqs. ""
    38. 

  38. $	then
    39. 

  39. $	    copy/concatenate [-.certs]*.pem certs.tmp
    40. 

  40. $	    CA = """-CAfile"" certs.tmp"
    41. 

  41. $	else
    42. 

  42. $	    CA = """-CAfile"" "+p3
    43. 

  43. $	endif
    44. 

  44. $
    45. 

  45. $!###########################################################################
    46. 

  46. $
    47. 

  47. $	write sys$output "test sslv2"
    48. 

  48. $	'ssltest' -ssl2
    49. 

  49. $	if $severity .ne. 1 then goto exit3
    50. 

  50. $
    51. 

  51. $	write sys$output "test sslv2 with server authentication"
    52. 

  52. $	'ssltest' -ssl2 -server_auth 'CA'
    53. 

  53. $	if $severity .ne. 1 then goto exit3
    54. 

  54. $
    55. 

  55. $	if .not. dsa_cert
    56. 

  56. $	then
    57. 

  57. $	    write sys$output "test sslv2 with client authentication"
    58. 

  58. $	    'ssltest' -ssl2 -client_auth 'CA'
    59. 

  59. $	    if $severity .ne. 1 then goto exit3
    60. 

  60. $
    61. 

  61. $	    write sys$output "test sslv2 with both client and server authentication"
    62. 

  62. $	    'ssltest' -ssl2 -server_auth -client_auth 'CA'
    63. 

  63. $	    if $severity .ne. 1 then goto exit3
    64. 

  64. $	endif
    65. 

  65. $
    66. 

  66. $	write sys$output "test sslv3"
    67. 

  67. $	'ssltest' -ssl3
    68. 

  68. $	if $severity .ne. 1 then goto exit3
    69. 

  69. $
    70. 

  70. $	write sys$output "test sslv3 with server authentication"
    71. 

  71. $	'ssltest' -ssl3 -server_auth 'CA'
    72. 

  72. $	if $severity .ne. 1 then goto exit3
    73. 

  73. $
    74. 

  74. $	write sys$output "test sslv3 with client authentication"
    75. 

  75. $	'ssltest' -ssl3 -client_auth 'CA'
    76. 

  76. $	if $severity .ne. 1 then goto exit3
    77. 

  77. $
    78. 

  78. $	write sys$output "test sslv3 with both client and server authentication"
    79. 

  79. $	'ssltest' -ssl3 -server_auth -client_auth 'CA'
    80. 

  80. $	if $severity .ne. 1 then goto exit3
    81. 

  81. $
    82. 

  82. $	write sys$output "test sslv2/sslv3"
    83. 

  83. $	'ssltest'
    84. 

  84. $	if $severity .ne. 1 then goto exit3
    85. 

  85. $
    86. 

  86. $	write sys$output "test sslv2/sslv3 with server authentication"
    87. 

  87. $	'ssltest' -server_auth 'CA'
    88. 

  88. $	if $severity .ne. 1 then goto exit3
    89. 

  89. $
    90. 

  90. $	write sys$output "test sslv2/sslv3 with client authentication"
    91. 

  91. $	'ssltest' -client_auth 'CA'
    92. 

  92. $	if $severity .ne. 1 then goto exit3
    93. 

  93. $
    94. 

  94. $	write sys$output "test sslv2/sslv3 with both client and server authentication"
    95. 

  95. $	'ssltest' -server_auth -client_auth 'CA'
    96. 

  96. $	if $severity .ne. 1 then goto exit3
    97. 

  97. $
    98. 

  98. $	write sys$output "test sslv2 via BIO pair"
    99. 

  99. $	'ssltest' -bio_pair -ssl2 
    100. 

  100. $	if $severity .ne. 1 then goto exit3
    101. 

  101. $
    102. 

  102. $	write sys$output "test sslv2 with server authentication via BIO pair"
    103. 

  103. $	'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
    104. 

  104. $	if $severity .ne. 1 then goto exit3
    105. 

  105. $
    106. 

  106. $	if .not. dsa_cert
    107. 

  107. $	then
    108. 

  108. $	    write sys$output "test sslv2 with client authentication via BIO pair"
    109. 

  109. $	    'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
    110. 

  110. $	    if $severity .ne. 1 then goto exit3
    111. 

  111. $
    112. 

  112. $	    write sys$output "test sslv2 with both client and server authentication via BIO pair"
    113. 

  113. $	    'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
    114. 

  114. $	    if $severity .ne. 1 then goto exit3
    115. 

  115. $	endif
    116. 

  116. $
    117. 

  117. $	write sys$output "test sslv3 via BIO pair"
    118. 

  118. $	'ssltest' -bio_pair -ssl3 
    119. 

  119. $	if $severity .ne. 1 then goto exit3
    120. 

  120. $
    121. 

  121. $	write sys$output "test sslv3 with server authentication via BIO pair"
    122. 

  122. $	'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
    123. 

  123. $	if $severity .ne. 1 then goto exit3
    124. 

  124. $
    125. 

  125. $	write sys$output "test sslv3 with client authentication via BIO pair"
    126. 

  126. $	'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
    127. 

  127. $	if $severity .ne. 1 then goto exit3
    128. 

  128.  
    129. 

  129. $	write sys$output "test sslv3 with both client and server authentication via BIO pair"
    130. 

  130. $	'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
    131. 

  131. $	if $severity .ne. 1 then goto exit3
    132. 

  132. $
    133. 

  133. $	write sys$output "test sslv2/sslv3 via BIO pair"
    134. 

  134. $	'ssltest' 
    135. 

  135. $	if $severity .ne. 1 then goto exit3
    136. 

  136. $
    137. 

  137. $	if .not. dsa_cert
    138. 

  138. $	then
    139. 

  139. $	    write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
    140. 

  140. $	    'ssltest' -bio_pair -no_dhe
    141. 

  141. $	    if $severity .ne. 1 then goto exit3
    142. 

  142. $	endif
    143. 

  143. $
    144. 

  144. $	write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
    145. 

  145. $	'ssltest' -bio_pair -dhe1024dsa -v
    146. 

  146. $	if $severity .ne. 1 then goto exit3
    147. 

  147. $
    148. 

  148. $	write sys$output "test sslv2/sslv3 with server authentication"
    149. 

  149. $	'ssltest' -bio_pair -server_auth 'CA' 
    150. 

  150. $	if $severity .ne. 1 then goto exit3
    151. 

  151. $
    152. 

  152. $	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
    153. 

  153. $	'ssltest' -bio_pair -client_auth 'CA' 
    154. 

  154. $	if $severity .ne. 1 then goto exit3
    155. 

  155. $
    156. 

  156. $	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
    157. 

  157. $	'ssltest' -bio_pair -server_auth -client_auth 'CA' 
    158. 

  158. $	if $severity .ne. 1 then goto exit3
    159. 

  159. $
    160. 

  160. $!###########################################################################
    161. 

  161. $
    162. 

  162. $	set noon
    163. 

  163. $	define/user sys$output nla0:
    164. 

  164. $	mcr 'exe_dir'openssl no-rsa
    165. 

  165. $	no_rsa=$SEVERITY
    166. 

  166. $	define/user sys$output nla0:
    167. 

  167. $	mcr 'exe_dir'openssl no-dh
    168. 

  168. $	no_dh=$SEVERITY
    169. 

  169. $	set on
    170. 

  170. $
    171. 

  171. $	if no_dh
    172. 

  172. $	then
    173. 

  173. $	    write sys$output "skipping anonymous DH tests"
    174. 

  174. $	else
    175. 

  175. $	    write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
    176. 

  176. $	    'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
    177. 

  177. $	    if $severity .ne. 1 then goto exit3
    178. 

  178. $	endif
    179. 

  179. $
    180. 

  180. $	if no_rsa
    181. 

  181. $	then
    182. 

  182. $	    write sys$output "skipping RSA tests"
    183. 

  183. $	else
    184. 

  184. $	    write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
    185. 

  185. $	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
    186. 

  186. $	    if $severity .ne. 1 then goto exit3
    187. 

  187. $
    188. 

  188. $	    if no_dh
    189. 

  189. $	    then
    190. 

  190. $		write sys$output "skipping RSA+DHE tests"
    191. 

  191. $	    else
    192. 

  192. $		write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
    193. 

  193. $		mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
    194. 

  194. $		if $severity .ne. 1 then goto exit3
    195. 

  195. $	    endif
    196. 

  196. $	endif
    197. 

  197. $
    198. 

  198. $	RET = 1
    199. 

  199. $	goto exit
    200. 

  200. $ exit3:
    201. 

  201. $	RET = 3
    202. 

  202. $ exit:
    203. 

  203. $	if p3 .eqs. "" then delete certs.tmp;*
    204. 

  204. $	exit 'RET'
    205.