openssl/test/testssl.com
Kurt Roeckx 45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00

171 lines
4.9 KiB
Plaintext

$! TESTSSL.COM
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
$!
$ texe_dir = "sys$disk:[-.''__arch'.exe.test]"
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ if p1 .eqs. ""
$ then
$ key="[-.apps]server.pem"
$ else
$ key=p1
$ endif
$ if p2 .eqs. ""
$ then
$ cert="[-.apps]server.pem"
$ else
$ cert=p2
$ endif
$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
" -cert ''cert' -c_key ''key' -c_cert ''cert'"
$!
$ set noon
$ define/user sys$output testssl-x509-output.
$ define/user sys$error nla0:
$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
$ define/user sys$error nla0:
$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
$ if $severity .eq. 1
$ then
$ dsa_cert = "YES"
$ else
$ dsa_cert = "NO"
$ endif
$ delete testssl-x509-output.;*
$
$ if p3 .eqs. ""
$ then
$ copy/concatenate [-.certs]*.pem certs.tmp
$ CA = """-CAfile"" certs.tmp"
$ else
$ CA = """-CAfile"" "+p3
$ endif
$
$!###########################################################################
$
$ write sys$output "test sslv3"
$ 'ssltest' -ssl3
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with server authentication"
$ 'ssltest' -ssl3 -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with client authentication"
$ 'ssltest' -ssl3 -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with both client and server authentication"
$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3"
$ 'ssltest'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with server authentication"
$ 'ssltest' -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with client authentication"
$ 'ssltest' -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with both client and server authentication"
$ 'ssltest' -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 via BIO pair"
$ 'ssltest' -bio_pair -ssl3
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with server authentication via BIO pair"
$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with client authentication via BIO pair"
$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 via BIO pair"
$ 'ssltest'
$ if $severity .ne. 1 then goto exit3
$
$ if .not. dsa_cert
$ then
$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
$ 'ssltest' -bio_pair -no_dhe
$ if $severity .ne. 1 then goto exit3
$ endif
$
$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
$ 'ssltest' -bio_pair -dhe1024dsa -v
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with server authentication"
$ 'ssltest' -bio_pair -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
$ 'ssltest' -bio_pair -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$!###########################################################################
$
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa
$ no_rsa=$SEVERITY
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-dh
$ no_dh=$SEVERITY
$
$ if no_dh
$ then
$ write sys$output "skipping anonymous DH tests"
$ else
$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
$ if $severity .ne. 1 then goto exit3
$ endif
$
$ if no_rsa
$ then
$ write sys$output "skipping RSA tests"
$ else
$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
$ if $severity .ne. 1 then goto exit3
$
$ if no_dh
$ then
$ write sys$output "skipping RSA+DHE tests"
$ else
$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
$ if $severity .ne. 1 then goto exit3
$ endif
$ endif
$
$ RET = 1
$ goto exit
$ exit3:
$ RET = 3
$ exit:
$ if p3 .eqs. "" then delete certs.tmp;*
$ set on
$ exit 'RET'