[apple/security.git] / SecurityTests / clxutils / sslViewer / verifyPing

#! /bin/csh -f
#
# run sslViewer on a list of known sites, using sslViewer's 'verify 
# protocol' option.
# Arguments to this script are passed on to sslViewer unmodified.
#
set ARG_LIST = 
while ( $#argv > 0 )
	set thisArg = "$argv[1]"
	set ARG_LIST = "$ARG_LIST $thisArg"
	shift
end
echo Starting verifyPing\; args: $ARG_LIST

#
# Sites which support all three protocols
#
# this flaked out yet agaqin...   www.cduniverse.com 
# amazon v2 sends a cert which requires an intermediate
set FULL_TLS_SITES = ( mypage.apple.com \
   gmail.google.com ) 

#
# Sites which support SSLv2 and SSLv3 only
# None known currently
#
set FULL_SSL_SITES = 

#
# Sites which support SSLv2 only
#
# store.apple.com seems to have been permanently upgraded.
#
#set SSLV2_SITES = ( store.apple.com )

#
# Sites which support only TLSv1 and SSLv3
# remote.harpercollins.com asks for a client cert but works if you don't give it one
#
set TLS_SSL3_SITES = ( www.thawte.com \
	store.apple.com \
	digitalid.verisign.com \
	www.firstamlink.com \
    remote.harpercollins.com \
	mbanxonlinebanking.harrisbank.com \
	directory.umich.edu \
	weblogin.umich.edu \
	www.sun.com )

#
# Sites which support all three protocols if 'r' option is specified for SSL2 only
# I.e., these really need to be able to transmit an intermediate cert for us
# to verify them, and SSLv2 doesn't allow that. 
#
# 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
# secure.authorize.net
# 
set FULL_TLS_ANYROOT_SITES = ( www.amazon.com \
    accounts.key.com \
	account.authorize.net )
	
#
# Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
# set TLS_SSL2_SITES = ( directory.umich.edu)
#
set TLS_SSL2_SITES = 

# SSLv3 only - try with TLSv1 
set SSL3_ONLY_SITES = ( www.verisign.com \
	www.cmarket.jp )

#
# SSLv3 and TLS with any root set
# office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
# for a client cert
#
# 12/14/05 : office.bis.bonn.org is offline
#
# set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
set TLS_SSL3_ANYROOT_SITES = (  )

#
# All three protocols.
# One run with all three protocols using SSLv2-compatible Hello
# One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
#
foreach site ($FULL_TLS_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
end

# 
# SSLv3 only
# Try with each of 
# TLSv1 w/SSLv2 Hello
# SSLv3 w/SSLv3 Hello
#
foreach site ($SSL3_ONLY_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
end

#
# SSLV2 seems to be obsolete in the real world
#
#foreach site ($SSLV2_SITES);
#	$LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
#	$LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
#end

#
# All three protocols, but SSLv2 needs 'any root'
# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
#
foreach site ($FULL_TLS_ANYROOT_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
end

#
# No SSLv2
# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
#
foreach site ($TLS_SSL3_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
end

# try SSLv3 and expect SSLV2
foreach site ($TLS_SSL2_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
end
# TLS end SSLv3 with any root
foreach site ($TLS_SSL3_ANYROOT_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
end
Commit	Line	Data
d8f41ccd A	1	#! /bin/csh -f
	2	#
	3	# run sslViewer on a list of known sites, using sslViewer's 'verify
	4	# protocol' option.
	5	# Arguments to this script are passed on to sslViewer unmodified.
	6	#
	7	set ARG_LIST =
	8	while ( $#argv > 0 )
	9	set thisArg = "$argv[1]"
	10	set ARG_LIST = "$ARG_LIST $thisArg"
	11	shift
	12	end
	13	echo Starting verifyPing\; args: $ARG_LIST
	14
	15	#
	16	# Sites which support all three protocols
	17	#
	18	# this flaked out yet agaqin... www.cduniverse.com
	19	# amazon v2 sends a cert which requires an intermediate
	20	set FULL_TLS_SITES = ( mypage.apple.com \
	21	gmail.google.com )
	22
	23	#
	24	# Sites which support SSLv2 and SSLv3 only
	25	# None known currently
	26	#
	27	set FULL_SSL_SITES =
	28
	29	#
	30	# Sites which support SSLv2 only
	31	#
	32	# store.apple.com seems to have been permanently upgraded.
	33	#
	34	#set SSLV2_SITES = ( store.apple.com )
	35
	36	#
	37	# Sites which support only TLSv1 and SSLv3
	38	# remote.harpercollins.com asks for a client cert but works if you don't give it one
	39	#
	40	set TLS_SSL3_SITES = ( www.thawte.com \
	41	store.apple.com \
	42	digitalid.verisign.com \
	43	www.firstamlink.com \
	44	remote.harpercollins.com \
	45	mbanxonlinebanking.harrisbank.com \
	46	directory.umich.edu \
	47	weblogin.umich.edu \
	48	www.sun.com )
	49
	50	#
	51	# Sites which support all three protocols if 'r' option is specified for SSL2 only
	52	# I.e., these really need to be able to transmit an intermediate cert for us
	53	# to verify them, and SSLv2 doesn't allow that.
	54	#
	55	# 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
	56	# secure.authorize.net
	57	#
	58	set FULL_TLS_ANYROOT_SITES = ( www.amazon.com \
	59	accounts.key.com \
	60	account.authorize.net )
	61
	62	#
	63	# Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
	64	# set TLS_SSL2_SITES = ( directory.umich.edu)
65	#
66	set TLS_SSL2_SITES =
67
68	# SSLv3 only - try with TLSv1
69	set SSL3_ONLY_SITES = ( www.verisign.com \
70	www.cmarket.jp )
71
72	#
73	# SSLv3 and TLS with any root set
74	# office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
75	# for a client cert
76	#
77	# 12/14/05 : office.bis.bonn.org is offline
78	#
79	# set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
80	set TLS_SSL3_ANYROOT_SITES = ( )
81
82	#
83	# All three protocols.
84	# One run with all three protocols using SSLv2-compatible Hello
85	# One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
86	#
87	foreach site ($FULL_TLS_SITES);
88	$LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST \|\| exit(1);
89	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST \|\| exit(1);
90	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST \|\| exit(1);
91	end
92
93	#
94	# SSLv3 only
95	# Try with each of
96	# TLSv1 w/SSLv2 Hello
97	# SSLv3 w/SSLv3 Hello
98	#
99	foreach site ($SSL3_ONLY_SITES);
100	$LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST \|\| exit(1);
101	$LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST \|\| exit(1);
102	end
103
104	#
105	# SSLV2 seems to be obsolete in the real world
106	#
107	#foreach site ($SSLV2_SITES);
108	# $LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST \|\| exit(1);
109	# $LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST \|\| exit(1);
110	#end
111
112	#
113	# All three protocols, but SSLv2 needs 'any root'
114	# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
115	#
116	foreach site ($FULL_TLS_ANYROOT_SITES);
117	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST \|\| exit(1);
118	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST \|\| exit(1);
119	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST \|\| exit(1);
120	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST \|\| exit(1);
121	$LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST \|\| exit(1);
122	end
123
124	#
125	# No SSLv2
126	# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
127	#
128	foreach site ($TLS_SSL3_SITES);
129	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST \|\| exit(1);
130	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST \|\| exit(1);
131	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST \|\| exit(1);
132	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST \|\| exit(1);
133	end
134
135	# try SSLv3 and expect SSLV2
136	foreach site ($TLS_SSL2_SITES);
137	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST \|\| exit(1);
138	$LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST \|\| exit(1);
139	end
140	# TLS end SSLv3 with any root
141	foreach site ($TLS_SSL3_ANYROOT_SITES);
142	$LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST \|\| exit(1);
143	$LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST \|\| exit(1);
144	end