[apple/security.git] / sslViewer / verifyPing

#! /bin/csh -f
#
# run sslViewer on a list of known sites, using sslViewer's 'verify 
# protocol' option.
# Arguments to this script are passed on to sslViewer unmodified.
#
set ARG_LIST = 
while ( $#argv > 0 )
	set thisArg = "$argv[1]"
	set ARG_LIST = "$ARG_LIST $thisArg"
	shift
end
echo Starting verifyPing\; args: $ARG_LIST

#
# Sites which support all three protocols
#
# this flaked out yet agaqin...   www.cduniverse.com 
set FULL_TLS_SITES = ( www.amazon.com \
   mypage.apple.com \
   gmail.google.com ) 

#
# Sites which support SSLv2 and SSLv3 only
# None known currently
#
set FULL_SSL_SITES = 

#
# Sites which support SSLv2 only
#
# store.apple.com seems to have been permanently upgraded.
#
#set SSLV2_SITES = ( store.apple.com )

#
# Sites which support only TLSv1 and SSLv3
# remote.harpercollins.com asks for a client cert but works if you don't give it one
#
set TLS_SSL3_SITES = ( www.thawte.com \
	store.apple.com \
	digitalid.verisign.com \
	www.firstamlink.com \
	remote.harpercollins.com \
	mbanxonlinebanking.harrisbank.com \
	www.sun.com \
	directory.umich.edu \
	account.authorize.net )

#
# Sites which support all three protocols if 'r' option is specified for SSL2 only
# I.e., these really need to be able to transmit an intermediate cert for us
# to verify them, and SSLv2 doesn't allow that. 
#
# 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
# secure.authorize.net
# 
# ktt2.keybank.com doesn't seem to be around anymore
set FULL_TLS_ANYROOT_SITES = ( weblogin.umich.edu )

#
# Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
# set TLS_SSL2_SITES = ( directory.umich.edu)
#
set TLS_SSL2_SITES = 

# SSLv3 only - try with TLSv1 
set SSL3_ONLY_SITES = ( www.verisign.com \
	www.cmarket.jp )

#
# SSLv3 and TLS with any root set
# office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
# for a client cert
#
# 12/14/05 : office.bis.bonn.org is offline
#
# set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
set TLS_SSL3_ANYROOT_SITES = (  )

#
# All three protocols.
# One run with all three protocols using SSLv2-compatible Hello
# One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
#
foreach site ($FULL_TLS_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
end

# 
# SSLv3 only
# Try with each of 
# TLSv1 w/SSLv2 Hello
# SSLv3 w/SSLv3 Hello
#
foreach site ($SSL3_ONLY_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
end

#
# SSLV2 seems to be obsolete in the real world
#
#foreach site ($SSLV2_SITES);
#	$LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
#	$LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
#end

#
# All three protocols, but SSLv2 needs 'any root'
# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
#
foreach site ($FULL_TLS_ANYROOT_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
end

#
# No SSLv2
# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
#
foreach site ($TLS_SSL3_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
end

# try SSLv3 and expect SSLV2
foreach site ($TLS_SSL2_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
end
# TLS end SSLv3 with any root
foreach site ($TLS_SSL3_ANYROOT_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
end
Commit	Line	Data
d8f41ccd A	1	#! /bin/csh -f
	2	#
	3	# run sslViewer on a list of known sites, using sslViewer's 'verify
	4	# protocol' option.
	5	# Arguments to this script are passed on to sslViewer unmodified.
	6	#
	7	set ARG_LIST =
	8	while ( $#argv > 0 )
	9	set thisArg = "$argv[1]"
	10	set ARG_LIST = "$ARG_LIST $thisArg"
	11	shift
	12	end
	13	echo Starting verifyPing\; args: $ARG_LIST
	14
	15	#
	16	# Sites which support all three protocols
	17	#
	18	# this flaked out yet agaqin... www.cduniverse.com
	19	set FULL_TLS_SITES = ( www.amazon.com \
	20	mypage.apple.com \
	21	gmail.google.com )
	22
	23	#
	24	# Sites which support SSLv2 and SSLv3 only
	25	# None known currently
	26	#
	27	set FULL_SSL_SITES =
	28
	29	#
	30	# Sites which support SSLv2 only
	31	#
	32	# store.apple.com seems to have been permanently upgraded.
	33	#
	34	#set SSLV2_SITES = ( store.apple.com )
	35
	36	#
	37	# Sites which support only TLSv1 and SSLv3
	38	# remote.harpercollins.com asks for a client cert but works if you don't give it one
	39	#
	40	set TLS_SSL3_SITES = ( www.thawte.com \
	41	store.apple.com \
	42	digitalid.verisign.com \
	43	www.firstamlink.com \
	44	remote.harpercollins.com \
	45	mbanxonlinebanking.harrisbank.com \
	46	www.sun.com \
	47	directory.umich.edu \
	48	account.authorize.net )
	49
	50	#
	51	# Sites which support all three protocols if 'r' option is specified for SSL2 only
	52	# I.e., these really need to be able to transmit an intermediate cert for us
	53	# to verify them, and SSLv2 doesn't allow that.
	54	#
	55	# 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
	56	# secure.authorize.net
	57	#
	58	# ktt2.keybank.com doesn't seem to be around anymore
	59	set FULL_TLS_ANYROOT_SITES = ( weblogin.umich.edu )
	60
	61	#
	62	# Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
	63	# set TLS_SSL2_SITES = ( directory.umich.edu)
	64	#
65	set TLS_SSL2_SITES =
66
67	# SSLv3 only - try with TLSv1
68	set SSL3_ONLY_SITES = ( www.verisign.com \
69	www.cmarket.jp )
70
71	#
72	# SSLv3 and TLS with any root set
73	# office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
74	# for a client cert
75	#
76	# 12/14/05 : office.bis.bonn.org is offline
77	#
78	# set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
79	set TLS_SSL3_ANYROOT_SITES = ( )
80
81	#
82	# All three protocols.
83	# One run with all three protocols using SSLv2-compatible Hello
84	# One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
85	#
86	foreach site ($FULL_TLS_SITES);
87	$LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST \|\| exit(1);
88	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST \|\| exit(1);
89	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST \|\| exit(1);
90	end
91
92	#
93	# SSLv3 only
94	# Try with each of
95	# TLSv1 w/SSLv2 Hello
96	# SSLv3 w/SSLv3 Hello
97	#
98	foreach site ($SSL3_ONLY_SITES);
99	$LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST \|\| exit(1);
100	$LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST \|\| exit(1);
101	end
102
103	#
104	# SSLV2 seems to be obsolete in the real world
105	#
106	#foreach site ($SSLV2_SITES);
107	# $LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST \|\| exit(1);
108	# $LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST \|\| exit(1);
109	#end
110
111	#
112	# All three protocols, but SSLv2 needs 'any root'
113	# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
114	#
115	foreach site ($FULL_TLS_ANYROOT_SITES);
116	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST \|\| exit(1);
117	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST \|\| exit(1);
118	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST \|\| exit(1);
119	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST \|\| exit(1);
120	$LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST \|\| exit(1);
121	end
122
123	#
124	# No SSLv2
125	# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
126	#
127	foreach site ($TLS_SSL3_SITES);
128	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST \|\| exit(1);
129	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST \|\| exit(1);
130	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST \|\| exit(1);
131	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST \|\| exit(1);
132	end
133
134	# try SSLv3 and expect SSLV2
135	foreach site ($TLS_SSL2_SITES);
136	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST \|\| exit(1);
137	$LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST \|\| exit(1);
138	end
139	# TLS end SSLv3 with any root
140	foreach site ($TLS_SSL3_ANYROOT_SITES);
141	$LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST \|\| exit(1);
142	$LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST \|\| exit(1);
143	end