]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/sslViewer/verifyPing
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / clxutils / sslViewer / verifyPing
1 #! /bin/csh -f
2 #
3 # run sslViewer on a list of known sites, using sslViewer's 'verify
4 # protocol' option.
5 # Arguments to this script are passed on to sslViewer unmodified.
6 #
7 set ARG_LIST =
8 while ( $#argv > 0 )
9 set thisArg = "$argv[1]"
10 set ARG_LIST = "$ARG_LIST $thisArg"
11 shift
12 end
13 echo Starting verifyPing\; args: $ARG_LIST
14
15 #
16 # Sites which support all three protocols
17 #
18 # this flaked out yet agaqin... www.cduniverse.com
19 # amazon v2 sends a cert which requires an intermediate
20 set FULL_TLS_SITES = ( mypage.apple.com \
21 gmail.google.com )
22
23 #
24 # Sites which support SSLv2 and SSLv3 only
25 # None known currently
26 #
27 set FULL_SSL_SITES =
28
29 #
30 # Sites which support SSLv2 only
31 #
32 # store.apple.com seems to have been permanently upgraded.
33 #
34 #set SSLV2_SITES = ( store.apple.com )
35
36 #
37 # Sites which support only TLSv1 and SSLv3
38 # remote.harpercollins.com asks for a client cert but works if you don't give it one
39 #
40 set TLS_SSL3_SITES = ( www.thawte.com \
41 store.apple.com \
42 digitalid.verisign.com \
43 www.firstamlink.com \
44 remote.harpercollins.com \
45 mbanxonlinebanking.harrisbank.com \
46 directory.umich.edu \
47 weblogin.umich.edu \
48 www.sun.com )
49
50 #
51 # Sites which support all three protocols if 'r' option is specified for SSL2 only
52 # I.e., these really need to be able to transmit an intermediate cert for us
53 # to verify them, and SSLv2 doesn't allow that.
54 #
55 # 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
56 # secure.authorize.net
57 #
58 set FULL_TLS_ANYROOT_SITES = ( www.amazon.com \
59 accounts.key.com \
60 account.authorize.net )
61
62 #
63 # Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
64 # set TLS_SSL2_SITES = ( directory.umich.edu)
65 #
66 set TLS_SSL2_SITES =
67
68 # SSLv3 only - try with TLSv1
69 set SSL3_ONLY_SITES = ( www.verisign.com \
70 www.cmarket.jp )
71
72 #
73 # SSLv3 and TLS with any root set
74 # office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
75 # for a client cert
76 #
77 # 12/14/05 : office.bis.bonn.org is offline
78 #
79 # set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
80 set TLS_SSL3_ANYROOT_SITES = ( )
81
82 #
83 # All three protocols.
84 # One run with all three protocols using SSLv2-compatible Hello
85 # One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
86 #
87 foreach site ($FULL_TLS_SITES);
88 $LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
89 $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
90 $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
91 end
92
93 #
94 # SSLv3 only
95 # Try with each of
96 # TLSv1 w/SSLv2 Hello
97 # SSLv3 w/SSLv3 Hello
98 #
99 foreach site ($SSL3_ONLY_SITES);
100 $LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
101 $LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
102 end
103
104 #
105 # SSLV2 seems to be obsolete in the real world
106 #
107 #foreach site ($SSLV2_SITES);
108 # $LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
109 # $LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
110 #end
111
112 #
113 # All three protocols, but SSLv2 needs 'any root'
114 # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
115 #
116 foreach site ($FULL_TLS_ANYROOT_SITES);
117 $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
118 $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
119 $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
120 $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
121 $LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
122 end
123
124 #
125 # No SSLv2
126 # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
127 #
128 foreach site ($TLS_SSL3_SITES);
129 $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
130 $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
131 $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
132 $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
133 end
134
135 # try SSLv3 and expect SSLV2
136 foreach site ($TLS_SSL2_SITES);
137 $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
138 $LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
139 end
140 # TLS end SSLv3 with any root
141 foreach site ($TLS_SSL3_ANYROOT_SITES);
142 $LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
143 $LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
144 end