sslViewer/verifyPing

   1 #! /bin/csh -f
   2 #
   3 # run sslViewer on a list of known sites, using sslViewer's 'verify
   4 # protocol' option.
   5 # Arguments to this script are passed on to sslViewer unmodified.
   6 #
   7 set ARG_LIST =
   8 while ( $#argv > 0 )
   9         set thisArg = "$argv[1]"
  10         set ARG_LIST = "$ARG_LIST $thisArg"
  11         shift
  12 end
  13 echo Starting verifyPing\; args: $ARG_LIST
  14
  15 #
  16 # Sites which support all three protocols
  17 #
  18 # this flaked out yet agaqin...   www.cduniverse.com
  19 set FULL_TLS_SITES = ( www.amazon.com \
  20    mypage.apple.com \
  21    gmail.google.com )
  22
  23 #
  24 # Sites which support SSLv2 and SSLv3 only
  25 # None known currently
  26 #
  27 set FULL_SSL_SITES =
  28
  29 #
  30 # Sites which support SSLv2 only
  31 #
  32 # store.apple.com seems to have been permanently upgraded.
  33 #
  34 #set SSLV2_SITES = ( store.apple.com )
  35
  36 #
  37 # Sites which support only TLSv1 and SSLv3
  38 # remote.harpercollins.com asks for a client cert but works if you don't give it one
  39 #
  40 set TLS_SSL3_SITES = ( www.thawte.com \
  41         store.apple.com \
  42         digitalid.verisign.com \
  43         www.firstamlink.com \
  44         remote.harpercollins.com \
  45         mbanxonlinebanking.harrisbank.com \
  46         www.sun.com \
  47         directory.umich.edu \
  48         account.authorize.net )
  49
  50 #
  51 # Sites which support all three protocols if 'r' option is specified for SSL2 only
  52 # I.e., these really need to be able to transmit an intermediate cert for us
  53 # to verify them, and SSLv2 doesn't allow that.
  54 #
  55 # 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
  56 # secure.authorize.net
  57 #
  58 # ktt2.keybank.com doesn't seem to be around anymore
  59 set FULL_TLS_ANYROOT_SITES = ( weblogin.umich.edu )
  60
  61 #
  62 # Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
  63 # set TLS_SSL2_SITES = ( directory.umich.edu)
  64 #
  65 set TLS_SSL2_SITES =
  66
  67 # SSLv3 only - try with TLSv1
  68 set SSL3_ONLY_SITES = ( www.verisign.com \
  69         www.cmarket.jp )
  70
  71 #
  72 # SSLv3 and TLS with any root set
  73 # office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
  74 # for a client cert
  75 #
  76 # 12/14/05 : office.bis.bonn.org is offline
  77 #
  78 # set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
  79 set TLS_SSL3_ANYROOT_SITES = (  )
  80
  81 #
  82 # All three protocols.
  83 # One run with all three protocols using SSLv2-compatible Hello
  84 # One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
  85 #
  86 foreach site ($FULL_TLS_SITES);
  87         $LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
  88         $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
  89         $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
  90 end
  91
  92 #
  93 # SSLv3 only
  94 # Try with each of
  95 # TLSv1 w/SSLv2 Hello
  96 # SSLv3 w/SSLv3 Hello
  97 #
  98 foreach site ($SSL3_ONLY_SITES);
  99         $LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
 100         $LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
 101 end
 102
 103 #
 104 # SSLV2 seems to be obsolete in the real world
 105 #
 106 #foreach site ($SSLV2_SITES);
 107 #       $LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
 108 #       $LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
 109 #end
 110
 111 #
 112 # All three protocols, but SSLv2 needs 'any root'
 113 # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
 114 #
 115 foreach site ($FULL_TLS_ANYROOT_SITES);
 116         $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
 117         $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
 118         $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
 119         $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
 120         $LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
 121 end
 122
 123 #
 124 # No SSLv2
 125 # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
 126 #
 127 foreach site ($TLS_SSL3_SITES);
 128         $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
 129         $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
 130         $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
 131         $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
 132 end
 133
 134 # try SSLv3 and expect SSLV2
 135 foreach site ($TLS_SSL2_SITES);
 136         $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
 137         $LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
 138 end
 139 # TLS end SSLv3 with any root
 140 foreach site ($TLS_SSL3_ANYROOT_SITES);
 141         $LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
 142         $LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
 143 end