SecurityTests/clxutils/sslScripts/protClient

   1 #! /bin/csh -f
   2 #
   3 # run client side of SSL protocol version test. Run this script
   4 # after starting protServe script.
   5 #
   6 #set SSL_NEWROOT=newcert.cer
   7 set SSL_NEWROOT=localcert.cer
   8 #
   9 # set allow hostname spoof for use with numeric IP address (e.g., 10.0.61.6)
  10 # if the server cert doesn't have a subjectAltName.
  11 #
  12 #set NAME_SPOOF=H
  13 set NAME_SPOOF=
  14 #
  15 # In SSL_AUTO mode, we wait SSL_WAIT seconds between runs of sslServer from
  16 # the protServe script to allow the sslServer to get initialized.
  17 # Otherwise we wait manually via the sh script doprompt.
  18 #
  19 set SSL_AUTO=0
  20 #
  21 set SSL_HOST=localhost
  22 set QUIET=
  23 while ( $#argv > 0 )
  24     switch ( "$argv[1]" )
  25         case a:
  26             set SSL_AUTO = 1
  27             shift
  28             breaksw
  29         case q:
  30             set QUIET = q
  31             shift
  32             breaksw
  33         default:
  34             echo 'Usage: protClient [a(auto)]'
  35             exit(1)
  36     endsw
  37 end
  38 #
  39 # options for every run of sslViewer
  40 #
  41 set STD_OPTS="$SSL_HOST a $SSL_NEWROOT $NAME_SPOOF"
  42
  43 echo ===== unrestricted server via SSLSetProtocolVersion
  44 set SSL_PORT=1200
  45 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
  46 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
  47 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
  48 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
  49 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
  50 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
  51 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
  52 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
  53 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
  54 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
  55 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
  56
  57 doprompt $SSL_AUTO $QUIET
  58
  59 echo ===== server restricted to SSL2,3 via SSLSetProtocolVersion
  60 set SSL_PORT=1201
  61 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
  62 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
  63 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
  64 runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
  65         $STD_OPTS P=$SSL_PORT t o || exit(1)
  66 runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
  67         $STD_OPTS P=$SSL_PORT g=t || exit(1)
  68
  69 doprompt $SSL_AUTO $QUIET
  70
  71 echo ===== server restricted to SSL2 via SSLSetProtocolVersion
  72 set SSL_PORT=1202
  73 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
  74 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=2 || exit(1)
  75 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=2 || exit(1)
  76 runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
  77         $STD_OPTS P=$SSL_PORT t o || exit(1)
  78 runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
  79         $STD_OPTS P=$SSL_PORT 3 o || exit(1)
  80 runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
  81         $STD_OPTS P=$SSL_PORT g=3t || exit(1)
  82 runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
  83         $STD_OPTS P=$SSL_PORT g=t || exit(1)
  84 runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
  85         $STD_OPTS P=$SSL_PORT g=3 || exit(1)
  86
  87 doprompt $SSL_AUTO $QUIET
  88
  89 echo ===== unrestricted server via SSLSetProtocolVersionEnabled
  90 set SSL_PORT=1203
  91
  92 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
  93 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
  94 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
  95 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
  96 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
  97 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
  98 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
  99 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
 100 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
 101 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
 102 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
 103
 104 doprompt $SSL_AUTO $QUIET
 105
 106 echo ===== server restricted to SSL3, TLS1 via SSLSetProtocolVersionEnabled
 107 set SSL_PORT=1204
 108 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
 109 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
 110 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
 111 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
 112 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
 113 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
 114 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
 115 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
 116 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
 117 runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
 118         $STD_OPTS P=$SSL_PORT 2 || exit(1)
 119 runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
 120         $STD_OPTS P=$SSL_PORT g=2 || exit(1)
 121
 122 doprompt $SSL_AUTO $QUIET
 123
 124 echo ===== server restricted to SSL2,3 via SSLSetProtocolVersionEnabled
 125 set SSL_PORT=1205
 126
 127 runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
 128 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
 129 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
 130 runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
 131 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=3 || exit(1)
 132 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
 133 runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
 134 #
 135 # Odd case, we try for TLS1, server should respond with 3, which
 136 # we don't support
 137 runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
 138         $STD_OPTS P=$SSL_PORT g=2t || exit(1)
 139 runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
 140         $STD_OPTS P=$SSL_PORT t o || exit(1)
 141 runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
 142         $STD_OPTS P=$SSL_PORT g=t || exit(1)
 143
 144 echo =====
 145 echo ===== protClient success
 146 echo =====