]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/sslScripts/ssldvt
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / sslScripts / ssldvt
1 #! /bin/csh -f
2 #
3 # run SSL tests.
4 # For now the sslSession run using the imported p12 identity is disabled by default
5 # since there is apparently no way to avoid the UI resulting from attempting
6 # to use a private key imported via p12 (even to modify the ACL by the same program
7 # that imported it!).
8 #
9 #
10 set QUIET=
11 set QUIET_=
12 set VERB=
13 set PINGSSL_QUIET=
14 set NON_BLOCK=
15 set LARGE_DH=
16 set P12_SESSION=NO
17 set DO_PING=YES
18 set RING_BUFS=
19
20 source sslKcSetup
21
22 #
23 while ( $#argv > 0 )
24 switch ( "$argv[1]" )
25 case v:
26 set VERB = v
27 shift
28 breaksw
29 case q:
30 set QUIET = q
31 set QUIET_ = -q
32 set PINGSSL_QUIET = s
33 shift
34 breaksw
35 case p:
36 set P12_SESSION = YES
37 shift
38 breaksw
39 case b:
40 set NON_BLOCK=b
41 shift
42 breaksw
43 case l:
44 set LARGE_DH=l
45 shift
46 breaksw
47 case n:
48 set DO_PING=NO
49 shift
50 breaksw
51 case R:
52 set RING_BUFS=R
53 shift
54 breaksw
55 default:
56 cat ssldvtUsage
57 exit(1)
58 endsw
59 end
60 #
61 # Verify presence and validity of required certs
62 #
63 if((! -e $LOCAL_CERT) || (! -e $CLIENT_CERT) || \
64 (! -e $LOCAL_KC_PATH) || (! -e $CLIENT_KC_PATH) || \
65 (! -e $P12_KC_PATH) || (! -e $P12_ROOT_CERT)) then
66 cat ssldvtCertErr
67 exit(1)
68 endif
69 $BUILD_DIR/certcrl -c $LOCAL_CERT -a -e=CSSMERR_TP_INVALID_ANCHOR_CERT >> /dev/null
70 if($status) then
71 echo === initial run of certcrl yielded unexpected results ===
72 cat ssldvtCertErr
73 exit(1)
74 endif
75
76 # P12-based, RSA
77 if($P12_SESSION == YES) then
78 $BUILD_DIR/sslSession $P12_KC z=$P12_KC_PWD a $P12_ROOT_CERT k $QUIET $VERB $NON_BLOCK $RING_BUFS || exit(1)
79 endif
80 $BUILD_DIR/sslAlert $QUIET $VERB s=$LOCAL_CERT c=$CLIENT_CERT $NON_BLOCK $RING_BUFS || exit(1)
81 $BUILD_DIR/sslProt $QUIET $VERB s=$LOCAL_CERT $NON_BLOCK $RING_BUFS || exit(1)
82 $BUILD_DIR/sslAuth $QUIET $VERB s=$LOCAL_CERT c=$CLIENT_CERT $NON_BLOCK $RING_BUFS || exit(1)
83 $BUILD_DIR/sslCipher $QUIET $VERB $NON_BLOCK s=$LOCAL_CERT d=$DSA_CERT $LARGE_DH $RING_BUFS || exit(1)
84 #
85 # Use cert configured for client use on server side, verify policy fail
86 #
87 $BUILD_DIR/sslSession $CLIENT_KC a $CLIENT_CERT x $QUIET $RING_BUFS || exit(1)
88 #
89 # Use cert configured for server use on client side, verify policy fail
90 #
91 $BUILD_DIR/sslSession $LOCAL_KC a $LOCAL_CERT c=$LOCAL_KC X u $RING_BUFS $QUIET || exit(1)
92 #
93 # check for cert-specific errors
94 #
95 set SSL_SCRIPT_DIR=`pwd`
96 #
97 # This one needs certs in current directory; copy the script
98 # to build dir and run there; return to cwd afterwards
99 #
100 cp sslExtendUse.scr $BUILD_DIR
101 cd $BUILD_DIR
102 ./certcrl -S sslExtendUse.scr $QUIET_ || exit(1)
103 cd $SSL_SCRIPT_DIR
104 #
105 if($DO_PING == YES) then
106 ../sslViewer/verifyPing $PINGSSL_QUIET $VERB $NON_BLOCK || exit(1)
107 endif
108
109 echo "### ssldvt completed successfully. ###"
mirror of Security