SecurityTests/clxutils/sslViewer/verifyPing

   1 #! /bin/csh -f
   2 #
   3 # run sslViewer on a list of known sites, using sslViewer's 'verify
   4 # protocol' option.
   5 # Arguments to this script are passed on to sslViewer unmodified.
   6 #
   7 set ARG_LIST =
   8 while ( $#argv > 0 )
   9         set thisArg = "$argv[1]"
  10         set ARG_LIST = "$ARG_LIST $thisArg"
  11         shift
  12 end
  13 echo Starting verifyPing\; args: $ARG_LIST
  14
  15 #
  16 # Sites which support all three protocols
  17 #
  18 # this flaked out yet agaqin...   www.cduniverse.com
  19 # amazon v2 sends a cert which requires an intermediate
  20 set FULL_TLS_SITES = ( mypage.apple.com \
  21    gmail.google.com )
  22
  23 #
  24 # Sites which support SSLv2 and SSLv3 only
  25 # None known currently
  26 #
  27 set FULL_SSL_SITES =
  28
  29 #
  30 # Sites which support SSLv2 only
  31 #
  32 # store.apple.com seems to have been permanently upgraded.
  33 #
  34 #set SSLV2_SITES = ( store.apple.com )
  35
  36 #
  37 # Sites which support only TLSv1 and SSLv3
  38 # remote.harpercollins.com asks for a client cert but works if you don't give it one
  39 #
  40 set TLS_SSL3_SITES = ( www.thawte.com \
  41         store.apple.com \
  42         digitalid.verisign.com \
  43         www.firstamlink.com \
  44     remote.harpercollins.com \
  45         mbanxonlinebanking.harrisbank.com \
  46         directory.umich.edu \
  47         weblogin.umich.edu \
  48         www.sun.com )
  49
  50 #
  51 # Sites which support all three protocols if 'r' option is specified for SSL2 only
  52 # I.e., these really need to be able to transmit an intermediate cert for us
  53 # to verify them, and SSLv2 doesn't allow that.
  54 #
  55 # 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
  56 # secure.authorize.net
  57 #
  58 set FULL_TLS_ANYROOT_SITES = ( www.amazon.com \
  59     accounts.key.com \
  60         account.authorize.net )
  61
  62 #
  63 # Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
  64 # set TLS_SSL2_SITES = ( directory.umich.edu)
  65 #
  66 set TLS_SSL2_SITES =
  67
  68 # SSLv3 only - try with TLSv1
  69 set SSL3_ONLY_SITES = ( www.verisign.com \
  70         www.cmarket.jp )
  71
  72 #
  73 # SSLv3 and TLS with any root set
  74 # office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
  75 # for a client cert
  76 #
  77 # 12/14/05 : office.bis.bonn.org is offline
  78 #
  79 # set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
  80 set TLS_SSL3_ANYROOT_SITES = (  )
  81
  82 #
  83 # All three protocols.
  84 # One run with all three protocols using SSLv2-compatible Hello
  85 # One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
  86 #
  87 foreach site ($FULL_TLS_SITES);
  88         $LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
  89         $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
  90         $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
  91 end
  92
  93 #
  94 # SSLv3 only
  95 # Try with each of
  96 # TLSv1 w/SSLv2 Hello
  97 # SSLv3 w/SSLv3 Hello
  98 #
  99 foreach site ($SSL3_ONLY_SITES);
 100         $LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
 101         $LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
 102 end
 103
 104 #
 105 # SSLV2 seems to be obsolete in the real world
 106 #
 107 #foreach site ($SSLV2_SITES);
 108 #       $LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
 109 #       $LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
 110 #end
 111
 112 #
 113 # All three protocols, but SSLv2 needs 'any root'
 114 # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
 115 #
 116 foreach site ($FULL_TLS_ANYROOT_SITES);
 117         $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
 118         $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
 119         $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
 120         $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
 121         $LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
 122 end
 123
 124 #
 125 # No SSLv2
 126 # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
 127 #
 128 foreach site ($TLS_SSL3_SITES);
 129         $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
 130         $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
 131         $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
 132         $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
 133 end
 134
 135 # try SSLv3 and expect SSLV2
 136 foreach site ($TLS_SSL2_SITES);
 137         $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
 138         $LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
 139 end
 140 # TLS end SSLv3 with any root
 141 foreach site ($TLS_SSL3_ANYROOT_SITES);
 142         $LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
 143         $LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
 144 end