--- /dev/null
+#! /bin/csh -f
+#
+# Test Alexander-specific SecureTransport features
+#
+set SSL_HOST=trading.etrade.com
+echo === $SSL_HOST : expired leaf cert ===
+echo === ...no options : expect errSSLCertExpired
+sslViewer $SSL_HOST 3
+if($status == 0) then
+ echo $SSL_HOST did not fail!
+ exit(1)
+endif
+echo === ... allowExpiredRoot expect errSSLCertExpired
+sslViewer $SSL_HOST 3 E
+if($status == 0) then
+ echo $SSL_HOST did not fail!
+ exit(1)
+endif
+echo === ... allowExpiredCerts expect success
+sslViewer $SSL_HOST 3 e
+if($status != 0) then
+ echo allowExpiredCerts did not fix $SSL_HOST!
+ exit(1)
+endif
+
+#
+#
+#
+set SSL_HOST=iproject.apple.com
+echo === $SSL_HOST : good leaf, expired root ===
+echo === ...no options : expect errSSLCertExpired
+sslViewer $SSL_HOST 3
+if($status == 0) then
+ echo $SSL_HOST did not fail!
+ exit(1)
+endif
+echo === ... allowExpiredRoot expect success
+sslViewer $SSL_HOST 3 E
+if($status != 0) then
+ echo allowExpiredRoot did not fix $SSL_HOST!
+ exit(1)
+endif
+echo === ... allowExpiredCerts expect success
+sslViewer $SSL_HOST 3 e
+if($status != 0) then
+ echo allowExpiredCerts did not fix $SSL_HOST!
+ exit(1)
+endif
+#
+#
+#
+set SSL_HOST=www.xdss.com
+echo === $SSL_HOST : unknown root ===
+echo === ...no options : expect errSSLNoRootCert
+sslViewer $SSL_HOST 3
+if($status == 0) then
+ echo $SSL_HOST did not fail!
+ exit(1)
+endif
+echo === ... allowAnyRoot, the old gross workaround, expect success
+sslViewer $SSL_HOST 3 r
+if($status != 0) then
+ echo allowAnyRoot did not fix $SSL_HOST!
+ exit(1)
+endif
+set ANCHOR_FILE=verisignCA.cer
+echo === ... only anchor = $ANCHOR_FILE, expect success
+sslViewer $SSL_HOST 3 A $ANCHOR_FILE
+if($status != 0) then
+ echo A $ANCHOR_FILE did not fix $SSL_HOST!
+ exit(1)
+endif
+echo === ... add anchor $ANCHOR_FILE, expect success
+sslViewer $SSL_HOST 3 a $ANCHOR_FILE
+if($status != 0) then
+ echo a $ANCHOR_FILE did not fix $SSL_HOST!
+ exit(1)
+endif
+
+echo ===== SUCCESS =====
projects / apple / security.git / blobdiff