--- /dev/null
+#! /bin/csh -f
+#
+# run client side of SSL protocol version test. Run this script
+# after starting protServe script.
+#
+#set SSL_NEWROOT=newcert.cer
+set SSL_NEWROOT=localcert.cer
+#
+# set allow hostname spoof for use with numeric IP address (e.g., 10.0.61.6)
+# if the server cert doesn't have a subjectAltName.
+#
+#set NAME_SPOOF=H
+set NAME_SPOOF=
+#
+# In SSL_AUTO mode, we wait SSL_WAIT seconds between runs of sslServer from
+# the protServe script to allow the sslServer to get initialized.
+# Otherwise we wait manually via the sh script doprompt.
+#
+set SSL_AUTO=0
+#
+set SSL_HOST=localhost
+set QUIET=
+while ( $#argv > 0 )
+ switch ( "$argv[1]" )
+ case a:
+ set SSL_AUTO = 1
+ shift
+ breaksw
+ case q:
+ set QUIET = q
+ shift
+ breaksw
+ default:
+ echo 'Usage: protClient [a(auto)]'
+ exit(1)
+ endsw
+end
+#
+# options for every run of sslViewer
+#
+set STD_OPTS="$SSL_HOST a $SSL_NEWROOT $NAME_SPOOF"
+
+echo ===== unrestricted server via SSLSetProtocolVersion
+set SSL_PORT=1200
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
+
+doprompt $SSL_AUTO $QUIET
+
+echo ===== server restricted to SSL2,3 via SSLSetProtocolVersion
+set SSL_PORT=1201
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
+ $STD_OPTS P=$SSL_PORT t o || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
+ $STD_OPTS P=$SSL_PORT g=t || exit(1)
+
+doprompt $SSL_AUTO $QUIET
+
+echo ===== server restricted to SSL2 via SSLSetProtocolVersion
+set SSL_PORT=1202
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=2 || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
+ $STD_OPTS P=$SSL_PORT t o || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
+ $STD_OPTS P=$SSL_PORT 3 o || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
+ $STD_OPTS P=$SSL_PORT g=3t || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
+ $STD_OPTS P=$SSL_PORT g=t || exit(1)
+runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
+ $STD_OPTS P=$SSL_PORT g=3 || exit(1)
+
+doprompt $SSL_AUTO $QUIET
+
+echo ===== unrestricted server via SSLSetProtocolVersionEnabled
+set SSL_PORT=1203
+
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
+
+doprompt $SSL_AUTO $QUIET
+
+echo ===== server restricted to SSL3, TLS1 via SSLSetProtocolVersionEnabled
+set SSL_PORT=1204
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
+runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
+ $STD_OPTS P=$SSL_PORT 2 || exit(1)
+runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
+ $STD_OPTS P=$SSL_PORT g=2 || exit(1)
+
+doprompt $SSL_AUTO $QUIET
+
+echo ===== server restricted to SSL2,3 via SSLSetProtocolVersionEnabled
+set SSL_PORT=1205
+
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
+runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
+#
+# Odd case, we try for TLS1, server should respond with 3, which
+# we don't support
+runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
+ $STD_OPTS P=$SSL_PORT g=2t || exit(1)
+runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
+ $STD_OPTS P=$SSL_PORT t o || exit(1)
+runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
+ $STD_OPTS P=$SSL_PORT g=t || exit(1)
+
+echo =====
+echo ===== protClient success
+echo =====
projects / apple / security.git / blobdiff