+++ /dev/null
-#! /bin/csh -f
-#
-# verify all of the certs in specified directory as intermediates. They must
-# verify against the system roots.
-#
-if ( $#argv < 1 ) then
- echo "Usage: intermedSourceTest directory [q(uiet)] [t(rustSettings)]"
- echo A good directory would be ../../../security_certificates/certs/
- exit(1)
-endif
-#
-set BUILD_DIR=$LOCAL_BUILD_DIR
-set CERTS_DIR=$argv[1]
-
-set QUIET=0
-set TRUST_SETTINGS_ARG=
-shift
-while ( $#argv > 0 )
- switch ( "$argv[1]" )
- case q:
- set QUIET = 1
- shift
- breaksw
- case t:
- set TRUST_SETTINGS_ARG = -g
- shift
- breaksw
- default:
- echo Usage: intermedSourceTest directory
- exit(1)
- endsw
-end
-
-#
-# binaries we need
-#
-set CERTCRL=$BUILD_DIR/certcrl
-set CERTS_FROM_DB=$BUILD_DIR/certsFromDb
-foreach targ ($CERTCRL $CERTS_FROM_DB)
- if(! -e $targ) then
- echo === $targ is missing. Try building clxutil.
- exit(1)
- endif
-end
-
-set SYSTEM_CERTS=/System/Library/Keychains/SystemCACertificates.keychain
-
-echo starting intermedSourceTest
-#
-# certcrl args:
-#
-# -c cert to eval
-# -s use system anchors
-# -a allow certs unverified by CRLs
-# -n no network fetch of CRLs
-# -N no network fetch of certs
-# -f leaf cert is a CA
-# -d SYSTEM_CERTS -- use additional certs from there
-# -L silent
-# -g use Trust Settings
-#
-cd $CERTS_DIR
-foreach certFile (*)
- if ( -f "$certFile" ) then
- if($QUIET == 0) then
- echo testing $certFile....
- endif
- $CERTCRL -c "$certFile" -s -a -f -L -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
- set ERR=$status
- if($ERR == 1) then
- echo "Note: $certFile is expired"
- else
- if($ERR != 0) then
- echo "++++++++ Verification error on $certFile ($ERR)"
- $CERTCRL -c "$certFile" -s -a -f -v -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
- exit(1)
- endif
- endif
-end
-
-if($QUIET == 0) then
- echo "...intermedSourceTest complete"
-endif
-
projects / apple / security.git / blobdiff