+++ /dev/null
-#! /bin/csh -f
-#
-# run client side of SSL protocol version test. Run this script
-# after starting protServe script.
-#
-#set SSL_NEWROOT=newcert.cer
-set SSL_NEWROOT=localcert.cer
-#
-# set allow hostname spoof for use with numeric IP address (e.g., 10.0.61.6)
-# if the server cert doesn't have a subjectAltName.
-#
-#set NAME_SPOOF=H
-set NAME_SPOOF=
-#
-# In SSL_AUTO mode, we wait SSL_WAIT seconds between runs of sslServer from
-# the protServe script to allow the sslServer to get initialized.
-# Otherwise we wait manually via the sh script doprompt.
-#
-set SSL_AUTO=0
-#
-set SSL_HOST=localhost
-set QUIET=
-while ( $#argv > 0 )
- switch ( "$argv[1]" )
- case a:
- set SSL_AUTO = 1
- shift
- breaksw
- case q:
- set QUIET = q
- shift
- breaksw
- default:
- echo 'Usage: protClient [a(auto)]'
- exit(1)
- endsw
-end
-#
-# options for every run of sslViewer
-#
-set STD_OPTS="$SSL_HOST a $SSL_NEWROOT $NAME_SPOOF"
-
-echo ===== unrestricted server via SSLSetProtocolVersion
-set SSL_PORT=1200
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
-
-doprompt $SSL_AUTO $QUIET
-
-echo ===== server restricted to SSL2,3 via SSLSetProtocolVersion
-set SSL_PORT=1201
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
- $STD_OPTS P=$SSL_PORT t o || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
- $STD_OPTS P=$SSL_PORT g=t || exit(1)
-
-doprompt $SSL_AUTO $QUIET
-
-echo ===== server restricted to SSL2 via SSLSetProtocolVersion
-set SSL_PORT=1202
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=2 || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
- $STD_OPTS P=$SSL_PORT t o || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
- $STD_OPTS P=$SSL_PORT 3 o || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
- $STD_OPTS P=$SSL_PORT g=3t || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
- $STD_OPTS P=$SSL_PORT g=t || exit(1)
-runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
- $STD_OPTS P=$SSL_PORT g=3 || exit(1)
-
-doprompt $SSL_AUTO $QUIET
-
-echo ===== unrestricted server via SSLSetProtocolVersionEnabled
-set SSL_PORT=1203
-
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
-
-doprompt $SSL_AUTO $QUIET
-
-echo ===== server restricted to SSL3, TLS1 via SSLSetProtocolVersionEnabled
-set SSL_PORT=1204
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
-runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
- $STD_OPTS P=$SSL_PORT 2 || exit(1)
-runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
- $STD_OPTS P=$SSL_PORT g=2 || exit(1)
-
-doprompt $SSL_AUTO $QUIET
-
-echo ===== server restricted to SSL2,3 via SSLSetProtocolVersionEnabled
-set SSL_PORT=1205
-
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
-runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
-#
-# Odd case, we try for TLS1, server should respond with 3, which
-# we don't support
-runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
- $STD_OPTS P=$SSL_PORT g=2t || exit(1)
-runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
- $STD_OPTS P=$SSL_PORT t o || exit(1)
-runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
- $STD_OPTS P=$SSL_PORT g=t || exit(1)
-
-echo =====
-echo ===== protClient success
-echo =====
projects / apple / security.git / blobdiff