X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/SecurityTests/clxutils/sslScripts/protClient diff --git a/SecurityTests/clxutils/sslScripts/protClient b/SecurityTests/clxutils/sslScripts/protClient new file mode 100755 index 00000000..9b657393 --- /dev/null +++ b/SecurityTests/clxutils/sslScripts/protClient @@ -0,0 +1,146 @@ +#! /bin/csh -f +# +# run client side of SSL protocol version test. Run this script +# after starting protServe script. +# +#set SSL_NEWROOT=newcert.cer +set SSL_NEWROOT=localcert.cer +# +# set allow hostname spoof for use with numeric IP address (e.g., 10.0.61.6) +# if the server cert doesn't have a subjectAltName. +# +#set NAME_SPOOF=H +set NAME_SPOOF= +# +# In SSL_AUTO mode, we wait SSL_WAIT seconds between runs of sslServer from +# the protServe script to allow the sslServer to get initialized. +# Otherwise we wait manually via the sh script doprompt. +# +set SSL_AUTO=0 +# +set SSL_HOST=localhost +set QUIET= +while ( $#argv > 0 ) + switch ( "$argv[1]" ) + case a: + set SSL_AUTO = 1 + shift + breaksw + case q: + set QUIET = q + shift + breaksw + default: + echo 'Usage: protClient [a(auto)]' + exit(1) + endsw +end +# +# options for every run of sslViewer +# +set STD_OPTS="$SSL_HOST a $SSL_NEWROOT $NAME_SPOOF" + +echo ===== unrestricted server via SSLSetProtocolVersion +set SSL_PORT=1200 +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1) + +doprompt $SSL_AUTO $QUIET + +echo ===== server restricted to SSL2,3 via SSLSetProtocolVersion +set SSL_PORT=1201 +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1) +runProtClient $QUIET e "Expect error due to server ssl3 restriction" \ + $STD_OPTS P=$SSL_PORT t o || exit(1) +runProtClient $QUIET e "Expect error due to server ssl3 restriction" \ + $STD_OPTS P=$SSL_PORT g=t || exit(1) + +doprompt $SSL_AUTO $QUIET + +echo ===== server restricted to SSL2 via SSLSetProtocolVersion +set SSL_PORT=1202 +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=2 || exit(1) +runProtClient $QUIET e "Expect error due to server ssl2 restriction" \ + $STD_OPTS P=$SSL_PORT t o || exit(1) +runProtClient $QUIET e "Expect error due to server ssl2 restriction" \ + $STD_OPTS P=$SSL_PORT 3 o || exit(1) +runProtClient $QUIET e "Expect error due to server ssl2 restriction" \ + $STD_OPTS P=$SSL_PORT g=3t || exit(1) +runProtClient $QUIET e "Expect error due to server ssl2 restriction" \ + $STD_OPTS P=$SSL_PORT g=t || exit(1) +runProtClient $QUIET e "Expect error due to server ssl2 restriction" \ + $STD_OPTS P=$SSL_PORT g=3 || exit(1) + +doprompt $SSL_AUTO $QUIET + +echo ===== unrestricted server via SSLSetProtocolVersionEnabled +set SSL_PORT=1203 + +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1) + +doprompt $SSL_AUTO $QUIET + +echo ===== server restricted to SSL3, TLS1 via SSLSetProtocolVersionEnabled +set SSL_PORT=1204 +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1) +runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \ + $STD_OPTS P=$SSL_PORT 2 || exit(1) +runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \ + $STD_OPTS P=$SSL_PORT g=2 || exit(1) + +doprompt $SSL_AUTO $QUIET + +echo ===== server restricted to SSL2,3 via SSLSetProtocolVersionEnabled +set SSL_PORT=1205 + +runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1) +runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1) +# +# Odd case, we try for TLS1, server should respond with 3, which +# we don't support +runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \ + $STD_OPTS P=$SSL_PORT g=2t || exit(1) +runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \ + $STD_OPTS P=$SSL_PORT t o || exit(1) +runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \ + $STD_OPTS P=$SSL_PORT g=t || exit(1) + +echo ===== +echo ===== protClient success +echo =====