[thirdparty/openssl.git] / test / testssl.com

$! TESTSSL.COM
$
$	__arch := VAX
$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
$	texe_dir := sys$disk:[-.'__arch'.exe.test]
$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
$
$	if p1 .eqs. ""
$	then
$	    key="[-.apps]server.pem"
$	else
$	    key=p1
$	endif
$	if p2 .eqs. ""
$	then
$	    cert="[-.apps]server.pem"
$	else
$	    cert=p2
$	endif
$	ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
$
$	define/user sys$output testssl-x509-output.
$	define/user sys$error nla0:
$	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
$	set noon
$	define/user sys$error nla0:
$	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
$	if $severity .eq. 1
$	then
$	    dsa_cert := YES
$	else
$	    dsa_cert := NO
$	endif
$	set on
$	delete testssl-x509-output.;*
$
$	if p3 .eqs. ""
$	then
$	    copy/concatenate [-.certs]*.pem certs.tmp
$	    CA = """-CAfile"" certs.tmp"
$	else
$	    CA = """-CAfile"" "+p3
$	endif
$
$!###########################################################################
$
$	write sys$output "test sslv2"
$	'ssltest' -ssl2
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2 with server authentication"
$	'ssltest' -ssl2 -server_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	if .not. dsa_cert
$	then
$	    write sys$output "test sslv2 with client authentication"
$	    'ssltest' -ssl2 -client_auth 'CA'
$	    if $severity .ne. 1 then goto exit3
$
$	    write sys$output "test sslv2 with both client and server authentication"
$	    'ssltest' -ssl2 -server_auth -client_auth 'CA'
$	    if $severity .ne. 1 then goto exit3
$	endif
$
$	write sys$output "test sslv3"
$	'ssltest' -ssl3
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with server authentication"
$	'ssltest' -ssl3 -server_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with client authentication"
$	'ssltest' -ssl3 -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with both client and server authentication"
$	'ssltest' -ssl3 -server_auth -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3"
$	'ssltest'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with server authentication"
$	'ssltest' -server_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with client authentication"
$	'ssltest' -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with both client and server authentication"
$	'ssltest' -server_auth -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2 via BIO pair"
$	'ssltest' -bio_pair -ssl2 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2 with server authentication via BIO pair"
$	'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	if .not. dsa_cert
$	then
$	    write sys$output "test sslv2 with client authentication via BIO pair"
$	    'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
$	    if $severity .ne. 1 then goto exit3
$
$	    write sys$output "test sslv2 with both client and server authentication via BIO pair"
$	    'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
$	    if $severity .ne. 1 then goto exit3
$	endif
$
$	write sys$output "test sslv3 via BIO pair"
$	'ssltest' -bio_pair -ssl3 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with server authentication via BIO pair"
$	'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with client authentication via BIO pair"
$	'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
 
$	write sys$output "test sslv3 with both client and server authentication via BIO pair"
$	'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 via BIO pair"
$	'ssltest' 
$	if $severity .ne. 1 then goto exit3
$
$	if .not. dsa_cert
$	then
$	    write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
$	    'ssltest' -bio_pair -no_dhe
$	    if $severity .ne. 1 then goto exit3
$	endif
$
$	write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
$	'ssltest' -bio_pair -dhe1024dsa -v
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with server authentication"
$	'ssltest' -bio_pair -server_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
$	'ssltest' -bio_pair -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
$	'ssltest' -bio_pair -server_auth -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$!###########################################################################
$
$	set noon
$	define/user sys$output nla0:
$	mcr 'exe_dir'openssl no-rsa
$	no_rsa=$SEVERITY
$	define/user sys$output nla0:
$	mcr 'exe_dir'openssl no-dh
$	no_dh=$SEVERITY
$	set on
$
$	if no_dh
$	then
$	    write sys$output "skipping anonymous DH tests"
$	else
$	    write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
$	    'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
$	    if $severity .ne. 1 then goto exit3
$	endif
$
$	if no_rsa
$	then
$	    write sys$output "skipping RSA tests"
$	else
$	    write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
$	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
$	    if $severity .ne. 1 then goto exit3
$
$	    if no_dh
$	    then
$		write sys$output "skipping RSA+DHE tests"
$	    else
$		write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
$		mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
$		if $severity .ne. 1 then goto exit3
$	    endif
$	endif
$
$	RET = 1
$	goto exit
$ exit3:
$	RET = 3
$ exit:
$	if p3 .eqs. "" then delete certs.tmp;*
$	exit 'RET'
Commit	Line	Data
7d7d2cbc UM	1	$! TESTSSL.COM
	2	$
	3	$ __arch := VAX
	4	$ if f$getsyi("cpu") .ge. 128 then __arch := AXP
c13ee214 RL	5	$ texe_dir := sys$disk:[-.'__arch'.exe.test]
	6	$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
	7	$
	8	$ if p1 .eqs. ""
	9	$ then
	10	$ key="[-.apps]server.pem"
	11	$ else
	12	$ key=p1
	13	$ endif
	14	$ if p2 .eqs. ""
	15	$ then
	16	$ cert="[-.apps]server.pem"
	17	$ else
	18	$ cert=p2
	19	$ endif
	20	$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
	21	$
cde245bd	22	$ define/user sys$output testssl-x509-output.
c13ee214 RL	23	$ define/user sys$error nla0:
	24	$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
	25	$ set noon
	26	$ define/user sys$error nla0:
cde245bd	27	$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
c13ee214 RL	28	$ if $severity .eq. 1
	29	$ then
	30	$ dsa_cert := YES
	31	$ else
	32	$ dsa_cert := NO
	33	$ endif
	34	$ set on
cde245bd	35	$ delete testssl-x509-output.;*
c13ee214 RL	36	$
	37	$ if p3 .eqs. ""
	38	$ then
	39	$ copy/concatenate [-.certs]*.pem certs.tmp
	40	$ CA = """-CAfile"" certs.tmp"
	41	$ else
	42	$ CA = """-CAfile"" "+p3
	43	$ endif
	44	$
	45	$!###########################################################################
7d7d2cbc UM	46	$
7d7d2cbc UM	47	$ write sys$output "test sslv2"
c13ee214	48	$ 'ssltest' -ssl2
7d7d2cbc UM	49	$ if $severity .ne. 1 then goto exit3
	50	$
	51	$ write sys$output "test sslv2 with server authentication"
c13ee214	52	$ 'ssltest' -ssl2 -server_auth 'CA'
7d7d2cbc UM	53	$ if $severity .ne. 1 then goto exit3
7d7d2cbc UM	54	$
c13ee214 RL	55	$ if .not. dsa_cert
	56	$ then
	57	$ write sys$output "test sslv2 with client authentication"
	58	$ 'ssltest' -ssl2 -client_auth 'CA'
	59	$ if $severity .ne. 1 then goto exit3
7d7d2cbc	60	$
c13ee214 RL	61	$ write sys$output "test sslv2 with both client and server authentication"
	62	$ 'ssltest' -ssl2 -server_auth -client_auth 'CA'
	63	$ if $severity .ne. 1 then goto exit3
	64	$ endif
7d7d2cbc UM	65	$
7d7d2cbc UM	66	$ write sys$output "test sslv3"
c13ee214	67	$ 'ssltest' -ssl3
7d7d2cbc UM	68	$ if $severity .ne. 1 then goto exit3
	69	$
	70	$ write sys$output "test sslv3 with server authentication"
c13ee214	71	$ 'ssltest' -ssl3 -server_auth 'CA'
7d7d2cbc UM	72	$ if $severity .ne. 1 then goto exit3
	73	$
	74	$ write sys$output "test sslv3 with client authentication"
c13ee214	75	$ 'ssltest' -ssl3 -client_auth 'CA'
7d7d2cbc UM	76	$ if $severity .ne. 1 then goto exit3
	77	$
	78	$ write sys$output "test sslv3 with both client and server authentication"
c13ee214	79	$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
7d7d2cbc UM	80	$ if $severity .ne. 1 then goto exit3
	81	$
	82	$ write sys$output "test sslv2/sslv3"
c13ee214	83	$ 'ssltest'
7d7d2cbc UM	84	$ if $severity .ne. 1 then goto exit3
	85	$
	86	$ write sys$output "test sslv2/sslv3 with server authentication"
c13ee214	87	$ 'ssltest' -server_auth 'CA'
7d7d2cbc UM	88	$ if $severity .ne. 1 then goto exit3
	89	$
	90	$ write sys$output "test sslv2/sslv3 with client authentication"
c13ee214	91	$ 'ssltest' -client_auth 'CA'
7d7d2cbc UM	92	$ if $severity .ne. 1 then goto exit3
	93	$
	94	$ write sys$output "test sslv2/sslv3 with both client and server authentication"
c13ee214	95	$ 'ssltest' -server_auth -client_auth 'CA'
7d7d2cbc UM	96	$ if $severity .ne. 1 then goto exit3
7d7d2cbc UM	97	$
8c197cc5	98	$ write sys$output "test sslv2 via BIO pair"
c13ee214	99	$ 'ssltest' -bio_pair -ssl2
da0fc5bf RL	100	$ if $severity .ne. 1 then goto exit3
da0fc5bf RL	101	$
8c197cc5	102	$ write sys$output "test sslv2 with server authentication via BIO pair"
c13ee214	103	$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA'
8c197cc5 UM	104	$ if $severity .ne. 1 then goto exit3
8c197cc5 UM	105	$
c13ee214 RL	106	$ if .not. dsa_cert
	107	$ then
	108	$ write sys$output "test sslv2 with client authentication via BIO pair"
	109	$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA'
	110	$ if $severity .ne. 1 then goto exit3
8c197cc5	111	$
c13ee214 RL	112	$ write sys$output "test sslv2 with both client and server authentication via BIO pair"
	113	$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA'
	114	$ if $severity .ne. 1 then goto exit3
	115	$ endif
8c197cc5 UM	116	$
8c197cc5 UM	117	$ write sys$output "test sslv3 via BIO pair"
c13ee214	118	$ 'ssltest' -bio_pair -ssl3
8c197cc5 UM	119	$ if $severity .ne. 1 then goto exit3
	120	$
	121	$ write sys$output "test sslv3 with server authentication via BIO pair"
c13ee214	122	$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
8c197cc5 UM	123	$ if $severity .ne. 1 then goto exit3
	124	$
	125	$ write sys$output "test sslv3 with client authentication via BIO pair"
c13ee214	126	$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
8c197cc5 UM	127	$ if $severity .ne. 1 then goto exit3
	128
	129	$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
c13ee214	130	$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
8c197cc5 UM	131	$ if $severity .ne. 1 then goto exit3
	132	$
	133	$ write sys$output "test sslv2/sslv3 via BIO pair"
c13ee214	134	$ 'ssltest'
8c197cc5 UM	135	$ if $severity .ne. 1 then goto exit3
8c197cc5 UM	136	$
c13ee214 RL	137	$ if .not. dsa_cert
	138	$ then
	139	$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
	140	$ 'ssltest' -bio_pair -no_dhe
	141	$ if $severity .ne. 1 then goto exit3
	142	$ endif
	143	$
	144	$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
	145	$ 'ssltest' -bio_pair -dhe1024dsa -v
82a2d072 RL	146	$ if $severity .ne. 1 then goto exit3
82a2d072 RL	147	$
8c197cc5	148	$ write sys$output "test sslv2/sslv3 with server authentication"
c13ee214	149	$ 'ssltest' -bio_pair -server_auth 'CA'
8c197cc5 UM	150	$ if $severity .ne. 1 then goto exit3
	151	$
	152	$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
c13ee214	153	$ 'ssltest' -bio_pair -client_auth 'CA'
8c197cc5 UM	154	$ if $severity .ne. 1 then goto exit3
	155	$
	156	$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
c13ee214	157	$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
8c197cc5 UM	158	$ if $severity .ne. 1 then goto exit3
8c197cc5 UM	159	$
c13ee214 RL	160	$!###########################################################################
c13ee214 RL	161	$
c13ee214 RL	162	$ set noon
	163	$ define/user sys$output nla0:
	164	$ mcr 'exe_dir'openssl no-rsa
0d3f2ccb RL	165	$ no_rsa=$SEVERITY
	166	$ define/user sys$output nla0:
	167	$ mcr 'exe_dir'openssl no-dh
	168	$ no_dh=$SEVERITY
c13ee214	169	$ set on
0d3f2ccb RL	170	$
	171	$ if no_dh
	172	$ then
	173	$ write sys$output "skipping anonymous DH tests"
	174	$ else
	175	$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
	176	$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
	177	$ if $severity .ne. 1 then goto exit3
	178	$ endif
	179	$
	180	$ if no_rsa
c13ee214 RL	181	$ then
	182	$ write sys$output "skipping RSA tests"
	183	$ else
	184	$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
	185	$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
	186	$ if $severity .ne. 1 then goto exit3
	187	$
0d3f2ccb RL	188	$ if no_dh
	189	$ then
	190	$ write sys$output "skipping RSA+DHE tests"
	191	$ else
	192	$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
	193	$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
	194	$ if $severity .ne. 1 then goto exit3
	195	$ endif
c13ee214 RL	196	$ endif
c13ee214 RL	197	$
7d7d2cbc UM	198	$ RET = 1
	199	$ goto exit
	200	$ exit3:
	201	$ RET = 3
	202	$ exit:
cde245bd	203	$ if p3 .eqs. "" then delete certs.tmp;*
7d7d2cbc	204	$ exit 'RET'