[thirdparty/openssl.git] / test / testssl.com

$! TESTSSL.COM
$
$	__arch = "VAX"
$	if f$getsyi("cpu") .ge. 128 then -
	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$	if __arch .eqs. "" then __arch = "UNK"
$!
$	if (p4 .eqs. "64") then __arch = __arch+ "_64"
$!
$	texe_dir = "sys$disk:[-.''__arch'.exe.test]"
$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$	if p1 .eqs. ""
$	then
$	    key="[-.apps]server.pem"
$	else
$	    key=p1
$	endif
$	if p2 .eqs. ""
$	then
$	    cert="[-.apps]server.pem"
$	else
$	    cert=p2
$	endif
$	ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
	 " -cert ''cert' -c_key ''key' -c_cert ''cert'"
$!
$	set noon
$	define/user sys$output testssl-x509-output.
$	define/user sys$error nla0:
$	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
$	define/user sys$error nla0:
$	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
$	if $severity .eq. 1
$	then
$	    dsa_cert = "YES"
$	else
$	    dsa_cert = "NO"
$	endif
$	delete testssl-x509-output.;*
$
$	if p3 .eqs. ""
$	then
$	    copy/concatenate [-.certs]*.pem certs.tmp
$	    CA = """-CAfile"" certs.tmp"
$	else
$	    CA = """-CAfile"" "+p3
$	endif
$
$!###########################################################################
$
$	write sys$output "test sslv3"
$	'ssltest' -ssl3
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with server authentication"
$	'ssltest' -ssl3 -server_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with client authentication"
$	'ssltest' -ssl3 -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with both client and server authentication"
$	'ssltest' -ssl3 -server_auth -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3"
$	'ssltest'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with server authentication"
$	'ssltest' -server_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with client authentication"
$	'ssltest' -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with both client and server authentication"
$	'ssltest' -server_auth -client_auth 'CA'
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 via BIO pair"
$	'ssltest' -bio_pair -ssl3 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with server authentication via BIO pair"
$	'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv3 with client authentication via BIO pair"
$	'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
 
$	write sys$output "test sslv3 with both client and server authentication via BIO pair"
$	'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 via BIO pair"
$	'ssltest' 
$	if $severity .ne. 1 then goto exit3
$
$	if .not. dsa_cert
$	then
$	    write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
$	    'ssltest' -bio_pair -no_dhe
$	    if $severity .ne. 1 then goto exit3
$	endif
$
$	write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
$	'ssltest' -bio_pair -dhe1024dsa -v
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with server authentication"
$	'ssltest' -bio_pair -server_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
$	'ssltest' -bio_pair -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
$	'ssltest' -bio_pair -server_auth -client_auth 'CA' 
$	if $severity .ne. 1 then goto exit3
$
$!###########################################################################
$
$	define/user sys$output nla0:
$	mcr 'exe_dir'openssl no-rsa
$	no_rsa=$SEVERITY
$	define/user sys$output nla0:
$	mcr 'exe_dir'openssl no-dh
$	no_dh=$SEVERITY
$
$	if no_dh
$	then
$	    write sys$output "skipping anonymous DH tests"
$	else
$	    write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
$	    'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
$	    if $severity .ne. 1 then goto exit3
$	endif
$
$	if no_rsa
$	then
$	    write sys$output "skipping RSA tests"
$	else
$	    write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
$	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
$	    if $severity .ne. 1 then goto exit3
$
$	    if no_dh
$	    then
$		write sys$output "skipping RSA+DHE tests"
$	    else
$		write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
$		mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
$		if $severity .ne. 1 then goto exit3
$	    endif
$	endif
$
$	RET = 1
$	goto exit
$ exit3:
$	RET = 3
$ exit:
$	if p3 .eqs. "" then delete certs.tmp;*
$	set on
$	exit 'RET'
Commit	Line	Data
7d7d2cbc UM	1	$! TESTSSL.COM
7d7d2cbc UM	2	$
537c9823	3	$ __arch = "VAX"
cc8cc9a3	4	$ if f$getsyi("cpu") .ge. 128 then -
407a4101	5	__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
537c9823 RL	6	$ if __arch .eqs. "" then __arch = "UNK"
	7	$!
	8	$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
	9	$!
	10	$ texe_dir = "sys$disk:[-.''__arch'.exe.test]"
	11	$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
c13ee214 RL	12	$
	13	$ if p1 .eqs. ""
	14	$ then
	15	$ key="[-.apps]server.pem"
	16	$ else
	17	$ key=p1
	18	$ endif
	19	$ if p2 .eqs. ""
	20	$ then
	21	$ cert="[-.apps]server.pem"
	22	$ else
	23	$ cert=p2
	24	$ endif
537c9823 RL	25	$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
	26	" -cert ''cert' -c_key ''key' -c_cert ''cert'"
	27	$!
908df4d0	28	$ set noon
cde245bd	29	$ define/user sys$output testssl-x509-output.
c13ee214 RL	30	$ define/user sys$error nla0:
c13ee214 RL	31	$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
c13ee214	32	$ define/user sys$error nla0:
cde245bd	33	$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
c13ee214 RL	34	$ if $severity .eq. 1
c13ee214 RL	35	$ then
537c9823	36	$ dsa_cert = "YES"
c13ee214	37	$ else
537c9823	38	$ dsa_cert = "NO"
c13ee214	39	$ endif
cde245bd	40	$ delete testssl-x509-output.;*
c13ee214 RL	41	$
	42	$ if p3 .eqs. ""
	43	$ then
	44	$ copy/concatenate [-.certs]*.pem certs.tmp
	45	$ CA = """-CAfile"" certs.tmp"
	46	$ else
	47	$ CA = """-CAfile"" "+p3
	48	$ endif
	49	$
	50	$!###########################################################################
7d7d2cbc	51	$
7d7d2cbc	52	$ write sys$output "test sslv3"
c13ee214	53	$ 'ssltest' -ssl3
7d7d2cbc UM	54	$ if $severity .ne. 1 then goto exit3
	55	$
	56	$ write sys$output "test sslv3 with server authentication"
c13ee214	57	$ 'ssltest' -ssl3 -server_auth 'CA'
7d7d2cbc UM	58	$ if $severity .ne. 1 then goto exit3
	59	$
	60	$ write sys$output "test sslv3 with client authentication"
c13ee214	61	$ 'ssltest' -ssl3 -client_auth 'CA'
7d7d2cbc UM	62	$ if $severity .ne. 1 then goto exit3
	63	$
	64	$ write sys$output "test sslv3 with both client and server authentication"
c13ee214	65	$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
7d7d2cbc UM	66	$ if $severity .ne. 1 then goto exit3
	67	$
	68	$ write sys$output "test sslv2/sslv3"
c13ee214	69	$ 'ssltest'
7d7d2cbc UM	70	$ if $severity .ne. 1 then goto exit3
	71	$
	72	$ write sys$output "test sslv2/sslv3 with server authentication"
c13ee214	73	$ 'ssltest' -server_auth 'CA'
7d7d2cbc UM	74	$ if $severity .ne. 1 then goto exit3
	75	$
	76	$ write sys$output "test sslv2/sslv3 with client authentication"
c13ee214	77	$ 'ssltest' -client_auth 'CA'
7d7d2cbc UM	78	$ if $severity .ne. 1 then goto exit3
	79	$
	80	$ write sys$output "test sslv2/sslv3 with both client and server authentication"
c13ee214	81	$ 'ssltest' -server_auth -client_auth 'CA'
7d7d2cbc UM	82	$ if $severity .ne. 1 then goto exit3
7d7d2cbc UM	83	$
8c197cc5	84	$ write sys$output "test sslv3 via BIO pair"
c13ee214	85	$ 'ssltest' -bio_pair -ssl3
8c197cc5 UM	86	$ if $severity .ne. 1 then goto exit3
	87	$
	88	$ write sys$output "test sslv3 with server authentication via BIO pair"
c13ee214	89	$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
8c197cc5 UM	90	$ if $severity .ne. 1 then goto exit3
	91	$
	92	$ write sys$output "test sslv3 with client authentication via BIO pair"
c13ee214	93	$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
8c197cc5 UM	94	$ if $severity .ne. 1 then goto exit3
	95
	96	$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
c13ee214	97	$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
8c197cc5 UM	98	$ if $severity .ne. 1 then goto exit3
	99	$
	100	$ write sys$output "test sslv2/sslv3 via BIO pair"
c13ee214	101	$ 'ssltest'
8c197cc5 UM	102	$ if $severity .ne. 1 then goto exit3
8c197cc5 UM	103	$
c13ee214 RL	104	$ if .not. dsa_cert
	105	$ then
	106	$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
	107	$ 'ssltest' -bio_pair -no_dhe
	108	$ if $severity .ne. 1 then goto exit3
	109	$ endif
	110	$
	111	$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
	112	$ 'ssltest' -bio_pair -dhe1024dsa -v
82a2d072 RL	113	$ if $severity .ne. 1 then goto exit3
82a2d072 RL	114	$
8c197cc5	115	$ write sys$output "test sslv2/sslv3 with server authentication"
c13ee214	116	$ 'ssltest' -bio_pair -server_auth 'CA'
8c197cc5 UM	117	$ if $severity .ne. 1 then goto exit3
	118	$
	119	$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
c13ee214	120	$ 'ssltest' -bio_pair -client_auth 'CA'
8c197cc5 UM	121	$ if $severity .ne. 1 then goto exit3
	122	$
	123	$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
c13ee214	124	$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
8c197cc5 UM	125	$ if $severity .ne. 1 then goto exit3
8c197cc5 UM	126	$
c13ee214 RL	127	$!###########################################################################
c13ee214 RL	128	$
c13ee214 RL	129	$ define/user sys$output nla0:
c13ee214 RL	130	$ mcr 'exe_dir'openssl no-rsa
0d3f2ccb RL	131	$ no_rsa=$SEVERITY
	132	$ define/user sys$output nla0:
	133	$ mcr 'exe_dir'openssl no-dh
	134	$ no_dh=$SEVERITY
0d3f2ccb RL	135	$
	136	$ if no_dh
	137	$ then
	138	$ write sys$output "skipping anonymous DH tests"
	139	$ else
	140	$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
	141	$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
	142	$ if $severity .ne. 1 then goto exit3
	143	$ endif
	144	$
	145	$ if no_rsa
c13ee214 RL	146	$ then
	147	$ write sys$output "skipping RSA tests"
	148	$ else
	149	$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
	150	$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
	151	$ if $severity .ne. 1 then goto exit3
	152	$
0d3f2ccb RL	153	$ if no_dh
	154	$ then
	155	$ write sys$output "skipping RSA+DHE tests"
	156	$ else
	157	$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
	158	$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
	159	$ if $severity .ne. 1 then goto exit3
	160	$ endif
c13ee214 RL	161	$ endif
c13ee214 RL	162	$
7d7d2cbc UM	163	$ RET = 1
	164	$ goto exit
	165	$ exit3:
	166	$ RET = 3
	167	$ exit:
cde245bd	168	$ if p3 .eqs. "" then delete certs.tmp;*
908df4d0	169	$ set on
7d7d2cbc	170	$ exit 'RET'