Cross Reference: /macosx-10.10/Security-57031.1.35/SecurityTests/clxutils/sslViewer/verifyPing

#! /bin/csh -f
#
# run sslViewer on a list of known sites, using sslViewer's 'verify
# protocol' option.
# Arguments to this script are passed on to sslViewer unmodified.
#
set ARG_LIST =
while ( $#argv > 0 )
	set thisArg = "$argv[1]"
	set ARG_LIST = "$ARG_LIST $thisArg"
	shift
end
echo Starting verifyPing\; args: $ARG_LIST

#
# Sites which support all three protocols
#
# this flaked out yet agaqin...   www.cduniverse.com
# amazon v2 sends a cert which requires an intermediate
set FULL_TLS_SITES = ( mypage.apple.com \
   gmail.google.com )

#
# Sites which support SSLv2 and SSLv3 only
# None known currently
#
set FULL_SSL_SITES =

#
# Sites which support SSLv2 only
#
# store.apple.com seems to have been permanently upgraded.
#
#set SSLV2_SITES = ( store.apple.com )

#
# Sites which support only TLSv1 and SSLv3
# remote.harpercollins.com asks for a client cert but works if you don't give it one
#
set TLS_SSL3_SITES = ( www.thawte.com \
	store.apple.com \
	digitalid.verisign.com \
	www.firstamlink.com \
    remote.harpercollins.com \
	mbanxonlinebanking.harrisbank.com \
	directory.umich.edu \
	weblogin.umich.edu \
	www.sun.com )

#
# Sites which support all three protocols if 'r' option is specified for SSL2 only
# I.e., these really need to be able to transmit an intermediate cert for us
# to verify them, and SSLv2 doesn't allow that.
#
# 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
# secure.authorize.net
#
set FULL_TLS_ANYROOT_SITES = ( www.amazon.com \
    accounts.key.com \
	account.authorize.net )

#
# Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
# set TLS_SSL2_SITES = ( directory.umich.edu)
#
set TLS_SSL2_SITES =

# SSLv3 only - try with TLSv1
set SSL3_ONLY_SITES = ( www.verisign.com \
	www.cmarket.jp )

#
# SSLv3 and TLS with any root set
# office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
# for a client cert
#
# 12/14/05 : office.bis.bonn.org is offline
#
# set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
set TLS_SSL3_ANYROOT_SITES = (  )

#
# All three protocols.
# One run with all three protocols using SSLv2-compatible Hello
# One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
#
foreach site ($FULL_TLS_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
end

#
# SSLv3 only
# Try with each of
# TLSv1 w/SSLv2 Hello
# SSLv3 w/SSLv3 Hello
#
foreach site ($SSL3_ONLY_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
end

#
# SSLV2 seems to be obsolete in the real world
#
#foreach site ($SSLV2_SITES);
#	$LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
#	$LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
#end

#
# All three protocols, but SSLv2 needs 'any root'
# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
#
foreach site ($FULL_TLS_ANYROOT_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
end

#
# No SSLv2
# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
#
foreach site ($TLS_SSL3_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
end

# try SSLv3 and expect SSLV2
foreach site ($TLS_SSL2_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
end
# TLS end SSLv3 with any root
foreach site ($TLS_SSL3_ANYROOT_SITES);
	$LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
	$LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
end