1#! /bin/csh -f 2# 3# run sslViewer on a list of known sites, using sslViewer's 'verify 4# protocol' option. 5# Arguments to this script are passed on to sslViewer unmodified. 6# 7set ARG_LIST = 8while ( $#argv > 0 ) 9 set thisArg = "$argv[1]" 10 set ARG_LIST = "$ARG_LIST $thisArg" 11 shift 12end 13echo Starting verifyPing\; args: $ARG_LIST 14 15# 16# Sites which support all three protocols 17# 18# this flaked out yet agaqin... www.cduniverse.com 19set FULL_TLS_SITES = ( www.amazon.com \ 20 mypage.apple.com \ 21 gmail.google.com ) 22 23# 24# Sites which support SSLv2 and SSLv3 only 25# None known currently 26# 27set FULL_SSL_SITES = 28 29# 30# Sites which support SSLv2 only 31# 32# store.apple.com seems to have been permanently upgraded. 33# 34#set SSLV2_SITES = ( store.apple.com ) 35 36# 37# Sites which support only TLSv1 and SSLv3 38# remote.harpercollins.com asks for a client cert but works if you don't give it one 39# 40set TLS_SSL3_SITES = ( www.thawte.com \ 41 store.apple.com \ 42 digitalid.verisign.com \ 43 www.firstamlink.com \ 44 remote.harpercollins.com \ 45 mbanxonlinebanking.harrisbank.com \ 46 www.sun.com \ 47 directory.umich.edu \ 48 account.authorize.net ) 49 50# 51# Sites which support all three protocols if 'r' option is specified for SSL2 only 52# I.e., these really need to be able to transmit an intermediate cert for us 53# to verify them, and SSLv2 doesn't allow that. 54# 55# 9/24/04 - secure.authorize.net keeps throwing SIGPIPE 56# secure.authorize.net 57# 58# ktt2.keybank.com doesn't seem to be around anymore 59set FULL_TLS_ANYROOT_SITES = ( weblogin.umich.edu ) 60 61# 62# Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert. 63# set TLS_SSL2_SITES = ( directory.umich.edu) 64# 65set TLS_SSL2_SITES = 66 67# SSLv3 only - try with TLSv1 68set SSL3_ONLY_SITES = ( www.verisign.com \ 69 www.cmarket.jp ) 70 71# 72# SSLv3 and TLS with any root set 73# office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks 74# for a client cert 75# 76# 12/14/05 : office.bis.bonn.org is offline 77# 78# set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org ) 79set TLS_SSL3_ANYROOT_SITES = ( ) 80 81# 82# All three protocols. 83# One run with all three protocols using SSLv2-compatible Hello 84# One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello 85# 86foreach site ($FULL_TLS_SITES); 87 $LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1); 88 $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1); 89 $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1); 90end 91 92# 93# SSLv3 only 94# Try with each of 95# TLSv1 w/SSLv2 Hello 96# SSLv3 w/SSLv3 Hello 97# 98foreach site ($SSL3_ONLY_SITES); 99 $LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1); 100 $LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1); 101end 102 103# 104# SSLV2 seems to be obsolete in the real world 105# 106#foreach site ($SSLV2_SITES); 107# $LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1); 108# $LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1); 109#end 110 111# 112# All three protocols, but SSLv2 needs 'any root' 113# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello 114# 115foreach site ($FULL_TLS_ANYROOT_SITES); 116 $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1); 117 $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1); 118 $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1); 119 $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1); 120 $LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1); 121end 122 123# 124# No SSLv2 125# Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello 126# 127foreach site ($TLS_SSL3_SITES); 128 $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1); 129 $LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1); 130 $LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1); 131 $LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1); 132end 133 134# try SSLv3 and expect SSLV2 135foreach site ($TLS_SSL2_SITES); 136 $LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1); 137 $LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1); 138end 139# TLS end SSLv3 with any root 140foreach site ($TLS_SSL3_ANYROOT_SITES); 141 $LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1); 142 $LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1); 143end 144