1$! TESTSSL.COM 2$ 3$ __arch := VAX 4$ if f$getsyi("cpu") .ge. 128 then __arch := AXP 5$ texe_dir := sys$disk:[-.'__arch'.exe.test] 6$ exe_dir := sys$disk:[-.'__arch'.exe.apps] 7$ 8$ if p1 .eqs. "" 9$ then 10$ key="[-.apps]server.pem" 11$ else 12$ key=p1 13$ endif 14$ if p2 .eqs. "" 15$ then 16$ cert="[-.apps]server.pem" 17$ else 18$ cert=p2 19$ endif 20$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' 21$ 22$ define/user sys$output testssl-x509-output. 23$ define/user sys$error nla0: 24$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout 25$ set noon 26$ define/user sys$error nla0: 27$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact 28$ if $severity .eq. 1 29$ then 30$ dsa_cert := YES 31$ else 32$ dsa_cert := NO 33$ endif 34$ set on 35$ delete testssl-x509-output.;* 36$ 37$ if p3 .eqs. "" 38$ then 39$ copy/concatenate [-.certs]*.pem certs.tmp 40$ CA = """-CAfile"" certs.tmp" 41$ else 42$ CA = """-CAfile"" "+p3 43$ endif 44$ 45$!########################################################################### 46$ 47$ write sys$output "test sslv2" 48$ 'ssltest' -ssl2 49$ if $severity .ne. 1 then goto exit3 50$ 51$ write sys$output "test sslv2 with server authentication" 52$ 'ssltest' -ssl2 -server_auth 'CA' 53$ if $severity .ne. 1 then goto exit3 54$ 55$ if .not. dsa_cert 56$ then 57$ write sys$output "test sslv2 with client authentication" 58$ 'ssltest' -ssl2 -client_auth 'CA' 59$ if $severity .ne. 1 then goto exit3 60$ 61$ write sys$output "test sslv2 with both client and server authentication" 62$ 'ssltest' -ssl2 -server_auth -client_auth 'CA' 63$ if $severity .ne. 1 then goto exit3 64$ endif 65$ 66$ write sys$output "test sslv3" 67$ 'ssltest' -ssl3 68$ if $severity .ne. 1 then goto exit3 69$ 70$ write sys$output "test sslv3 with server authentication" 71$ 'ssltest' -ssl3 -server_auth 'CA' 72$ if $severity .ne. 1 then goto exit3 73$ 74$ write sys$output "test sslv3 with client authentication" 75$ 'ssltest' -ssl3 -client_auth 'CA' 76$ if $severity .ne. 1 then goto exit3 77$ 78$ write sys$output "test sslv3 with both client and server authentication" 79$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' 80$ if $severity .ne. 1 then goto exit3 81$ 82$ write sys$output "test sslv2/sslv3" 83$ 'ssltest' 84$ if $severity .ne. 1 then goto exit3 85$ 86$ write sys$output "test sslv2/sslv3 with server authentication" 87$ 'ssltest' -server_auth 'CA' 88$ if $severity .ne. 1 then goto exit3 89$ 90$ write sys$output "test sslv2/sslv3 with client authentication" 91$ 'ssltest' -client_auth 'CA' 92$ if $severity .ne. 1 then goto exit3 93$ 94$ write sys$output "test sslv2/sslv3 with both client and server authentication" 95$ 'ssltest' -server_auth -client_auth 'CA' 96$ if $severity .ne. 1 then goto exit3 97$ 98$ write sys$output "test sslv2 via BIO pair" 99$ 'ssltest' -bio_pair -ssl2 100$ if $severity .ne. 1 then goto exit3 101$ 102$ write sys$output "test sslv2 with server authentication via BIO pair" 103$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA' 104$ if $severity .ne. 1 then goto exit3 105$ 106$ if .not. dsa_cert 107$ then 108$ write sys$output "test sslv2 with client authentication via BIO pair" 109$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA' 110$ if $severity .ne. 1 then goto exit3 111$ 112$ write sys$output "test sslv2 with both client and server authentication via BIO pair" 113$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 114$ if $severity .ne. 1 then goto exit3 115$ endif 116$ 117$ write sys$output "test sslv3 via BIO pair" 118$ 'ssltest' -bio_pair -ssl3 119$ if $severity .ne. 1 then goto exit3 120$ 121$ write sys$output "test sslv3 with server authentication via BIO pair" 122$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' 123$ if $severity .ne. 1 then goto exit3 124$ 125$ write sys$output "test sslv3 with client authentication via BIO pair" 126$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' 127$ if $severity .ne. 1 then goto exit3 128 129$ write sys$output "test sslv3 with both client and server authentication via BIO pair" 130$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 131$ if $severity .ne. 1 then goto exit3 132$ 133$ write sys$output "test sslv2/sslv3 via BIO pair" 134$ 'ssltest' 135$ if $severity .ne. 1 then goto exit3 136$ 137$ if .not. dsa_cert 138$ then 139$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" 140$ 'ssltest' -bio_pair -no_dhe 141$ if $severity .ne. 1 then goto exit3 142$ endif 143$ 144$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" 145$ 'ssltest' -bio_pair -dhe1024dsa -v 146$ if $severity .ne. 1 then goto exit3 147$ 148$ write sys$output "test sslv2/sslv3 with server authentication" 149$ 'ssltest' -bio_pair -server_auth 'CA' 150$ if $severity .ne. 1 then goto exit3 151$ 152$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" 153$ 'ssltest' -bio_pair -client_auth 'CA' 154$ if $severity .ne. 1 then goto exit3 155$ 156$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" 157$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' 158$ if $severity .ne. 1 then goto exit3 159$ 160$!########################################################################### 161$ 162$ set noon 163$ define/user sys$output nla0: 164$ mcr 'exe_dir'openssl no-rsa 165$ no_rsa=$SEVERITY 166$ define/user sys$output nla0: 167$ mcr 'exe_dir'openssl no-dh 168$ no_dh=$SEVERITY 169$ set on 170$ 171$ if no_dh 172$ then 173$ write sys$output "skipping anonymous DH tests" 174$ else 175$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" 176$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time 177$ if $severity .ne. 1 then goto exit3 178$ endif 179$ 180$ if no_rsa 181$ then 182$ write sys$output "skipping RSA tests" 183$ else 184$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" 185$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time 186$ if $severity .ne. 1 then goto exit3 187$ 188$ if no_dh 189$ then 190$ write sys$output "skipping RSA+DHE tests" 191$ else 192$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" 193$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time 194$ if $severity .ne. 1 then goto exit3 195$ endif 196$ endif 197$ 198$ RET = 1 199$ goto exit 200$ exit3: 201$ RET = 3 202$ exit: 203$ if p3 .eqs. "" then delete certs.tmp;* 204$ exit 'RET' 205