$! TESTSSL.COM $ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ texe_dir := sys$disk:[-.'__arch'.exe.test] $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ if p1 .eqs. "" $ then $ key="[-.apps]server.pem" $ else $ key=p1 $ endif $ if p2 .eqs. "" $ then $ cert="[-.apps]server.pem" $ else $ cert=p2 $ endif $ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' $ $ define/user sys$output testssl-x509-output. $ define/user sys$error nla0: $ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout $ set noon $ define/user sys$error nla0: $ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact $ if $severity .eq. 1 $ then $ dsa_cert := YES $ else $ dsa_cert := NO $ endif $ set on $ delete testssl-x509-output.;* $ $ if p3 .eqs. "" $ then $ copy/concatenate [-.certs]*.pem certs.tmp $ CA = """-CAfile"" certs.tmp" $ else $ CA = """-CAfile"" "+p3 $ endif $ $!########################################################################### $ $ write sys$output "test sslv2" $ 'ssltest' -ssl2 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with server authentication" $ 'ssltest' -ssl2 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ if .not. dsa_cert $ then $ write sys$output "test sslv2 with client authentication" $ 'ssltest' -ssl2 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with both client and server authentication" $ 'ssltest' -ssl2 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ endif $ $ write sys$output "test sslv3" $ 'ssltest' -ssl3 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with server authentication" $ 'ssltest' -ssl3 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with client authentication" $ 'ssltest' -ssl3 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with both client and server authentication" $ 'ssltest' -ssl3 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3" $ 'ssltest' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with server authentication" $ 'ssltest' -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with client authentication" $ 'ssltest' -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with both client and server authentication" $ 'ssltest' -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 via BIO pair" $ 'ssltest' -bio_pair -ssl2 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with server authentication via BIO pair" $ 'ssltest' -bio_pair -ssl2 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ if .not. dsa_cert $ then $ write sys$output "test sslv2 with client authentication via BIO pair" $ 'ssltest' -bio_pair -ssl2 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with both client and server authentication via BIO pair" $ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ endif $ $ write sys$output "test sslv3 via BIO pair" $ 'ssltest' -bio_pair -ssl3 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with server authentication via BIO pair" $ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with client authentication via BIO pair" $ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ write sys$output "test sslv3 with both client and server authentication via BIO pair" $ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 via BIO pair" $ 'ssltest' $ if $severity .ne. 1 then goto exit3 $ $ if .not. dsa_cert $ then $ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" $ 'ssltest' -bio_pair -no_dhe $ if $severity .ne. 1 then goto exit3 $ endif $ $ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" $ 'ssltest' -bio_pair -dhe1024dsa -v $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with server authentication" $ 'ssltest' -bio_pair -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" $ 'ssltest' -bio_pair -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" $ 'ssltest' -bio_pair -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $!########################################################################### $ $ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ no_rsa=$SEVERITY $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-dh $ no_dh=$SEVERITY $ set on $ $ if no_dh $ then $ write sys$output "skipping anonymous DH tests" $ else $ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" $ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time $ if $severity .ne. 1 then goto exit3 $ endif $ $ if no_rsa $ then $ write sys$output "skipping RSA tests" $ else $ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time $ if $severity .ne. 1 then goto exit3 $ $ if no_dh $ then $ write sys$output "skipping RSA+DHE tests" $ else $ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time $ if $severity .ne. 1 then goto exit3 $ endif $ endif $ $ RET = 1 $ goto exit $ exit3: $ RET = 3 $ exit: $ if p3 .eqs. "" then delete certs.tmp;* $ exit 'RET'