protClient   [plain text]

#! /bin/csh -f
#
# run client side of SSL protocol version test. Run this script
# after starting protServe script.
#
#set SSL_NEWROOT=newcert.cer
set SSL_NEWROOT=localcert.cer
#
# set allow hostname spoof for use with numeric IP address (e.g., 10.0.61.6)
# if the server cert doesn't have a subjectAltName.
#
#set NAME_SPOOF=H
set NAME_SPOOF=
#
# In SSL_AUTO mode, we wait SSL_WAIT seconds between runs of sslServer from
# the protServe script to allow the sslServer to get initialized. 
# Otherwise we wait manually via the sh script doprompt.
#
set SSL_AUTO=0
#
set SSL_HOST=localhost
set QUIET=
while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case a:
            set SSL_AUTO = 1
            shift
            breaksw
        case q:
            set QUIET = q
            shift
            breaksw
        default:
            echo 'Usage: protClient [a(auto)]'
            exit(1)
    endsw
end
#
# options for every run of sslViewer
#
set STD_OPTS="$SSL_HOST a $SSL_NEWROOT $NAME_SPOOF"

echo ===== unrestricted server via SSLSetProtocolVersion
set SSL_PORT=1200
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)

doprompt $SSL_AUTO $QUIET

echo ===== server restricted to SSL2,3 via SSLSetProtocolVersion
set SSL_PORT=1201
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
	$STD_OPTS P=$SSL_PORT t o || exit(1)
runProtClient $QUIET e "Expect error due to server ssl3 restriction" \
	$STD_OPTS P=$SSL_PORT g=t || exit(1)
	
doprompt $SSL_AUTO $QUIET

echo ===== server restricted to SSL2 via SSLSetProtocolVersion
set SSL_PORT=1202
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=2 || exit(1)
runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
	$STD_OPTS P=$SSL_PORT t o || exit(1)
runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
	$STD_OPTS P=$SSL_PORT 3 o || exit(1)
runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
	$STD_OPTS P=$SSL_PORT g=3t || exit(1)
runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
	$STD_OPTS P=$SSL_PORT g=t || exit(1)
runProtClient $QUIET e "Expect error due to server ssl2 restriction" \
	$STD_OPTS P=$SSL_PORT g=3 || exit(1)

doprompt $SSL_AUTO $QUIET

echo ===== unrestricted server via SSLSetProtocolVersionEnabled
set SSL_PORT=1203

runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)

doprompt $SSL_AUTO $QUIET

echo ===== server restricted to SSL3, TLS1 via SSLSetProtocolVersionEnabled
set SSL_PORT=1204
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT t o m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=2t m=t || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
	$STD_OPTS P=$SSL_PORT 2 || exit(1)
runProtClient $QUIET e "Expect error due to server SSL3,TLS1 restriction " \
	$STD_OPTS P=$SSL_PORT g=2 || exit(1)

doprompt $SSL_AUTO $QUIET

echo ===== server restricted to SSL2,3 via SSLSetProtocolVersionEnabled
set SSL_PORT=1205

runProtClient $QUIET $STD_OPTS P=$SSL_PORT t m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 3 o m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT 2 m=2 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23t m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=23 m=3 || exit(1)
runProtClient $QUIET $STD_OPTS P=$SSL_PORT g=3 m=3 || exit(1)
#
# Odd case, we try for TLS1, server should respond with 3, which 
# we don't support
runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
	$STD_OPTS P=$SSL_PORT g=2t || exit(1)
runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
	$STD_OPTS P=$SSL_PORT t o || exit(1)
runProtClient $QUIET e "Expect error due to server SSL2,3 restriction" \
	$STD_OPTS P=$SSL_PORT g=t || exit(1)

echo =====
echo ===== protClient success
echo =====