Cradicle Explorer
darling-security
/ sslViewer / verifyPing
verifyPing
  1  #! /bin/csh -f
  2  #
  3  # run sslViewer on a list of known sites, using sslViewer's 'verify 
  4  # protocol' option.
  5  # Arguments to this script are passed on to sslViewer unmodified.
  6  #
  7  set ARG_LIST = 
  8  while ( $#argv > 0 )
  9  	set thisArg = "$argv[1]"
 10  	set ARG_LIST = "$ARG_LIST $thisArg"
 11  	shift
 12  end
 13  echo Starting verifyPing\; args: $ARG_LIST
 14  
 15  #
 16  # Sites which support all three protocols
 17  #
 18  # this flaked out yet agaqin...   www.cduniverse.com 
 19  set FULL_TLS_SITES = ( www.amazon.com \
 20     mypage.apple.com \
 21     gmail.google.com ) 
 22  
 23  #
 24  # Sites which support SSLv2 and SSLv3 only
 25  # None known currently
 26  #
 27  set FULL_SSL_SITES = 
 28  
 29  #
 30  # Sites which support SSLv2 only
 31  #
 32  # store.apple.com seems to have been permanently upgraded.
 33  #
 34  #set SSLV2_SITES = ( store.apple.com )
 35  
 36  #
 37  # Sites which support only TLSv1 and SSLv3
 38  # remote.harpercollins.com asks for a client cert but works if you don't give it one
 39  #
 40  set TLS_SSL3_SITES = ( www.thawte.com \
 41  	store.apple.com \
 42  	digitalid.verisign.com \
 43  	www.firstamlink.com \
 44  	remote.harpercollins.com \
 45  	mbanxonlinebanking.harrisbank.com \
 46  	www.sun.com \
 47  	directory.umich.edu \
 48  	account.authorize.net )
 49  
 50  #
 51  # Sites which support all three protocols if 'r' option is specified for SSL2 only
 52  # I.e., these really need to be able to transmit an intermediate cert for us
 53  # to verify them, and SSLv2 doesn't allow that. 
 54  #
 55  # 9/24/04 - secure.authorize.net keeps throwing SIGPIPE
 56  # secure.authorize.net
 57  # 
 58  # ktt2.keybank.com doesn't seem to be around anymore
 59  set FULL_TLS_ANYROOT_SITES = ( weblogin.umich.edu )
 60  
 61  #
 62  # Here's one which supports TLSv1 and SSLv2 only (!). It tests the Entrust root cert.
 63  # set TLS_SSL2_SITES = ( directory.umich.edu)
 64  #
 65  set TLS_SSL2_SITES = 
 66  
 67  # SSLv3 only - try with TLSv1 
 68  set SSL3_ONLY_SITES = ( www.verisign.com \
 69  	www.cmarket.jp )
 70  
 71  #
 72  # SSLv3 and TLS with any root set
 73  # office.bis.bonn.org sends a huge pile of certs per radar 3859283 and also asks
 74  # for a client cert
 75  #
 76  # 12/14/05 : office.bis.bonn.org is offline
 77  #
 78  # set TLS_SSL3_ANYROOT_SITES = ( office.bis.bonn.org )
 79  set TLS_SSL3_ANYROOT_SITES = (  )
 80  
 81  #
 82  # All three protocols.
 83  # One run with all three protocols using SSLv2-compatible Hello
 84  # One run for each of TLSv1 and SSLv3 ONLY using SLSv3 Hello
 85  #
 86  foreach site ($FULL_TLS_SITES);
 87  	$LOCAL_BUILD_DIR/sslViewer $site v L $ARG_LIST || exit(1);
 88  	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
 89  	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
 90  end
 91  
 92  # 
 93  # SSLv3 only
 94  # Try with each of 
 95  # TLSv1 w/SSLv2 Hello
 96  # SSLv3 w/SSLv3 Hello
 97  #
 98  foreach site ($SSL3_ONLY_SITES);
 99  	$LOCAL_BUILD_DIR/sslViewer $site v t m=3 $ARG_LIST || exit(1);
100  	$LOCAL_BUILD_DIR/sslViewer $site v o 3 $ARG_LIST || exit(1);
101  end
102  
103  #
104  # SSLV2 seems to be obsolete in the real world
105  #
106  #foreach site ($SSLV2_SITES);
107  #	$LOCAL_BUILD_DIR/sslViewer $site m=2 $ARG_LIST || exit(1);
108  #	$LOCAL_BUILD_DIR/sslViewer $site 2 v $ARG_LIST || exit(1);
109  #end
110  
111  #
112  # All three protocols, but SSLv2 needs 'any root'
113  # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
114  #
115  foreach site ($FULL_TLS_ANYROOT_SITES);
116  	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
117  	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
118  	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
119  	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
120  	$LOCAL_BUILD_DIR/sslViewer $site v 2 r $ARG_LIST || exit(1);
121  end
122  
123  #
124  # No SSLv2
125  # Test TLSv1 and SSLv3 with both SSLv3 and SSLv2 Hello
126  #
127  foreach site ($TLS_SSL3_SITES);
128  	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
129  	$LOCAL_BUILD_DIR/sslViewer $site v t o $ARG_LIST || exit(1);
130  	$LOCAL_BUILD_DIR/sslViewer $site v 3 $ARG_LIST || exit(1);
131  	$LOCAL_BUILD_DIR/sslViewer $site v 3 o $ARG_LIST || exit(1);
132  end
133  
134  # try SSLv3 and expect SSLV2
135  foreach site ($TLS_SSL2_SITES);
136  	$LOCAL_BUILD_DIR/sslViewer $site v t $ARG_LIST || exit(1);
137  	$LOCAL_BUILD_DIR/sslViewer $site v 3 m=2 $ARG_LIST || exit(1);
138  end
139  # TLS end SSLv3 with any root
140  foreach site ($TLS_SSL3_ANYROOT_SITES);
141  	$LOCAL_BUILD_DIR/sslViewer $site v t r $ARG_LIST || exit(1);
142  	$LOCAL_BUILD_DIR/sslViewer $site v 3 r $ARG_LIST || exit(1);
143  end