Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 6ab36414 编写于 作者: R Rich Salz 提交者: Rich Salz
浏览文件
操作

Remove some old files. 

I read the PROBLEMS, and they're outdated; nothing I'd put in the
online FAQ, for example.  Test-builds work without using these files.
Had to remove the rehash.time stuff from Makefile.in
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 b23238f9
展开全部 隐藏空白更改
内联 并排
Showing with 5 addition and 4048 deletion
Configurations/descrip.mms.tmpl
浏览文件 @ 6ab36414
......@@ -217,7 +217,7 @@ build_tests_nodep : $(TESTPROGS)
test tests : configdata.pm, -
build_apps_nodep, build_engines_nodep, build_tests_nodep, -
depend, rehash
depend
SET DEFAULT [.test]{- move("test") -}
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
......@@ -384,16 +384,6 @@ check_INSTALLTOP :
# Helper targets #####################################################
rehash : copy-certs, build_apps_nodep
!MCR [.apps]openssl.exe rehash {- builddir("certs", "demo") -}
$(PERL) [.tools]c_rehash. [.certs.demo]
copy-certs :
@ IF F$SEARCH("{- buildfile("certs.dir") -}") .EQS. "" THEN -
CREATE/DIR {- builddir("certs") -}
-@ IF "{- sourcedir("certs") -}" .NES. "{- builddir("certs") -}" THEN -
COPY {- tree(sourcedir("certs")) -}*.* {- tree(builddir("certs")) -}
# Developer targets ##################################################
debug_logicals :
......
Configurations/unix-Makefile.tmpl
浏览文件 @ 6ab36414
......@@ -211,7 +211,7 @@ build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
build_tests: configdata.pm build_tests_nodep depend
build_tests_nodep: $(TESTPROGS)
test tests: build_tests_nodep build_apps_nodep build_engines_nodep depend rehash
test tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
( cd test; \
SRCTOP=../$(SRCDIR) \
BLDTOP=../$(BLDDIR) \
......@@ -242,7 +242,7 @@ clean: libclean
rm -f $(PROGRAMS) $(TESTPROGS)
rm -f `find $(BLDDIR) -name '*{- $depext -}'`
rm -f `find $(BLDDIR) -name '*{- $objext -}'`
rm -f $(BLDDIR)/core $(BLDDIR)/rehash.time
rm -f $(BLDDIR)/core
rm -f $(BLDDIR)/tags $(BLDDIR)/TAGS
rm -f $(BLDDIR)/openssl.pc $(BLDDIR)/libcrypto.pc $(BLDDIR)/libssl.pc
-rm -f `find $(BLDDIR) -type l`
......@@ -693,17 +693,6 @@ dist:
# Helper targets #####################################################
rehash: link-utils copy-certs build_apps_nodep
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="$(BLDDIR)/util/shlib_wrap.sh apps/openssl"; \
[ -x "$(BLDDIR)/openssl.exe" ] && OPENSSL="$(BLDDIR)/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; OPENSSL_CONF=/dev/null ; \
export OPENSSL OPENSSL_DEBUG_MEMORY OPENSSL_CONF; \
$$OPENSSL rehash certs/demo \
|| $(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/shlib_wrap.sh
$(BLDDIR)/util/opensslwrap.sh: configdata.pm
......@@ -717,11 +706,6 @@ $(BLDDIR)/util/shlib_wrap.sh: configdata.pm
ln -sf "../$(SRCDIR)/util/shlib_wrap.sh" "$(BLDDIR)/util"; \
fi
copy-certs: FORCE
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
cp -R "$(SRCDIR)/certs" "$(BLDDIR)/"; \
fi
$(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf
$(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \
< $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf
......
GitConfigure 已删除 100755 → 0
浏览文件 @ b23238f9
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
./Configure $@
make files
util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
MAKE=make
which bsdmake > /dev/null && MAKE=bsdmake
$MAKE -f makefile.$BRANCH init
GitMake 已删除 100755 → 0
浏览文件 @ b23238f9
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
MAKE=make
which bsdmake > /dev/null && MAKE=bsdmake
$MAKE -f makefile.$BRANCH $@
Makefile.in
浏览文件 @ 6ab36414
......@@ -451,7 +451,7 @@ libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f */*/*.o */*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
rm -f */*/*.o */*.o *.o core a.out fluff testlog make.log cctest cctest.c
rm -rf *.bak certs/.0
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS) tags TAGS
......@@ -471,22 +471,9 @@ gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
rehash: rehash.time
rehash.time: certs build_apps build_tools
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; OPENSSL_CONF=/dev/null ; \
export OPENSSL OPENSSL_DEBUG_MEMORY OPENSSL_CONF; \
$$OPENSSL rehash certs/demo \
|| $(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: files tests
tests: build_tests rehash
tests: build_tests
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
@if [ -z "$(CROSS_COMPILE)" ]; then \
......
PROBLEMS 已删除 100644 → 0
浏览文件 @ b23238f9
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
NOTE: The problem described here only applies when OpenSSL isn't built
with shared library support (i.e. without the "shared" configuration
option). If you build with shared library support, you will have no
problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
This is really a misfeature in ld, which seems to look for .dylib libraries
along the whole library path before it bothers looking for .a libraries. This
means that -L switches won't matter unless OpenSSL is built with shared
library support.
The workaround may be to change the following lines in apps/Makefile and
test/Makefile:
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
to:
LIBCRYPTO=../libcrypto.a
LIBSSL=../libssl.a
It's possible that something similar is needed for shared library support
as well. That hasn't been well tested yet.
Another solution that many seem to recommend is to move the libraries
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
directory, build and install OpenSSL and anything that depends on your
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
original places. Note that the version numbers on those two libraries
may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
passing -Wl,-search_paths_first, but it's unknown if the flag was
supported from the initial MacOS X release.
* Parallell make leads to errors
While running tests, running a parallell make is a bad idea. Many test
scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallel make when testing.
* Bugs in gcc triggered
- According to a problem report, there are bugs in gcc 3.0 that are
triggered by some of the code in OpenSSL, more specifically in
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
What happens is that gcc might optimize a little too agressively, and
you end up with an extra incrementation when *header != '4'.
We recommend that you upgrade gcc to as high a 3.x version as you can.
- According to multiple problem reports, some of our message digest
implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
latter - SHA one.
The recomendation is to upgrade your compiler. This naturally applies to
other similar cases.
- There is a subtle Solaris x86-specific gcc run-time environment bug, which
"falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
manifests itself as Segmentation Fault upon early application start-up.
The problem can be worked around by patching the environment according to
http://www.openssl.org/~appro/values.c.
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
As subject suggests SHA-1 might perform poorly (4 times slower)
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
this seems to be the fact that compiler emits multiplication to
perform shift operations:-( To work the problem around configure
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
* Problems with hp-parisc2-cc target when used with "no-asm" flag
When using the hp-parisc2-cc target, wrong bignum code is generated.
This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
aggressive optimization.
The problem manifests itself by the BN_kronecker test hanging in an
endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
which itself hangs. The reason could be tracked down to the bn_mul_comba8()
function in bn_asm.c. At some occasions the higher 32bit value of r[7]
is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
as no debugger support possible at +O3 and additional fprintf()'s
introduced fixed the bug, therefore it is most likely a bug in the
optimizer.
The bug was found in the BN_kronecker test but may also lead to
failures in other parts of the code.
(See Ticket #426.)
Workaround: modify the target to +O2 when building with no-asm.
* Problems building shared libraries on SCO OpenServer Release 5.0.6
with gcc 2.95.3
The symptoms appear when running the test suite, more specifically
test/ectest, with the following result:
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
ectest.c:186: ABORT
The cause of the problem seems to be that isxdigit(), called from
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
investigation shows that any of the isxxx() macros return 0 on any
input. A direct look in the information array that the isxxx() use,
called __ctype, shows that it contains all zeroes...
Taking a look at the newly created libcrypto.so with nm, one can see
that the variable __ctype is defined in libcrypto's .bss (which
explains why it is filled with zeroes):
$ nm -Pg libcrypto.so | grep __ctype
__ctype B 0011659c
__ctype2 U
Curiously, __ctype2 is undefined, in spite of being declared in
/usr/include/ctype.h in exactly the same way as __ctype.
Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.
* ULTRIX build fails with shell errors, such as "bad substitution"
and "test: argument expected"
The problem is caused by ULTRIX /bin/sh supporting only original
Bourne shell syntax/semantics, and the trouble is that the vast
majority is so accustomed to more modern syntax, that very few
people [if any] would recognize the ancient syntax even as valid.
This inevitably results in non-trivial scripts breaking on ULTRIX,
and OpenSSL isn't an exclusion. Fortunately there is workaround,
hire /bin/ksh to do the job /bin/sh fails to do.
1. Trick make(1) to use /bin/ksh by setting up following environ-
ment variables *prior* you execute ./Configure and make:
PROG_ENV=POSIX
MAKESHELL=/bin/ksh
export PROG_ENV MAKESHELL
or if your shell is csh-compatible:
setenv PROG_ENV POSIX
setenv MAKESHELL /bin/ksh
2. Trick /bin/sh to use alternative expression evaluator. Create
following 'test' script for example in /tmp:
#!/bin/ksh
${0##*/} "$@"
Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
natively just replace system /bin/test and /bin/[ with the
above script.
* hpux64-ia64-cc fails blowfish test.
Compiler bug, presumably at particular patch level. It should be noted
that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
* no-engines generates errors.
Unfortunately, the 'no-engines' configuration option currently doesn't
work properly. Use 'no-hw' and you'll will at least get no hardware
support. We'll see how we fix that on OpenSSL versions past 0.9.8.
* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
if elder GNU binutils were deployed to link shared libcrypto.so.
As subject suggests the failure is caused by a bug in elder binutils,
either as or ld, and was observed on FreeBSD and Linux. There are two
options. First is naturally to upgrade binutils, the second one - to
reconfigure with additional no-sse2 [or 386] option passed to ./config.
* If configured with ./config no-dso, toolkit still gets linked with -ldl,
which most notably poses a problem when linking with dietlibc.
We don't have framework to associate -ldl with no-dso, therefore the only
way is to edit Makefile right after ./config no-dso and remove -ldl from
EX_LIBS line.
* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
Compiler bug, presumably at particular patch level. Remaining
hpux*-parisc*-cc configurations can be affected too. Drop optimization
level to +O2 when compiling bn_nist.o.
* solaris64-sparcv9-cc link failure
Solaris 8 ar can fail to maintain symbol table in .a, which results in
link failures. Apply 109147-09 or later or modify Makefile generated
by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
RANLIB= /usr/ccs/bin/ar rs
certs/README.RootCerts 已删除 100644 → 0
浏览文件 @ b23238f9
The OpenSSL project does not (any longer) include root CA certificates.
Please check out the FAQ:
* How can I set up a bundle of commercial root CA certificates?
certs/demo/ca-cert.pem 已删除 100644 → 0
浏览文件 @ b23238f9
issuer= C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
subject= C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICMDCCAZkCCQC7xcpM4/Y5pTANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKUXVlZW5zbGFuZDEaMBgGA1UECgwRQ3J5cHRTb2Z0IFB0eSBM
dGQxHDAaBgNVBAMME1Rlc3QgUENBICgxMDI0IGJpdCkwIBcNMTYwMTEzMjE1MTA0
WhgPMjExNjAxMTQyMTUxMDRaMFsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVl
bnNsYW5kMRowGAYDVQQKDBFDcnlwdFNvZnQgUHR5IEx0ZDEbMBkGA1UEAwwSVGVz
dCBDQSAoMTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+LUDc
isuFNs1+pSGbzkQdXnZsDMCIEgeHIKBRAqxuaYsc2MSmrmZAMChvf/i+AwfKl0Y3
11nL2n3DlA5WKUUTspCe8BpIqpqm2cq8WPA1o5OWWUF4kroWDgCQfhcn29dSWVev
grwUF/9YPr4Sa9/RpqeqAHrKGK4/dHnKMwpZpwIDAQABMA0GCSqGSIb3DQEBCwUA
A4GBAHzNks+UQzxQG9gvct4nGFaR86YW28mW9oUpVevokvEaGqEGtb9uMbzJf5ER
HJ0GPtjIRIPuHPcACPN2gvh8kipGb4Hj2bJMIgWwoj7adViiJot4slHOINIXrQAq
+fFYyHYHLTcUpJEe9BZNmEJ5I8U1tWlVdubfQwPb8/ZRqkYg
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
PZoQ5B2XJ7bhTQ==
-----END PRIVATE KEY-----
certs/demo/dsa-ca.pem 已删除 100644 → 0
浏览文件 @ b23238f9
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
J6zsFbSEHaQGUmfSeoM=
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICVzCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzEAMC4CFQCRILcFM8uPOMS9A3ISHIHn
DinR1gIVAIm8wedax7I6YgQ1iJukchwZnsO1
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDLzCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNTczOFoYDzIxMTYwMTE0MjE1
NzM4WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
AgMwADAtAhUA0NuSQB0Odv7ZToHGhHWQn9+2InICFHYweVbdh+GXaV7ulMrvK7+d
ghUP
-----END CERTIFICATE-----
certs/demo/dsa-pca.pem 已删除 100644 → 0
浏览文件 @ b23238f9
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
6TicfImU7UFRn9h00j0lJQ==
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIUIBpERkvZqoeQ03rJkgyg
hIdRhAICFQCJIHDcjc1sBoSDGTPkrejqfQRgHQ==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDMTCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNTczN1oYDzIxMTYwMTE0MjE1
NzM3WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
+OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
BAMCAzAAMC0CFQC7Vz9FtzDUMURr3BW91+5FAZodbgIULxZ2l5jCqnwVjKuruM4o
FdkQZUQ=
-----END CERTIFICATE-----
certs/demo/pca-cert.pem 已删除 100644 → 0
浏览文件 @ b23238f9
issuer= C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
subject= C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCCQCDpmqfcg3yQzANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKUXVlZW5zbGFuZDEaMBgGA1UECgwRQ3J5cHRTb2Z0IFB0eSBM
dGQxHDAaBgNVBAMME1Rlc3QgUENBICgxMDI0IGJpdCkwIBcNMTYwMTEzMjE1MTA0
WhgPMjExNjAxMTQyMTUxMDRaMFwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVl
bnNsYW5kMRowGAYDVQQKDBFDcnlwdFNvZnQgUHR5IEx0ZDEcMBoGA1UEAwwTVGVz
dCBQQ0EgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAthiO
O2kuz+V+Q8XEAVnhXcd7mZkVuwRqQr1sDZ9BqvKt5HDJ+FtdsMkfIFX5zjEjl9ua
ZV3a3+6ziTisyEawG0vz1KoIQeE8mksXLCJBWYlMCMA1itaRkrm5H/75iZnLO4t8
8csG624rpwUYpfDc01OjGNiigx/SZp3as9fdwpMCAwEAATANBgkqhkiG9w0BAQsF
AAOBgQBTi1otT7r7eplhrk/bjuxs8Gq3DCmd+kyr50kXgmWPFPEexDAQ1I49NUEO
wYbPxgxMoqYTGvoQm59BSvr8zl+G/Y4ghlb3wK8N+be+IKYHMofYBC04CYsd5oMI
AUDVWBv7CUTM+B7HLIkd8kCCqUQIEHJPXcXtS745EHH+EUmVpA==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALYYjjtpLs/lfkPF
xAFZ4V3He5mZFbsEakK9bA2fQaryreRwyfhbXbDJHyBV+c4xI5fbmmVd2t/us4k4
rMhGsBtL89SqCEHhPJpLFywiQVmJTAjANYrWkZK5uR/++YmZyzuLfPHLButuK6cF
GKXw3NNToxjYooMf0mad2rPX3cKTAgMBAAECgYBvrJ+Nz/Pli9jjt2V9bqHH4Y7r
o/avuwVv6Ltbn0+mhy4d6w3yQhYzVSTBr/iDe59YglUt1WFl8/4nKZrNOIzHJlav
Sw4hd3fYBHxbT+DgZMQ9ikjHECWRdDffrnlTLsSJAcxnpMJBPe3dKCRDMUrqWUvB
IIKaxyqmXJms5Y/wAQJBAPFL9NMKJcWBftMKXCasxsV0ZGjgqHGZODYjtGFN9jJO
6AbZrxfCcapTWG4RCC2o/EDEMN8aArEhfdrYY3lhXGsCQQDBMRzFevkD7SYXTw5G
NA/gJOAsFMYbt7tebcCRsHT7t3ymVfO2QwK7ZF0f/SYvi7cMAPraHvO7s3kFdGTB
kDx5AkAHBICASsFCdzurA5gef9PgFjx9WFtNwnkCChPK6KuKVwUkfdw7wqnvnDDs
Mo6cVVfQwmPxeR4u7JxuavCprQ01AkEAp5ZGAh1J9Jj9CQ1AMbAp8WOrvzGKJTM9
641Dll4/LLif/d7j2kDJFuvaSMyeGnKVqGkVMq/U+QeYPR4Z5TuM6QJAWK05qFed
wYgTZyVN0MY53ZOMAIWwjz0cr24TvDfmsZqIvguGL616GKQZKdKDZQyQHg+dCzqJ
HgIoacuFDKz5CA==
-----END PRIVATE KEY-----
certs/expired/ICE.crl 已删除 100644 → 0
浏览文件 @ b23238f9
-----BEGIN X509 CRL-----
MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
-----END X509 CRL-----
openssl.doxy 已删除 100644 → 0
浏览文件 @ b23238f9
PROJECT_NAME=OpenSSL
GENERATE_LATEX=no
OUTPUT_DIRECTORY=doxygen
INPUT=ssl include
FILE_PATTERNS=*.c *.h
RECURSIVE=yes
PREDEFINED=DOXYGEN
test/Attic/bctest 已删除 100755 → 0
浏览文件 @ b23238f9
#!/bin/sh
# This script is used by test/Makefile.ssl to check whether a sane 'bc'
# is installed.
# ('make test_bn' should not try to run 'bc' if it does not exist or if
# it is a broken 'bc' version that is known to cause trouble.)
#
# If 'bc' works, we also test if it knows the 'print' command.
#
# In any case, output an appropriate command line for running (or not
# running) bc.
IFS=:
try_without_dir=true
# First we try "bc", then "$dir/bc" for each item in $PATH.
for dir in dummy:$PATH; do
if [ "$try_without_dir" = true ]; then
# first iteration
bc=bc
try_without_dir=false
else
# second and later iterations
bc="$dir/bc"
if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
bc=''
fi
fi
if [ ! "$bc" = '' ]; then
failure=none
# Test for SunOS 5.[78] bc bug
"$bc" >tmp.bctest <<\EOF
obase=16
ibase=16
a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
4FC3CADF855448B24A9D7640BCF473E
b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
3ED0E2017D60A68775B75481449
(a/b)*b + (a%b) - a
EOF
if [ 0 != "`cat tmp.bctest`" ]; then
failure=SunOStest
fi
if [ "$failure" = none ]; then
# Test for SCO bc bug.
"$bc" >tmp.bctest <<\EOF
obase=16
ibase=16
-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
89C8D71
AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
5296964
EOF
if [ "0
0" != "`cat tmp.bctest`" ]; then
failure=SCOtest
fi
fi
if [ "$failure" = none ]; then
# bc works; now check if it knows the 'print' command.
if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
then
echo "$bc"
else
echo "sed 's/print.*//' | $bc"
fi
exit 0
fi
echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
fi
done
echo "No working bc found. Consider installing GNU bc." >&2
if [ "$1" = ignore ]; then
echo "cat >/dev/null"
exit 0
fi
exit 1
test/Attic/bctest.com 已删除 100644 → 0
浏览文件 @ b23238f9
$!
$! Check operation of "bc".
$!
$! 2010-04-05 SMS. New. Based (loosely) on "bctest".
$!
$!
$ tmp_file_name = "tmp.bctest"
$ failure = ""
$!
$! Basic command test.
$!
$ on warning then goto bc_fail
$ bc
$ on error then exit
$!
$! Test for SunOS 5.[78] bc bug.
$!
$ if (failure .eqs. "")
$ then
$!
$ define /user_mode sys$output 'tmp_file_name'
$ bc
obase=16
ibase=16
a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
4FC3CADF855448B24A9D7640BCF473E
b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
3ED0E2017D60A68775B75481449
(a/b)*b + (a%b) - a
$ status = $status
$ output_expected = "0"
$ gosub check_output
$ if (output .ne. 1)
$ then
$ failure = "SunOStest"
$ else
$ delete 'f$parse( tmp_file_name)'
$ endif
$ endif
$!
$! Test for SCO bc bug.
$!
$ if (failure .eqs. "")
$ then
$!
$ define /user_mode sys$output 'tmp_file_name'
$ bc
obase=16
ibase=16
-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
89C8D71
AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
5296964
$ status = $status
$ output_expected = "0\0"
$ gosub check_output
$ if (output .ne. 1)
$ then
$ failure = "SCOtest"
$ else
$ delete 'f$parse( tmp_file_name)'
$ endif
$ endif
$!
$! Test for working 'print' command.
$!
$ if (failure .eqs. "")
$ then
$!
$ define /user_mode sys$output 'tmp_file_name'
$ bc
print "OK"
$ status = $status
$ output_expected = "OK"
$ gosub check_output
$ if (output .ne. 1)
$ then
$ failure = "printtest"
$ else
$ delete 'f$parse( tmp_file_name)'
$ endif
$ endif
$!
$ if (failure .nes. "")
$ then
$ write sys$output -
"No working bc found. Consider installing GNU bc."
$ exit %X00030000 ! %DCL-W-NORMAL
$ endif
$!
$ exit
$!
$!
$! Complete "bc" command failure.
$!
$ bc_fail:
$ write sys$output -
"No ""bc"" program/symbol found. Consider installing GNU bc."
$ exit %X00030000 ! %DCL-W-NORMAL
$!
$!
$! Output check subroutine.
$!
$ check_output:
$ eof = 0
$ line_nr = 0
$ open /read tmp_file 'tmp_file_name'
$ c_o_loop:
$ read /error = error_read tmp_file line
$ goto ok_read
$ error_read:
$ eof = 1
$ ok_read:
$ line_expected = f$element( line_nr, "\", output_expected)
$ line_nr = line_nr+ 1
$ if ((line_expected .nes. "\") .and. (.not. eof) .and. -
(line_expected .eqs. line)) then goto c_o_loop
$!
$ if ((line_expected .eqs. "\") .and. eof)
$ then
$ output = 1
$ else
$ output = 0
$ endif
$ close tmp_file
$ return
$!
test/Attic/bntest.com 已删除 100644 → 0
浏览文件 @ b23238f9
$!
$! Analyze bntest output file.
$!
$! Exit status = 1 (success) if all tests passed,
$! 0 (warning) if any test failed.
$!
$! 2011-02-20 SMS. Added code to skip "#" comments in the input file.
$!
$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh.
$!
$! Expect data like:
$! test test_name1
$! 0
$! [...]
$! test test_name2
$! 0
$! [...]
$! [...]
$!
$! Some tests have no following "0" lines.
$!
$ result_file_name = f$edit( p1, "TRIM")
$ if (result_file_name .eqs. "")
$ then
$ result_file_name = "bntest-vms.out"
$ endif
$!
$ fail = 0
$ passed = 0
$ tests = 0
$!
$ on control_c then goto tidy
$ on error then goto tidy
$!
$ open /read result_file 'result_file_name'
$!
$ read_loop:
$ read /end = read_loop_end /error = tidy result_file line
$ t1 = f$element( 0, " ", line)
$!
$! Skip "#" comment lines.
$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then -
goto read_loop
$!
$ if (t1 .eqs. "test")
$ then
$ passed = passed+ 1
$ tests = tests+ 1
$ fail = 1
$ t2 = f$extract( 5, 1000, line)
$ write sys$output "verify ''t2'"
$ else
$ if (t1 .nes. "0")
$ then
$ write sys$output "Failed! bc: ''line'"
$ passed = passed- fail
$ fail = 0
$ endif
$ endif
$ goto read_loop
$ read_loop_end:
$ write sys$output "''passed'/''tests' tests passed"
$!
$ tidy:
$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE")
$ then
$ close result_file
$ endif
$!
$ if ((tests .gt. 0) .and. (tests .eq. passed))
$ then
$ exit 1
$ else
$ exit 0
$ endif
$!
test/Attic/cms-test.pl 已删除 100644 → 0
浏览文件 @ b23238f9
此差异已折叠。
test/Attic/tcrl 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl crl'
if [ "$1"x != "x" ]; then
t=$1
else
t=testcrl.pem
fi
echo testing crl conversions
cp $t crl-fff.p
echo "p -> d"
$cmd -in crl-fff.p -inform p -outform d >crl-f.d || exit 1
echo "p -> p"
$cmd -in crl-fff.p -inform p -outform p >crl-f.p || exit 1
echo "d -> d"
$cmd -in crl-f.d -inform d -outform d >crl-ff.d1 || exit 1
echo "p -> d"
$cmd -in crl-f.p -inform p -outform d >crl-ff.d3 || exit 1
echo "d -> p"
$cmd -in crl-f.d -inform d -outform p >crl-ff.p1 || exit 1
echo "p -> p"
$cmd -in crl-f.p -inform p -outform p >crl-ff.p3 || exit 1
cmp crl-fff.p crl-f.p || exit 1
cmp crl-fff.p crl-ff.p1 || exit 1
cmp crl-fff.p crl-ff.p3 || exit 1
cmp crl-f.p crl-ff.p1 || exit 1
cmp crl-f.p crl-ff.p3 || exit 1
/bin/rm -f crl-f.* crl-ff.* crl-fff.*
exit 0
test/Attic/tcrl.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TCRL.COM -- Tests crl keys
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''exe_dir'openssl crl"
$
$ t = "testcrl.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing CRL conversions"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in fff.p -inform p -outform t -out f.t
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> d"
$! 'cmd' -in f.t -inform t -outform d -out ff.d2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$! write sys$output "d -> t"
$! 'cmd' -in f.d -inform d -outform t -out ff.t1
$! if $severity .ne. 1 then exit 3
$! write sys$output "t -> t"
$! 'cmd' -in f.t -inform t -outform t -out ff.t2
$! if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in f.p -inform p -outform t -out ff.t3
$! if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> p"
$! 'cmd' -in f.t -inform t -outform p -out ff.p2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare fff.p f.p
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare fff.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$! backup/compare f.t ff.t1
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t2
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t3
$! if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare f.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
test/Attic/testca 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
set -e
PERL="$1"
if test "$OSTYPE" = msdosdjgpp; then
PATH="../apps\;$PATH"
else
PATH="../apps:$PATH"
fi
export PATH
export SSLEAY_CONFIG OPENSSL
/bin/rm -fr demoCA
SSLEAY_CONFIG="-config CAss.cnf"
OPENSSL="`pwd`/../util/opensslwrap.sh"
$PERL ../apps/CA.pl -newca </dev/null
SSLEAY_CONFIG="-config Uss.cnf"
$PERL ../apps/CA.pl -newreq
SSLEAY_CONFIG="-config ../apps/openssl.cnf"
yes | $PERL ../apps/CA.pl -sign
$PERL ../apps/CA.pl -verify newcert.pem
/bin/rm -fr demoCA newcert.pem newreq.pem
test/Attic/testca.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TESTCA.COM
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
$
$ openssl = "mcr ''exe_dir'openssl"
$
$ SSLEAY_CONFIG="-config ""CAss.cnf"""
$
$ set noon
$ if f$search("demoCA.dir") .nes. ""
$ then
$ @[-.util]deltree [.demoCA]*.*
$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
$ delete demoCA.dir;*
$ endif
$ set on
$ open/read sys$ca_input VMSca-response.1
$ @[-.apps]CA.com -input sys$ca_input -newca
$ close sys$ca_input
$ if $severity .ne. 1 then exit 3
$
$
$ SSLEAY_CONFIG="-config ""Uss.cnf"""
$ @[-.apps]CA.com -newreq
$ if $severity .ne. 1 then exit 3
$
$
$ SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
$ open/read sys$ca_input VMSca-response.2
$ @[-.apps]CA.com -input sys$ca_input -sign
$ close sys$ca_input
$ if $severity .ne. 1 then exit 3
$
$
$ @[-.apps]CA.com -verify newcert.pem
$ if $severity .ne. 1 then exit 3
$
$ set noon
$ @[-.util]deltree [.demoCA]*.*
$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
$ delete demoCA.dir;*
$ if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
$ if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
$ set on
$! #usage: CA -newcert|-newreq|-newca|-sign|-verify
$
$ exit
test/Attic/testenc 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
testsrc=testenc
test=./p
cmd="../util/shlib_wrap.sh ../apps/openssl"
cat $testsrc >$test;
echo cat
$cmd enc < $test > $test.cipher
$cmd enc < $test.cipher >$test.clear
cmp $test $test.clear || exit 1
/bin/rm $test.cipher $test.clear
echo base64
$cmd enc -a -e < $test > $test.cipher
$cmd enc -a -d < $test.cipher >$test.clear
cmp $test $test.clear || exit 1
/bin/rm $test.cipher $test.clear
for i in `$cmd list -cipher-commands`
do
echo $i
$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
cmp $test $test.$i.clear || exit 1
/bin/rm $test.$i.cipher $test.$i.clear
echo $i base64
$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
cmp $test $test.$i.clear || exit 1
/bin/rm $test.$i.cipher $test.$i.clear
done
rm -f $test
test/Attic/testenc.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TESTENC.COM -- Test encoding and decoding
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p1 .eqs. 64) then __arch = __arch+ "_64"
$
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$ testsrc = "makefile."
$ test = "p.txt"
$ cmd = "mcr ''exe_dir'openssl"
$
$ if f$search(test) .nes. "" then delete 'test';*
$ convert/fdl=sys$input: 'testsrc' 'test'
RECORD
FORMAT STREAM_LF
$
$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
$
$ write sys$output "cat"
$ 'cmd' enc -in 'test' -out 'test'-cipher
$ 'cmd' enc -in 'test'-cipher -out 'test'-clear
$ backup/compare 'test' 'test'-clear
$ if $severity .ne. 1 then exit 3
$ delete 'test'-cipher;*,'test'-clear;*
$
$ write sys$output "base64"
$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher
$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
$ backup/compare 'test' 'test'-clear
$ if $severity .ne. 1 then exit 3
$ delete 'test'-cipher;*,'test'-clear;*
$
$ define/user sys$output 'test'-cipher-commands
$ 'cmd' list -cipher-commands
$ open/read f 'test'-cipher-commands
$ loop_cipher_commands:
$ read/end=loop_cipher_commands_end f i
$ write sys$output i
$
$ if f$search(test+"-"+i+"-cipher") .nes. "" then -
delete 'test'-'i'-cipher;*
$ if f$search(test+"-"+i+"-clear") .nes. "" then -
delete 'test'-'i'-clear;*
$
$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
$ backup/compare 'test' 'test'-'i'-clear
$ if $severity .ne. 1 then exit 3
$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
$
$ write sys$output i," base64"
$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
$ backup/compare 'test' 'test'-'i'-clear
$ if $severity .ne. 1 then exit 3
$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
$
$ goto loop_cipher_commands
$ loop_cipher_commands_end:
$ close f
$ delete 'test'-cipher-commands;*
$ delete 'test';*
test/Attic/testgen 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
T=testcert
KEY=512
CA=../certs/testca.pem
/bin/rm -f $T.1 $T.2 $T.key
if test "$OSTYPE" = msdosdjgpp; then
PATH=../apps\;$PATH;
else
PATH=../apps:$PATH;
fi
export PATH
echo "generating certificate request"
echo "string to make the random number generator think it has entropy" >> ./.rnd
if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
req_new='-newkey dsa:../apps/dsa512.pem'
else
req_new='-new'
echo "There should be a 2 sequences of .'s and some +'s."
echo "There should not be more that at most 80 per line"
fi
rm -f testkey.pem testreq.pem
echo Generating request
../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem || exit 1
echo Verifying signature on request
../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout || exit 1
exit 0
test/Attic/testgen.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TESTGEN.COM
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$ if (p1 .eqs. 64) then __arch = __arch+ "_64"
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ T = "testcert"
$ KEY = 512
$ CA = "[-.certs]testca.pem"
$
$ set noon
$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
$ set on
$
$ write sys$output "generating certificate request"
$
$ append/new nl: .rnd
$ open/append random_file .rnd
$ write random_file -
"string to make the random number generator think it has entropy"
$ close random_file
$
$ set noon
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa
$ save_severity=$SEVERITY
$ set on
$ if save_severity
$ then
$ req_new="-newkey dsa:[-.apps]dsa512.pem"
$ else
$ req_new="-new"
$ write sys$output -
"There should be a 2 sequences of .'s and some +'s."
$ write sys$output -
"There should not be more that at most 80 per line"
$ endif
$
$ write sys$output "This could take some time."
$
$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
$ if $severity .ne. 1
$ then
$ write sys$output "problems creating request"
$ exit 3
$ endif
$
$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
$ if $severity .ne. 1
$ then
$ write sys$output "signature on req is wrong"
$ exit 3
$ endif
test/Attic/testss 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
digest='-sha1'
reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
dummycnf="../apps/openssl.cnf"
CAkey="keyCA.ss"
CAcert="certCA.ss"
CAserial="certCA.srl"
CAreq="reqCA.ss"
CAconf="CAss.cnf"
CAreq2="req2CA.ss" # temp
Uconf="Uss.cnf"
Ukey="keyU.ss"
Ureq="reqU.ss"
Ucert="certU.ss"
Dkey="keyD.ss"
Dreq="reqD.ss"
Dcert="certD.ss"
Ekey="keyE.ss"
Ereq="reqE.ss"
Ecert="certE.ss"
P1conf="P1ss.cnf"
P1key="keyP1.ss"
P1req="reqP1.ss"
P1cert="certP1.ss"
P1intermediate="tmp_intP1.ss"
P2conf="P2ss.cnf"
P2key="keyP2.ss"
P2req="reqP2.ss"
P2cert="certP2.ss"
P2intermediate="tmp_intP2.ss"
echo string to make the random number generator think it has entropy >> ./.rnd
req_dsa='-newkey dsa:../apps/dsa1024.pem'
if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
req_new=$req_dsa
else
req_new='-new'
fi
echo make cert request
$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1
echo convert request into self-signed cert
$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1
echo convert cert into a cert request
$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1
echo verify request 1
$reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1
echo verify request 1
$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1
echo verify signature
$verifycmd -CAfile $CAcert $CAcert || exit 1
echo make a user cert request
$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1
echo sign user cert request
$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1
$verifycmd -CAfile $CAcert $Ucert || exit 1
echo Certificate details
$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1
if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
echo skipping DSA certificate creation
else
echo make a DSA user cert request
CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1
echo sign DSA user cert request
$x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1
$verifycmd -CAfile $CAcert $Dcert || exit 1
echo DSA Certificate details
$x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1
fi
if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
echo skipping ECDSA/ECDH certificate creation
else
echo make an ECDSA/ECDH user cert request
../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1
CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1
echo sign ECDSA/ECDH user cert request
$x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1
$verifycmd -CAfile $CAcert $Ecert || exit 1
echo ECDSA Certificate details
$x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1
fi
echo make a proxy cert request
$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1
echo sign proxy with user cert
$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1
cat $Ucert > $P1intermediate
$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
echo Certificate details
$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
echo make another proxy cert request
$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1
echo sign second proxy cert request with the first proxy cert
$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1
echo Certificate details
cat $Ucert $P1cert > $P2intermediate
$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
echo The generated CA certificate is $CAcert
echo The generated CA private key is $CAkey
echo The generated user certificate is $Ucert
echo The generated user private key is $Ukey
echo The first generated proxy certificate is $P1cert
echo The first generated proxy private key is $P1key
echo The second generated proxy certificate is $P2cert
echo The second generated proxy private key is $P2key
/bin/rm err.ss
exit 0
test/Attic/testss.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TESTSS.COM
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ digest="-md5"
$ reqcmd = "mcr ''exe_dir'openssl req"
$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
$ verifycmd = "mcr ''exe_dir'openssl verify"
$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
$
$ CAkey="""keyCA.ss"""
$ CAcert="""certCA.ss"""
$ CAreq="""reqCA.ss"""
$ CAconf="""CAss.cnf"""
$ CAreq2="""req2CA.ss""" ! temp
$
$ Uconf="""Uss.cnf"""
$ Ukey="""keyU.ss"""
$ Ureq="""reqU.ss"""
$ Ucert="""certU.ss"""
$
$ write sys$output ""
$ write sys$output "make a certificate request using 'req'"
$
$ set noon
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa
$ save_severity=$SEVERITY
$ set on
$ if save_severity
$ then
$ req_new="-newkey dsa:[-.apps]dsa512.pem"
$ else
$ req_new="-new"
$ endif
$
$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'req' to generate a certificate request"
$ exit 3
$ endif
$ write sys$output ""
$ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
$ define /user sys$output err.ss
$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'x509' to self sign a certificate request"
$ exit 3
$ endif
$
$ write sys$output ""
$ write sys$output "convert a certificate into a certificate request using 'x509'"
$ define /user sys$output err.ss
$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'x509' convert a certificate to a certificate request"
$ exit 3
$ endif
$
$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
$ if $severity .ne. 1
$ then
$ write sys$output "first generated request is invalid"
$ exit 3
$ endif
$
$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
$ if $severity .ne. 1
$ then
$ write sys$output "second generated request is invalid"
$ exit 3
$ endif
$
$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
$ if $severity .ne. 1
$ then
$ write sys$output "first generated cert is invalid"
$ exit 3
$ endif
$
$ write sys$output ""
$ write sys$output "make another certificate request using 'req'"
$ define /user sys$output err.ss
$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'req' to generate a certificate request"
$ exit 3
$ endif
$
$ write sys$output ""
$ write sys$output "sign certificate request with the just created CA via 'x509'"
$ define /user sys$output err.ss
$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'x509' to sign a certificate request"
$ exit 3
$ endif
$
$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
$ write sys$output ""
$ write sys$output "Certificate details"
$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
$
$ write sys$output ""
$ write sys$output "The generated CA certificate is ",CAcert
$ write sys$output "The generated CA private key is ",CAkey
$
$ write sys$output "The generated user certificate is ",Ucert
$ write sys$output "The generated user private key is ",Ukey
$
$ if f$search("err.ss;*") .nes. "" then delete err.ss;*
test/Attic/testssl 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
if [ "$1" = "" ]; then
key=../apps/server.pem
else
key="$1"
fi
if [ "$2" = "" ]; then
cert=../apps/server.pem
else
cert="$2"
fi
ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert"
if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
dsa_cert=YES
else
dsa_cert=NO
fi
if [ "$3" = "" ]; then
CA="-CApath ../certs"
else
CA="-CAfile $3"
fi
if [ "$4" = "" ]; then
extra=""
else
extra="$4"
fi
serverinfo="./serverinfo.pem"
#############################################################################
echo test sslv3
$ssltest -ssl3 $extra || exit 1
echo test sslv3 with server authentication
$ssltest -ssl3 -server_auth $CA $extra || exit 1
echo test sslv3 with client authentication
$ssltest -ssl3 -client_auth $CA $extra || exit 1
echo test sslv3 with both client and server authentication
$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3
$ssltest $extra || exit 1
echo test sslv2/sslv3 with server authentication
$ssltest -server_auth $CA $extra || exit 1
echo test sslv2/sslv3 with client authentication
$ssltest -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication
$ssltest -server_auth -client_auth $CA $extra || exit 1
echo test sslv3 via BIO pair
$ssltest -bio_pair -ssl3 $extra || exit 1
echo test sslv3 with server authentication via BIO pair
$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
echo test sslv3 with client authentication via BIO pair
$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
echo test sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 via BIO pair
$ssltest $extra || exit 1
echo test dtlsv1
$ssltest -dtls1 $extra || exit 1
echo test dtlsv1 with server authentication
$ssltest -dtls1 -server_auth $CA $extra || exit 1
echo test dtlsv1 with client authentication
$ssltest -dtls1 -client_auth $CA $extra || exit 1
echo test dtlsv1 with both client and server authentication
$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
echo test dtlsv1.2
$ssltest -dtls12 $extra || exit 1
echo test dtlsv1.2 with server authentication
$ssltest -dtls12 -server_auth $CA $extra || exit 1
echo test dtlsv1.2 with client authentication
$ssltest -dtls12 -client_auth $CA $extra || exit 1
echo test dtlsv1.2 with both client and server authentication
$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
if [ $dsa_cert = NO ]; then
echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
$ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
fi
echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1
echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
test_cipher() {
_cipher=$1
echo "Testing $_cipher"
prot=""
if [ $2 = "SSLv3" ] ; then
prot="-ssl3"
fi
_exarg=$3
$ssltest $_exarg -cipher $_cipher $prot
if [ $? -ne 0 ] ; then
echo "Failed $_cipher"
exit 1
fi
}
echo "Testing ciphersuites"
exkeys=""
ciphers="-EXP:-PSK:-SRP:-kDH:-kECDHe"
if ../util/shlib_wrap.sh ../apps/openssl no-dhparam >/dev/null; then
echo "skipping DHE tests"
ciphers="$ciphers:-kDHE"
fi
if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
echo "skipping DSA tests"
ciphers="$ciphers:-aDSA"
else
exkeys="$exkeys -s_cert certD.ss -s_key keyD.ss"
fi
if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
echo "skipping EC tests"
ciphers="$ciphers:!aECDSA:!kECDH"
else
exkeys="$exkeys -s_cert certE.ss -s_key keyE.ss"
fi
for protocol in TLSv1.2 SSLv3; do
echo "Testing ciphersuites for $protocol"
for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "$protocol:$ciphers" | tr ':' ' '`; do
test_cipher $cipher $protocol "$exkeys"
done
echo "testing connection with weak DH, expecting failure"
if [ $protocol = "SSLv3" ] ; then
$ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
else
$ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
fi
if [ $? -eq 0 ]; then
echo "FAIL: connection with weak DH succeeded"
exit 1
fi
done
#############################################################################
if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
echo skipping RSA tests
else
echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping RSA+DHE tests
else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
fi
echo test tls1 with PSK
$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
echo test tls1 with PSK via BIO pair
$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
#############################################################################
# Next Protocol Negotiation Tests
$ssltest -bio_pair -tls1 -npn_client || exit 1
$ssltest -bio_pair -tls1 -npn_server || exit 1
$ssltest -bio_pair -tls1 -npn_server_reject || exit 1
$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1
$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1
$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1
$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1
#############################################################################
# Custom Extension tests
echo test tls1 with custom extensions
$ssltest -bio_pair -tls1 -custom_ext || exit 1
#############################################################################
# Serverinfo tests
echo test tls1 with serverinfo
$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1
$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1
$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1
$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
#############################################################################
# ALPN tests
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
echo skipping SRP tests
else
echo test tls1 with SRP
$ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP via BIO pair
$ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP auth
$ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP auth via BIO pair
$ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
fi
#############################################################################
# Multi-buffer tests
if [ -z "$extra" -a `uname -m` = "x86_64" ]; then
$ssltest -cipher AES128-SHA -bytes 8m || exit 1
$ssltest -cipher AES128-SHA256 -bytes 8m || exit 1
fi
exit 0
test/Attic/testssl.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TESTSSL.COM
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
$!
$ texe_dir = "sys$disk:[-.''__arch'.exe.test]"
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ if p1 .eqs. ""
$ then
$ key="[-.apps]server.pem"
$ else
$ key=p1
$ endif
$ if p2 .eqs. ""
$ then
$ cert="[-.apps]server.pem"
$ else
$ cert=p2
$ endif
$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
" -cert ''cert' -c_key ''key' -c_cert ''cert'"
$!
$ set noon
$ define/user sys$output testssl-x509-output.
$ define/user sys$error nla0:
$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
$ define/user sys$error nla0:
$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
$ if $severity .eq. 1
$ then
$ dsa_cert = "YES"
$ else
$ dsa_cert = "NO"
$ endif
$ delete testssl-x509-output.;*
$
$ if p3 .eqs. ""
$ then
$ copy/concatenate [-.certs]*.pem certs.tmp
$ CA = """-CAfile"" certs.tmp"
$ else
$ CA = """-CAfile"" "+p3
$ endif
$
$!###########################################################################
$
$ write sys$output "test sslv3"
$ 'ssltest' -ssl3
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with server authentication"
$ 'ssltest' -ssl3 -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with client authentication"
$ 'ssltest' -ssl3 -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with both client and server authentication"
$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3"
$ 'ssltest'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with server authentication"
$ 'ssltest' -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with client authentication"
$ 'ssltest' -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with both client and server authentication"
$ 'ssltest' -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 via BIO pair"
$ 'ssltest' -bio_pair -ssl3
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with server authentication via BIO pair"
$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv3 with client authentication via BIO pair"
$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 via BIO pair"
$ 'ssltest'
$ if $severity .ne. 1 then goto exit3
$
$ if .not. dsa_cert
$ then
$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
$ 'ssltest' -bio_pair -no_dhe
$ if $severity .ne. 1 then goto exit3
$ endif
$
$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
$ 'ssltest' -bio_pair -dhe1024dsa -v
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with server authentication"
$ 'ssltest' -bio_pair -server_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
$ 'ssltest' -bio_pair -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
$ if $severity .ne. 1 then goto exit3
$
$!###########################################################################
$
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa
$ no_rsa=$SEVERITY
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-dhparam
$ no_dh=$SEVERITY
$
$ if no_dh
$ then
$ write sys$output "skipping anonymous DH tests"
$ else
$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
$ if $severity .ne. 1 then goto exit3
$ endif
$
$ if no_rsa
$ then
$ write sys$output "skipping RSA tests"
$ else
$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
$ if $severity .ne. 1 then goto exit3
$
$ if no_dh
$ then
$ write sys$output "skipping RSA+DHE tests"
$ else
$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
$ if $severity .ne. 1 then goto exit3
$ endif
$ endif
$
$ RET = 1
$ goto exit
$ exit3:
$ RET = 3
$ exit:
$ if p3 .eqs. "" then delete certs.tmp;*
$ set on
$ exit 'RET'
test/Attic/testsslproxy 已删除 100644 → 0
浏览文件 @ b23238f9
#! /bin/sh
echo 'Testing a lot of proxy conditions.'
echo 'Some of them may turn out being invalid, which is fine.'
for auth in A B C BC; do
for cond in A B C 'A|B&!C'; do
sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
if [ $? = 3 ]; then exit 1; fi
done
done
test/Attic/testtsa 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
#
# A few very basic tests for the 'ts' time stamping authority command.
#
SH="/bin/sh"
if test "$OSTYPE" = msdosdjgpp; then
PATH="../apps\;$PATH"
else
PATH="../apps:$PATH"
fi
export SH PATH
OPENSSL_CONF="../CAtsa.cnf"
export OPENSSL_CONF
# Because that's what ../apps/CA.pl really looks at
SSLEAY_CONFIG="-config $OPENSSL_CONF"
export SSLEAY_CONFIG
OPENSSL="`pwd`/../util/opensslwrap.sh"
export OPENSSL
RUN () {
../../util/shlib_wrap.sh ../../apps/openssl ts $*
}
create_tsa_cert () {
INDEX=$1
export INDEX
EXT=$2
TSDNSECT=ts_cert_dn
export TSDNSECT
../../util/shlib_wrap.sh ../../apps/openssl req -new \
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
echo using extension $EXT
../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-extfile $OPENSSL_CONF -extensions $EXT || exit 1
}
create_time_stamp_response () {
RUN -reply -section $3 -queryfile $1 -out $2 || exit 1
}
verify_time_stamp_response () {
RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-untrusted tsa_cert1.pem || exit 1
RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
-untrusted tsa_cert1.pem || exit 1
}
verify_time_stamp_response_fail () {
RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-untrusted tsa_cert1.pem && exit 1
echo ok
}
# main functions
echo setting up TSA test directory
rm -rf tsa 2>/dev/null
mkdir tsa
cd ./tsa
echo creating a new CA for the TSA tests
TSDNSECT=ts_ca_dn
export TSDNSECT
../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
-out tsaca.pem -keyout tsacakey.pem || exit 1
echo creating tsa_cert1.pem TSA server cert
create_tsa_cert 1 tsa_cert
echo creating tsa_cert2.pem non-TSA server cert
create_tsa_cert 2 non_tsa_cert
echo creating req1.req time stamp request for file testtsa
RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
echo printing req1.req
RUN -query -in req1.tsq -text
echo generating valid response for req1.req
create_time_stamp_response req1.tsq resp1.tsr tsa_config1
echo printing response
RUN -reply -in resp1.tsr -text || exit 1
echo verifying valid response
verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
echo verifying valid token
RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1
RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
-CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
-CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
echo creating req2.req time stamp request for file testtsa
RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
-out req2.tsq || exit 1
echo printing req2.req
RUN -query -in req2.tsq -text
echo generating valid response for req2.req
create_time_stamp_response req2.tsq resp2.tsr tsa_config1
echo checking -token_in and -token_out options with -reply
RESPONSE2=resp2.tsr.copy.tsr
TOKEN_DER=resp2.tsr.token.der
RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1
RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
cmp $RESPONSE2 resp2.tsr || exit 1
RUN -reply -in resp2.tsr -text -token_out || exit 1
RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
RUN -reply -queryfile req2.tsq -text -token_out || exit 1
echo printing response
RUN -reply -in resp2.tsr -text || exit 1
echo verifying valid response
verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
echo verifying response against wrong request, it should fail
verify_time_stamp_response_fail req1.tsq resp2.tsr
echo verifying response against wrong request, it should fail
verify_time_stamp_response_fail req2.tsq resp1.tsr
echo creating req3.req time stamp request for file CAtsa.cnf
RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
echo printing req3.req
RUN -query -in req3.tsq -text
echo verifying response against wrong request, it should fail
verify_time_stamp_response_fail req3.tsq resp1.tsr
echo cleaning up
cd ..
rm -rf tsa
exit 0
test/Attic/testtsa.com 已删除 100644 → 0
浏览文件 @ b23238f9
$!
$! A few very basic tests for the 'ts' time stamping authority command.
$!
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
$ OPENSSL_CONF = "[-]CAtsa.cnf"
$ ! Because that's what ../apps/CA.pl really looks at
$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
$
$ error:
$ subroutine
$ write sys$error "TSA test failed!"
$ exit 3
$ endsubroutine
$
$ setup_dir:
$ subroutine
$
$ if f$search("tsa.dir") .nes ""
$ then
$ @[-.util]deltree [.tsa]*.*
$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
$ delete tsa.dir;*
$ endif
$
$ create/dir [.tsa]
$ set default [.tsa]
$ endsubroutine
$
$ clean_up_dir:
$ subroutine
$
$ set default [-]
$ @[-.util]deltree [.tsa]*.*
$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
$ delete tsa.dir;*
$ endsubroutine
$
$ create_ca:
$ subroutine
$
$ write sys$output "Creating a new CA for the TSA tests..."
$ TSDNSECT = "ts_ca_dn"
$ openssl req -new -x509 -nodes -
-out tsaca.pem -keyout tsacakey.pem
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ create_tsa_cert:
$ subroutine
$
$ INDEX=p1
$ EXT=p2
$ TSDNSECT = "ts_cert_dn"
$
$ openssl req -new -
-out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
$ if $severity .ne. 1 then call error
$
$ write sys$output "Using extension ''EXT'"
$ openssl x509 -req -
-in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
"-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
-extfile 'OPENSSL_CONF' -extensions "''EXT'"
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ print_request:
$ subroutine
$
$ openssl ts -query -in 'p1' -text
$ endsubroutine
$
$ create_time_stamp_request1: subroutine
$
$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
-cert -out req1.tsq
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ create_time_stamp_request2: subroutine
$
$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
-no_nonce -out req2.tsq
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ create_time_stamp_request3: subroutine
$
$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ print_response:
$ subroutine
$
$ openssl ts -reply -in 'p1' -text
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ create_time_stamp_response:
$ subroutine
$
$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ time_stamp_response_token_test:
$ subroutine
$
$ RESPONSE2 = p2+ "-copy_tsr"
$ TOKEN_DER = p2+ "-token_der"
$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
$ if $severity .ne. 1 then call error
$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
$ if $severity .ne. 1 then call error
$ backup/compare 'RESPONSE2' 'p2'
$ if $severity .ne. 1 then call error
$ openssl ts -reply -in 'p2' -text -token_out
$ if $severity .ne. 1 then call error
$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
$ if $severity .ne. 1 then call error
$ openssl ts -reply -queryfile 'p1' -text -token_out
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ verify_time_stamp_response:
$ subroutine
$
$ openssl ts -verify -queryfile 'p1' -in 'p2' -
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ openssl ts -verify -data 'p3' -in 'p2' -
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ verify_time_stamp_token:
$ subroutine
$
$ ! create the token from the response first
$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
$ if $severity .ne. 1 then call error
$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
-token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ openssl ts -verify -data "''p3'" -in "''p2'-token" -
-token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ verify_time_stamp_response_fail:
$ subroutine
$
$ openssl ts -verify -queryfile 'p1' -in 'p2' -
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ ! Checks if the verification failed, as it should have.
$ if $severity .eq. 1 then call error
$ write sys$output "Ok"
$ endsubroutine
$
$ ! Main body ----------------------------------------------------------
$
$ set noon
$
$ write sys$output "Setting up TSA test directory..."
$ call setup_dir
$
$ write sys$output "Creating CA for TSA tests..."
$ call create_ca
$
$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
$ call create_tsa_cert 1 "tsa_cert"
$
$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
$ call create_tsa_cert 2 "non_tsa_cert"
$
$ write sys$output "Creating req1.req time stamp request for file testtsa..."
$ call create_time_stamp_request1
$
$ write sys$output "Printing req1.req..."
$ call print_request "req1.tsq"
$
$ write sys$output "Generating valid response for req1.req..."
$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
$
$ write sys$output "Printing response..."
$ call print_response "resp1.tsr"
$
$ write sys$output "Verifying valid response..."
$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
$
$ write sys$output "Verifying valid token..."
$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
$
$ ! The tests below are commented out, because invalid signer certificates
$ ! can no longer be specified in the config file.
$
$ ! write sys$output "Generating _invalid_ response for req1.req..."
$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
$
$ ! write sys$output "Printing response..."
$ ! call print_response "resp1_bad.tsr"
$
$ ! write sys$output "Verifying invalid response, it should fail..."
$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
$
$ write sys$output "Creating req2.req time stamp request for file testtsa..."
$ call create_time_stamp_request2
$
$ write sys$output "Printing req2.req..."
$ call print_request "req2.tsq"
$
$ write sys$output "Generating valid response for req2.req..."
$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
$
$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
$
$ write sys$output "Printing response..."
$ call print_response "resp2.tsr"
$
$ write sys$output "Verifying valid response..."
$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
$
$ write sys$output "Verifying response against wrong request, it should fail..."
$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
$
$ write sys$output "Verifying response against wrong request, it should fail..."
$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
$
$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
$ call create_time_stamp_request3
$
$ write sys$output "Printing req3.req..."
$ call print_request "req3.tsq"
$
$ write sys$output "Verifying response against wrong request, it should fail..."
$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
$
$ write sys$output "Cleaning up..."
$ call clean_up_dir
$
$ set on
$
$ exit
test/Attic/tkey 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
t=$1
ktype=$2
ptype=$3
if ../util/shlib_wrap.sh ../apps/openssl no-$ktype; then
echo skipping $ktype $ptype conversion test
exit 0
fi
if [ $ptype = "public" ]; then
cmd="../util/shlib_wrap.sh ../apps/openssl $ktype -pubin -pubout"
else
cmd="../util/shlib_wrap.sh ../apps/openssl $ktype"
fi
echo testing $ktype $ptype conversions
cp $t $ktype-fff.p
echo "p -> d"
$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1
echo "p -> p"
$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1
echo "d -> d"
$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1
echo "p -> d"
$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1
echo "d -> p"
$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1
echo "p -> p"
$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1
cmp $ktype-fff.p $ktype-f.p || exit 1
cmp $ktype-fff.p $ktype-ff.p1 || exit 1
cmp $ktype-fff.p $ktype-ff.p3 || exit 1
cmp $ktype-f.p $ktype-ff.p1 || exit 1
cmp $ktype-f.p $ktype-ff.p3 || exit 1
/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.*
[ $ptype = "public" ] && exit 0
echo testing $ktype PKCS#8 conversions
cmd="../util/shlib_wrap.sh ../apps/openssl pkey"
$cmd -in $t -out $ktype-fff.p
echo "p -> d"
$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1
echo "p -> p"
$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1
echo "d -> d"
$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1
echo "p -> d"
$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1
echo "d -> p"
$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1
echo "p -> p"
$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1
cmp $ktype-fff.p $ktype-f.p || exit 1
cmp $ktype-fff.p $ktype-ff.p1 || exit 1
cmp $ktype-fff.p $ktype-ff.p3 || exit 1
cmp $ktype-f.p $ktype-ff.p1 || exit 1
cmp $ktype-f.p $ktype-ff.p3 || exit 1
/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.*
test/Attic/tocsp 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl'
ocspdir="ocsp-tests"
# 17 December 2012 so we don't get certificate expiry errors.
check_time="-attime 1355875200"
test_ocsp () {
$cmd base64 -d -in $ocspdir/$1 | \
$cmd ocsp -respin - -partial_chain $check_time \
-CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null
[ $? != $3 ] && exit 1
}
echo "=== VALID OCSP RESPONSES ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp ND1.ors ND1_Issuer_ICA.pem 0
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp ND2.ors ND2_Issuer_Root.pem 0
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp ND3.ors ND3_Issuer_Root.pem 0
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp D1.ors D1_Issuer_ICA.pem 0
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp D2.ors D2_Issuer_Root.pem 0
echo "DELEGATED; Root CA -> EE"
test_ocsp D3.ors D3_Issuer_Root.pem 0
echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1
echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1
echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1
echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1
echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1
echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1
echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1
echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1
echo "DELEGATED; Root CA -> EE"
test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1
echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
# Expect success, because we're explicitly trusting the issuer certificate.
echo "NON-DELEGATED; Intermediate CA -> EE"
test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0
echo "NON-DELEGATED; Root CA -> Intermediate CA"
test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0
echo "NON-DELEGATED; Root CA -> EE"
test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0
echo "DELEGATED; Intermediate CA -> EE"
test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0
echo "DELEGATED; Root CA -> Intermediate CA"
test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0
echo "DELEGATED; Root CA -> EE"
test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0
echo "ALL OCSP TESTS SUCCESSFUL"
exit 0
test/Attic/tocsp.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TOCSP.COM -- Test ocsp
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
$ ocspdir = "ocsp-tests"
$
$! 17 December 2012 so we don't get certificate expiry errors.
$ check_time="-attime 1355875200"
$
$ test_ocsp:
$ subroutine
$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
"-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
$ if $severity .ne. p3+1
$ then
$ write sys$error "OCSP test failed!"
$ exit 3
$ endif
$ endsubroutine
$
$ set noon
$
$ write sys$output "=== VALID OCSP RESPONSES ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
$
$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
$
$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
$! Expect success, because we're explicitly trusting the issuer certificate.
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
$
$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
$
$ set on
$
$ exit
test/Attic/tpkcs7 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
if [ "$1"x != "x" ]; then
t=$1
else
t=testp7.pem
fi
echo testing pkcs7 conversions
cp $t p7-fff.p
echo "p -> d"
$cmd -in p7-fff.p -inform p -outform d >p7-f.d || exit 1
echo "p -> p"
$cmd -in p7-fff.p -inform p -outform p >p7-f.p || exit 1
echo "d -> d"
$cmd -in p7-f.d -inform d -outform d >p7-ff.d1 || exit 1
echo "p -> d"
$cmd -in p7-f.p -inform p -outform d >p7-ff.d3 || exit 1
echo "d -> p"
$cmd -in p7-f.d -inform d -outform p >p7-ff.p1 || exit 1
echo "p -> p"
$cmd -in p7-f.p -inform p -outform p >p7-ff.p3 || exit 1
cmp p7-fff.p p7-f.p || exit 1
cmp p7-fff.p p7-ff.p1 || exit 1
cmp p7-fff.p p7-ff.p3 || exit 1
cmp p7-f.p p7-ff.p1 || exit 1
cmp p7-f.p p7-ff.p3 || exit 1
/bin/rm -f p7-f.* p7-ff.* p7-fff.*
exit 0
test/Attic/tpkcs7.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TPKCS7.COM -- Tests pkcs7 keys
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''exe_dir'openssl pkcs7"
$
$ t = "testp7.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing PKCS7 conversions"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare fff.p f.p
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p1
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
test/Attic/tpkcs7d 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
if [ "$1"x != "x" ]; then
t=$1
else
t=pkcs7-1.pem
fi
echo "testing pkcs7 conversions (2)"
cp $t p7d-fff.p
echo "p -> d"
$cmd -in p7d-fff.p -inform p -outform d >p7d-f.d || exit 1
echo "p -> p"
$cmd -in p7d-fff.p -inform p -outform p >p7d-f.p || exit 1
echo "d -> d"
$cmd -in p7d-f.d -inform d -outform d >p7d-ff.d1 || exit 1
echo "p -> d"
$cmd -in p7d-f.p -inform p -outform d >p7d-ff.d3 || exit 1
echo "d -> p"
$cmd -in p7d-f.d -inform d -outform p >p7d-ff.p1 || exit 1
echo "p -> p"
$cmd -in p7d-f.p -inform p -outform p >p7d-ff.p3 || exit 1
cmp p7d-f.p p7d-ff.p1 || exit 1
cmp p7d-f.p p7d-ff.p3 || exit 1
/bin/rm -f p7d-f.* p7d-ff.* p7d-fff.*
exit 0
test/Attic/tpkcs7d.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TPKCS7.COM -- Tests pkcs7 keys
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''exe_dir'openssl pkcs7"
$
$ t = "pkcs7-1.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing PKCS7 conversions (2)"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
test/Attic/treq 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
if [ "$1"x != "x" ]; then
t=$1
else
t=testreq.pem
fi
if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
echo "skipping req conversion test for $t"
exit 0
fi
echo testing req conversions
cp $t req-fff.p
echo "p -> d"
$cmd -in req-fff.p -inform p -outform d >req-f.d || exit 1
echo "p -> p"
$cmd -in req-fff.p -inform p -outform p >req-f.p || exit 1
echo "d -> d"
$cmd -verify -in req-f.d -inform d -outform d >req-ff.d1 || exit 1
echo "p -> d"
$cmd -verify -in req-f.p -inform p -outform d >req-ff.d3 || exit 1
echo "d -> p"
$cmd -in req-f.d -inform d -outform p >req-ff.p1 || exit 1
echo "p -> p"
$cmd -in req-f.p -inform p -outform p >req-ff.p3 || exit 1
cmp req-fff.p req-f.p || exit 1
cmp req-fff.p req-ff.p1 || exit 1
cmp req-fff.p req-ff.p3 || exit 1
cmp req-f.p req-ff.p1 || exit 1
cmp req-f.p req-ff.p3 || exit 1
/bin/rm -f req-f.* req-ff.* req-fff.*
exit 0
test/Attic/treq.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TREQ.COM -- Tests req keys
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf"
$
$ t = "testreq.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing req conversions"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in fff.p -inform p -outform t -out f.t
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> d"
$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$! write sys$output "d -> t"
$! 'cmd' -in f.d -inform d -outform t -out ff.t1
$! if $severity .ne. 1 then exit 3
$! write sys$output "t -> t"
$! 'cmd' -in f.t -inform t -outform t -out ff.t2
$! if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in f.p -inform p -outform t -out ff.t3
$! if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> p"
$! 'cmd' -in f.t -inform t -outform p -out ff.p2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare fff.p f.p
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare fff.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$! backup/compare f.t ff.t1
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t2
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t3
$! if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare f.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
test/Attic/trsa.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TRSA.COM -- Tests rsa keys
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ set noon
$ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa
$ save_severity=$SEVERITY
$ set on
$ if save_severity
$ then
$ write sys$output "skipping RSA conversion test"
$ exit
$ endif
$
$ cmd = "mcr ''exe_dir'openssl rsa"
$
$ t = "testrsa.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing RSA conversions"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in fff.p -inform p -outform t -out f.t
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> d"
$! 'cmd' -in f.t -inform t -outform d -out ff.d2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$! write sys$output "d -> t"
$! 'cmd' -in f.d -inform d -outform t -out ff.t1
$! if $severity .ne. 1 then exit 3
$! write sys$output "t -> t"
$! 'cmd' -in f.t -inform t -outform t -out ff.t2
$! if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in f.p -inform p -outform t -out ff.t3
$! if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> p"
$! 'cmd' -in f.t -inform t -outform p -out ff.p2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare fff.p f.p
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare fff.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$! backup/compare f.t ff.t1
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t2
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t3
$! if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare f.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
test/Attic/tsid 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
if [ "$1"x != "x" ]; then
t=$1
else
t=testsid.pem
fi
echo testing session-id conversions
cp $t sid-fff.p
echo "p -> d"
$cmd -in sid-fff.p -inform p -outform d >sid-f.d || exit 1
echo "p -> p"
$cmd -in sid-fff.p -inform p -outform p >sid-f.p || exit 1
echo "d -> d"
$cmd -in sid-f.d -inform d -outform d >sid-ff.d1 || exit 1
echo "p -> d"
$cmd -in sid-f.p -inform p -outform d >sid-ff.d3 || exit 1
echo "d -> p"
$cmd -in sid-f.d -inform d -outform p >sid-ff.p1 || exit 1
echo "p -> p"
$cmd -in sid-f.p -inform p -outform p >sid-ff.p3 || exit 1
cmp sid-fff.p sid-f.p || exit 1
cmp sid-fff.p sid-ff.p1 || exit 1
cmp sid-fff.p sid-ff.p3 || exit 1
cmp sid-f.p sid-ff.p1 || exit 1
cmp sid-f.p sid-ff.p3 || exit 1
/bin/rm -f sid-f.* sid-ff.* sid-fff.*
exit 0
test/Attic/tsid.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TSID.COM -- Tests sid keys
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''exe_dir'openssl sess_id"
$
$ t = "testsid.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing session-id conversions"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in fff.p -inform p -outform t -out f.t
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> d"
$! 'cmd' -in f.t -inform t -outform d -out ff.d2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$! write sys$output "d -> t"
$! 'cmd' -in f.d -inform d -outform t -out ff.t1
$! if $severity .ne. 1 then exit 3
$! write sys$output "t -> t"
$! 'cmd' -in f.t -inform t -outform t -out ff.t2
$! if $severity .ne. 1 then exit 3
$! write sys$output "p -> t"
$! 'cmd' -in f.p -inform p -outform t -out ff.t3
$! if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$! write sys$output "t -> p"
$! 'cmd' -in f.t -inform t -outform p -out ff.p2
$! if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare fff.p f.p
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare fff.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$! backup/compare f.t ff.t1
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t2
$! if $severity .ne. 1 then exit 3
$! backup/compare f.t ff.t3
$! if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$! backup/compare f.p ff.p2
$! if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
test/Attic/tverify.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TVERIFY.COM
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
$!
$ line_max = 255 ! Could be longer on modern non-VAX.
$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
$ cmd_len = f$length( cmd)
$ pems = "[-.certs...]*.pem"
$!
$! Concatenate all the certificate files.
$!
$ copy /concatenate 'pems' 'temp_file_name'
$!
$! Loop through all the certificate files.
$!
$ args = ""
$ old_f = ""
$ loop_file:
$ f = f$search( pems)
$ if ((f .nes. "") .and. (f .nes. old_f))
$ then
$ old_f = f
$!
$! If this file name would over-extend the command line, then
$! run the command now.
$!
$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
$ then
$ if (args .eqs. "") then goto disaster
$ 'cmd''args'
$ args = ""
$ endif
$! Add the next file to the argument list.
$ args = args+ " "+ f
$ else
$! No more files in the list
$ goto loop_file_end
$ endif
$ goto loop_file
$ loop_file_end:
$!
$! Run the command for any left-over arguments.
$!
$ if (args .nes. "")
$ then
$ 'cmd''args'
$ endif
$!
$! Delete the temporary file.
$!
$ if (f$search( "''temp_file_name';*") .nes. "") then -
delete 'temp_file_name';*
$!
$ exit
$!
$ disaster:
$ write sys$output " Command line too long. Doomed."
$!
test/Attic/tx509 已删除 100644 → 0
浏览文件 @ b23238f9
#!/bin/sh
cmd='../util/shlib_wrap.sh ../apps/openssl x509'
if [ "$1"x != "x" ]; then
t=$1
else
t=testx509.pem
fi
echo testing X509 conversions
cp $t x509-fff.p
echo "p -> d"
$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
echo "p -> p"
$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1
echo "d -> d"
$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
echo "p -> d"
$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1
echo "d -> p"
$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
echo "p -> p"
$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1
cmp x509-fff.p x509-f.p || exit 1
cmp x509-fff.p x509-ff.p1 || exit 1
cmp x509-fff.p x509-ff.p3 || exit 1
cmp x509-f.p x509-ff.p1 || exit 1
cmp x509-f.p x509-ff.p3 || exit 1
/bin/rm -f x509-f.* x509-ff.* x509-fff.*
exit 0
test/Attic/tx509.com 已删除 100644 → 0
浏览文件 @ b23238f9
$! TX509.COM -- Tests x509 certificates
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''exe_dir'openssl x509"
$
$ t = "testx509.pem"
$ if p1 .nes. "" then t = p1
$
$ write sys$output "testing X509 conversions"
$ if f$search("fff.*") .nes "" then delete fff.*;*
$ if f$search("ff.*") .nes "" then delete ff.*;*
$ if f$search("f.*") .nes "" then delete f.*;*
$ convert/fdl=sys$input: 't' fff.p
RECORD
FORMAT STREAM_LF
$
$ write sys$output "p -> d"
$ 'cmd' -in fff.p -inform p -outform d -out f.d
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> n"
$ 'cmd' -in fff.p -inform p -outform n -out f.n
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in fff.p -inform p -outform p -out f.p
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> d"
$ 'cmd' -in f.d -inform d -outform d -out ff.d1
$ if $severity .ne. 1 then exit 3
$ write sys$output "n -> d"
$ 'cmd' -in f.n -inform n -outform d -out ff.d2
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> d"
$ 'cmd' -in f.p -inform p -outform d -out ff.d3
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> n"
$ 'cmd' -in f.d -inform d -outform n -out ff.n1
$ if $severity .ne. 1 then exit 3
$ write sys$output "n -> n"
$ 'cmd' -in f.n -inform n -outform n -out ff.n2
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> n"
$ 'cmd' -in f.p -inform p -outform n -out ff.n3
$ if $severity .ne. 1 then exit 3
$
$ write sys$output "d -> p"
$ 'cmd' -in f.d -inform d -outform p -out ff.p1
$ if $severity .ne. 1 then exit 3
$ write sys$output "n -> p"
$ 'cmd' -in f.n -inform n -outform p -out ff.p2
$ if $severity .ne. 1 then exit 3
$ write sys$output "p -> p"
$ 'cmd' -in f.p -inform p -outform p -out ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare fff.p f.p
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p1
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p2
$ if $severity .ne. 1 then exit 3
$ backup/compare fff.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare f.n ff.n1
$ if $severity .ne. 1 then exit 3
$ backup/compare f.n ff.n2
$ if $severity .ne. 1 then exit 3
$ backup/compare f.n ff.n3
$ if $severity .ne. 1 then exit 3
$
$ backup/compare f.p ff.p1
$ if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p2
$ if $severity .ne. 1 then exit 3
$ backup/compare f.p ff.p3
$ if $severity .ne. 1 then exit 3
$
$ delete f.*;*,ff.*;*,fff.*;*
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册