TclTLS: Artifact [0dd6643de1]

Artifact 0dd6643de1d11b51b468c80beae94b8b89f688e29b9491180bed068d65147e18:

File tests/ssllabs.test — part of check-in [34befcf0c7] at 2026-01-08 05:35:39 on branch tls-2.0 — Updated test constraints to make work for all platforms and OpenSSL versions. Added more tests. (user: bohagan, size: 3254) [annotate] [blame] [check-ins using]

# Auto generated test cases for ssllabs.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] < 0} {
	package require tcltest
	namespace import ::tcltest::*
}

set ::auto_path [concat [list [file dirname [file dirname [info script]]]] $::auto_path]

package prefer latest
package require tls

# Constraints
source [file join [file dirname [info script]] common.tcl]

# Helper functions
proc connect {url} {
    set port 443
    lassign [split $url ":"] url port
    if {$port eq ""} {
 set port 443
    }
    set cmd [list tls::socket -autoservername 1 -require 1]
    if {[info exists ::env(SSL_CERT_FILE)]} {
 lappend cmd -cafile $::env(SSL_CERT_FILE)
    }
    lappend cmd $url $port
    set ch [eval $cmd]
    if {[catch {tls::handshake $ch} err]} {
 close $ch
 return -code error $err
    } else {
 close $ch
    }
}


# clienttest.ssllabs.com Tests


test SSLLabs-1.1 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {win OpenSSL1.1.1} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: certificate verify failed due to "self signed certificate in certificate chain"} -returnCodes {1}

test SSLLabs-1.2 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {win !OpenSSL1.1.1} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: certificate verify failed due to "self-signed certificate in certificate chain"} -returnCodes {1}

test SSLLabs-1.3 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {mac} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: certificate verify failed due to "self-signed certificate in certificate chain"} -returnCodes {1}

test SSLLabs-1.4 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {unix !mac} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: decode error due to "unable to get local issuer certificate"} -returnCodes {1}

test SSLLabs-1.5 {Logjam Vulnerability} -constraints {win OpenSSL3.0} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test SSLLabs-1.6 {Logjam Vulnerability} -constraints {unix OpenSSL3.0} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: dh key too small} -returnCodes {1}

test SSLLabs-1.7 {Logjam Vulnerability} -constraints {win OpenSSL3.2} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: unknown security bits} -returnCodes {1}

test SSLLabs-1.8 {Logjam Vulnerability} -constraints {unix !mac OpenSSL3.2} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: unknown security bits} -returnCodes {1}

test SSLLabs-1.9 {Logjam Vulnerability} -constraints {mac OpenSSL3.2} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test SSLLabs-1.10 {FREAK Vulnerability} -body {
	connect www.ssllabs.com:10444
    } -result {handshake failed: unsupported protocol} -returnCodes {1}

test SSLLabs-1.11 {POODLE Vulnerability} -body {
	connect www.ssllabs.com:10443
    } -result {handshake failed: unsupported protocol} -returnCodes {1}

# Cleanup
::tcltest::cleanupTests
return