Artifact
0bf5ddad0c571fb5513edadfb5cf27c1163f602cd665f2169f707a0af62a9e4b:
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64 # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20 test cases for
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68 age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61 == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61 *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74 th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61 fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61 uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a ge require tls..
0120: 23 20 43 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f # Constraints.so
0130: 75 72 63 65 20 5b 66 69 6c 65 20 6a 6f 69 6e 20 urce [file join
0140: 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 [file dirname [i
0150: 6e 66 6f 20 73 63 72 69 70 74 5d 5d 20 63 6f 6d nfo script]] com
0160: 6d 6f 6e 2e 74 63 6c 5d 0a 0a 23 20 48 65 6c 70 mon.tcl]..# Help
0170: 65 72 20 66 75 6e 63 74 69 6f 6e 73 0a 70 72 6f er functions.pro
0180: 63 20 62 61 64 73 73 6c 20 7b 75 72 6c 7d 20 7b c badssl {url} {
0190: 73 65 74 20 70 6f 72 74 20 34 34 33 3b 6c 61 73 set port 443;las
01a0: 73 69 67 6e 20 5b 73 70 6c 69 74 20 24 75 72 6c sign [split $url
01b0: 20 22 3a 22 5d 20 75 72 6c 20 70 6f 72 74 3b 69 ":"] url port;i
01c0: 66 20 7b 24 70 6f 72 74 20 65 71 20 22 22 7d 20 f {$port eq ""}
01d0: 7b 73 65 74 20 70 6f 72 74 20 34 34 33 7d 3b 73 {set port 443};s
01e0: 65 74 20 63 6d 64 20 5b 6c 69 73 74 20 74 6c 73 et cmd [list tls
01f0: 3a 3a 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73 65 ::socket -autose
0200: 72 76 65 72 6e 61 6d 65 20 31 20 2d 72 65 71 75 rvername 1 -requ
0210: 69 72 65 20 31 5d 3b 69 66 20 7b 5b 69 6e 66 6f ire 1];if {[info
0220: 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28 53 53 exists ::env(SS
0230: 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d 20 7b L_CERT_FILE)]} {
0240: 6c 61 70 70 65 6e 64 20 63 6d 64 20 2d 63 61 66 lappend cmd -caf
0250: 69 6c 65 20 24 3a 3a 65 6e 76 28 53 53 4c 5f 43 ile $::env(SSL_C
0260: 45 52 54 5f 46 49 4c 45 29 7d 3b 6c 61 70 70 65 ERT_FILE)};lappe
0270: 6e 64 20 63 6d 64 20 24 75 72 6c 20 24 70 6f 72 nd cmd $url $por
0280: 74 3b 73 65 74 20 63 68 20 5b 65 76 61 6c 20 24 t;set ch [eval $
0290: 63 6d 64 5d 3b 69 66 20 7b 5b 63 61 74 63 68 20 cmd];if {[catch
02a0: 7b 74 6c 73 3a 3a 68 61 6e 64 73 68 61 6b 65 20 {tls::handshake
02b0: 24 63 68 7d 20 65 72 72 5d 7d 20 7b 63 6c 6f 73 $ch} err]} {clos
02c0: 65 20 24 63 68 3b 72 65 74 75 72 6e 20 2d 63 6f e $ch;return -co
02d0: 64 65 20 65 72 72 6f 72 20 24 65 72 72 7d 20 65 de error $err} e
02e0: 6c 73 65 20 7b 63 6c 6f 73 65 20 24 63 68 7d 7d lse {close $ch}}
02f0: 0a 0a 23 20 42 61 64 53 53 4c 2e 63 6f 6d 20 54 ..# BadSSL.com T
0300: 65 73 74 73 0a 0a 0a 74 65 73 74 20 42 61 64 53 ests...test BadS
0310: 53 4c 2d 31 2e 31 20 7b 31 30 30 30 2d 73 61 6e SL-1.1 {1000-san
0320: 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 s} -body {..bads
0330: 73 6c 20 31 30 30 30 2d 73 61 6e 73 2e 62 61 64 sl 1000-sans.bad
0340: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0350: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0360: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
0370: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
0380: 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 ed due to "certi
0390: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 ficate has expir
03a0: 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ed"} -returnCode
03b0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
03c0: 53 4c 2d 31 2e 32 20 7b 31 30 30 30 30 2d 73 61 SL-1.2 {10000-sa
03d0: 6e 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ns} -body {..bad
03e0: 73 73 6c 20 31 30 30 30 30 2d 73 61 6e 73 2e 62 ssl 10000-sans.b
03f0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
0400: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
0410: 6b 65 20 66 61 69 6c 65 64 3a 20 65 78 63 65 73 ke failed: exces
0420: 73 69 76 65 20 6d 65 73 73 61 67 65 20 73 69 7a sive message siz
0430: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
0440: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0450: 2d 31 2e 33 20 7b 33 64 65 73 7d 20 2d 62 6f 64 -1.3 {3des} -bod
0460: 79 20 7b 0a 09 62 61 64 73 73 6c 20 33 64 65 73 y {..badssl 3des
0470: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0480: 7d 20 2d 6d 61 74 63 68 20 7b 67 6c 6f 62 7d 20 } -match {glob}
0490: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
04a0: 6b 65 20 66 61 69 6c 65 64 3a 20 2a 20 61 6c 65 ke failed: * ale
04b0: 72 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69 rt handshake fai
04c0: 6c 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 lure} -returnCod
04d0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
04e0: 53 53 4c 2d 31 2e 34 20 7b 63 61 70 74 69 76 65 SSL-1.4 {captive
04f0: 2d 70 6f 72 74 61 6c 7d 20 2d 63 6f 6e 73 74 72 -portal} -constr
0500: 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 aints {old_api}
0510: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0520: 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 2e 62 captive-portal.b
0530: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
0540: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
0550: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
0560: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
0570: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 48 6f 73 iled due to "Hos
0580: 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 7d tname mismatch"}
0590: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
05a0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
05b0: 2e 35 20 7b 63 61 70 74 69 76 65 2d 70 6f 72 74 .5 {captive-port
05c0: 61 6c 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 al} -constraints
05d0: 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 {new_api} -body
05e0: 20 7b 0a 09 62 61 64 73 73 6c 20 63 61 70 74 69 {..badssl capti
05f0: 76 65 2d 70 6f 72 74 61 6c 2e 62 61 64 73 73 6c ve-portal.badssl
0600: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
0610: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
0620: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
0630: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
0640: 64 75 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 due to "hostname
0650: 20 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 mismatch"} -ret
0660: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
0670: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 20 7b 63 st BadSSL-1.6 {c
0680: 62 63 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 bc} -body {..bad
0690: 73 73 6c 20 63 62 63 2e 62 61 64 73 73 6c 2e 63 ssl cbc.badssl.c
06a0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 om. }..test B
06b0: 61 64 53 53 4c 2d 31 2e 37 20 7b 63 6c 69 65 6e adSSL-1.7 {clien
06c0: 74 2d 63 65 72 74 2d 6d 69 73 73 69 6e 67 7d 20 t-cert-missing}
06d0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
06e0: 63 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 69 73 73 client-cert-miss
06f0: 69 6e 67 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ing.badssl.com.
0700: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0710: 4c 2d 31 2e 38 20 7b 63 6c 69 65 6e 74 7d 20 2d L-1.8 {client} -
0720: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 body {..badssl c
0730: 6c 69 65 6e 74 2e 62 61 64 73 73 6c 2e 63 6f 6d lient.badssl.com
0740: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
0750: 53 53 4c 2d 31 2e 39 20 7b 64 68 2d 63 6f 6d 70 SSL-1.9 {dh-comp
0760: 6f 73 69 74 65 7d 20 2d 63 6f 6e 73 74 72 61 69 osite} -constrai
0770: 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 nts {old_api} -b
0780: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 ody {..badssl dh
0790: 2d 63 6f 6d 70 6f 73 69 74 65 2e 62 61 64 73 73 -composite.badss
07a0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 l.com. }..tes
07b0: 74 20 42 61 64 53 53 4c 2d 31 2e 31 30 20 7b 64 t BadSSL-1.10 {d
07c0: 68 2d 63 6f 6d 70 6f 73 69 74 65 7d 20 2d 63 6f h-composite} -co
07d0: 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 nstraints {new_a
07e0: 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 pi} -body {..bad
07f0: 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69 74 65 ssl dh-composite
0800: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0810: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
0820: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20 hake failed: dh
0830: 6b 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d key too small} -
0840: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
0850: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 .test BadSSL-1.1
0860: 31 20 7b 64 68 2d 73 6d 61 6c 6c 2d 73 75 62 67 1 {dh-small-subg
0870: 72 6f 75 70 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 roup} -body {..b
0880: 61 64 73 73 6c 20 64 68 2d 73 6d 61 6c 6c 2d 73 adssl dh-small-s
0890: 75 62 67 72 6f 75 70 2e 62 61 64 73 73 6c 2e 63 ubgroup.badssl.c
08a0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 om. }..test B
08b0: 61 64 53 53 4c 2d 31 2e 31 32 20 7b 64 68 34 38 adSSL-1.12 {dh48
08c0: 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 0} -constraints
08d0: 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 {old_api} -body
08e0: 7b 0a 09 62 61 64 73 73 6c 20 64 68 34 38 30 2e {..badssl dh480.
08f0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0900: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
0910: 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b ake failed: dh k
0920: 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 ey too small} -r
0930: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
0940: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 33 test BadSSL-1.13
0950: 20 7b 64 68 34 38 30 7d 20 2d 63 6f 6e 73 74 72 {dh480} -constr
0960: 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 aints {new_api}
0970: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0980: 64 68 34 38 30 2e 62 61 64 73 73 6c 2e 63 6f 6d dh480.badssl.com
0990: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
09a0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
09b0: 3a 20 6d 6f 64 75 6c 75 73 20 74 6f 6f 20 73 6d : modulus too sm
09c0: 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 all} -returnCode
09d0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
09e0: 53 4c 2d 31 2e 31 34 20 7b 64 68 35 31 32 7d 20 SL-1.14 {dh512}
09f0: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c -constraints {ol
0a00: 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 d_api} -body {..
0a10: 62 61 64 73 73 6c 20 64 68 35 31 32 2e 62 61 64 badssl dh512.bad
0a20: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0a30: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0a40: 20 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 failed: dh key
0a50: 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 too small} -retu
0a60: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
0a70: 74 20 42 61 64 53 53 4c 2d 31 2e 31 35 20 7b 64 t BadSSL-1.15 {d
0a80: 68 35 31 32 7d 20 2d 63 6f 6e 73 74 72 61 69 6e h512} -constrain
0a90: 74 73 20 7b 6d 61 63 7d 20 2d 62 6f 64 79 20 7b ts {mac} -body {
0aa0: 0a 09 62 61 64 73 73 6c 20 64 68 35 31 32 2e 62 ..badssl dh512.b
0ab0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
0ac0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
0ad0: 6b 65 20 66 61 69 6c 65 64 3a 20 75 6e 6b 6e 6f ke failed: unkno
0ae0: 77 6e 20 73 65 63 75 72 69 74 79 20 62 69 74 73 wn security bits
0af0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
0b00: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
0b10: 31 2e 31 36 20 7b 64 68 31 30 32 34 7d 20 2d 63 1.16 {dh1024} -c
0b20: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f onstraints {old_
0b30: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 api} -body {..ba
0b40: 64 73 73 6c 20 64 68 31 30 32 34 2e 62 61 64 73 dssl dh1024.bads
0b50: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
0b60: 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 37 20 7b st BadSSL-1.17 {
0b70: 64 68 31 30 32 34 7d 20 2d 63 6f 6e 73 74 72 61 dh1024} -constra
0b80: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
0b90: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 body {..badssl d
0ba0: 68 31 30 32 34 2e 62 61 64 73 73 6c 2e 63 6f 6d h1024.badssl.com
0bb0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0bc0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0bd0: 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 : dh key too sma
0be0: 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 ll} -returnCodes
0bf0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
0c00: 4c 2d 31 2e 31 38 20 7b 64 68 32 30 34 38 7d 20 L-1.18 {dh2048}
0c10: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0c20: 64 68 32 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f dh2048.badssl.co
0c30: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
0c40: 64 53 53 4c 2d 31 2e 31 39 20 7b 64 73 64 74 65 dSSL-1.19 {dsdte
0c50: 73 74 70 72 6f 76 69 64 65 72 7d 20 2d 62 6f 64 stprovider} -bod
0c60: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 73 64 74 y {..badssl dsdt
0c70: 65 73 74 70 72 6f 76 69 64 65 72 2e 62 61 64 73 estprovider.bads
0c80: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
0c90: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
0ca0: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 failed: certific
0cb0: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 ate verify faile
0cc0: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 d due to "unable
0cd0: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 to get local is
0ce0: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 suer certificate
0cf0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
0d00: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0d10: 2d 31 2e 32 30 20 7b 65 63 63 32 35 36 7d 20 2d -1.20 {ecc256} -
0d20: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 body {..badssl e
0d30: 63 63 32 35 36 2e 62 61 64 73 73 6c 2e 63 6f 6d cc256.badssl.com
0d40: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
0d50: 53 53 4c 2d 31 2e 32 31 20 7b 65 63 63 33 38 34 SSL-1.21 {ecc384
0d60: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0d70: 6c 20 65 63 63 33 38 34 2e 62 61 64 73 73 6c 2e l ecc384.badssl.
0d80: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
0d90: 42 61 64 53 53 4c 2d 31 2e 32 32 20 7b 65 64 65 BadSSL-1.22 {ede
0da0: 6c 6c 72 6f 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a llroot} -body {.
0db0: 09 62 61 64 73 73 6c 20 65 64 65 6c 6c 72 6f 6f .badssl edellroo
0dc0: 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 t.badssl.com.
0dd0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
0de0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
0df0: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
0e00: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
0e10: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f unable to get lo
0e20: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 cal issuer certi
0e30: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e ficate"} -return
0e40: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
0e50: 42 61 64 53 53 4c 2d 31 2e 32 33 20 7b 65 78 70 BadSSL-1.23 {exp
0e60: 69 72 65 64 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 ired} -body {..b
0e70: 61 64 73 73 6c 20 65 78 70 69 72 65 64 2e 62 61 adssl expired.ba
0e80: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
0e90: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
0ea0: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
0eb0: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
0ec0: 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 led due to "cert
0ed0: 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 ificate has expi
0ee0: 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 red"} -returnCod
0ef0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
0f00: 53 53 4c 2d 31 2e 32 34 20 7b 65 78 74 65 6e 64 SSL-1.24 {extend
0f10: 65 64 2d 76 61 6c 69 64 61 74 69 6f 6e 7d 20 2d ed-validation} -
0f20: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 body {..badssl e
0f30: 78 74 65 6e 64 65 64 2d 76 61 6c 69 64 61 74 69 xtended-validati
0f40: 6f 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 on.badssl.com.
0f50: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
0f60: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
0f70: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
0f80: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
0f90: 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 "certificate has
0fa0: 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 expired"} -retu
0fb0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
0fc0: 74 20 42 61 64 53 53 4c 2d 31 2e 32 35 20 7b 68 t BadSSL-1.25 {h
0fd0: 73 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 sts} -body {..ba
0fe0: 64 73 73 6c 20 68 73 74 73 2e 62 61 64 73 73 6c dssl hsts.badssl
0ff0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
1000: 20 42 61 64 53 53 4c 2d 31 2e 32 36 20 7b 68 74 BadSSL-1.26 {ht
1010: 74 70 73 2d 65 76 65 72 79 77 68 65 72 65 7d 20 tps-everywhere}
1020: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
1030: 68 74 74 70 73 2d 65 76 65 72 79 77 68 65 72 65 https-everywhere
1040: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1050: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1060: 2e 32 37 20 7b 69 6e 63 6f 6d 70 6c 65 74 65 2d .27 {incomplete-
1070: 63 68 61 69 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 chain} -body {..
1080: 62 61 64 73 73 6c 20 69 6e 63 6f 6d 70 6c 65 74 badssl incomplet
1090: 65 2d 63 68 61 69 6e 2e 62 61 64 73 73 6c 2e 63 e-chain.badssl.c
10a0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
10b0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
10c0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
10d0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
10e0: 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 e to "unable to
10f0: 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 get local issuer
1100: 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d certificate"} -
1110: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1120: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 .test BadSSL-1.2
1130: 38 20 7b 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 8 {invalid-expec
1140: 74 65 64 2d 73 63 74 7d 20 2d 62 6f 64 79 20 7b ted-sct} -body {
1150: 0a 09 62 61 64 73 73 6c 20 69 6e 76 61 6c 69 64 ..badssl invalid
1160: 2d 65 78 70 65 63 74 65 64 2d 73 63 74 2e 62 61 -expected-sct.ba
1170: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
1180: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
1190: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
11a0: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
11b0: 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 led due to "unab
11c0: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 le to get local
11d0: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 issuer certifica
11e0: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 te"} -returnCode
11f0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
1200: 53 4c 2d 31 2e 32 39 20 7b 6c 6f 6e 67 2d 65 78 SL-1.29 {long-ex
1210: 74 65 6e 64 65 64 2d 73 75 62 64 6f 6d 61 69 6e tended-subdomain
1220: 2d 6e 61 6d 65 2d 63 6f 6e 74 61 69 6e 69 6e 67 -name-containing
1230: 2d 6d 61 6e 79 2d 6c 65 74 74 65 72 73 2d 61 6e -many-letters-an
1240: 64 2d 64 61 73 68 65 73 7d 20 2d 62 6f 64 79 20 d-dashes} -body
1250: 7b 0a 09 62 61 64 73 73 6c 20 6c 6f 6e 67 2d 65 {..badssl long-e
1260: 78 74 65 6e 64 65 64 2d 73 75 62 64 6f 6d 61 69 xtended-subdomai
1270: 6e 2d 6e 61 6d 65 2d 63 6f 6e 74 61 69 6e 69 6e n-name-containin
1280: 67 2d 6d 61 6e 79 2d 6c 65 74 74 65 72 73 2d 61 g-many-letters-a
1290: 6e 64 2d 64 61 73 68 65 73 2e 62 61 64 73 73 6c nd-dashes.badssl
12a0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
12b0: 20 42 61 64 53 53 4c 2d 31 2e 33 30 20 7b 6c 6f BadSSL-1.30 {lo
12c0: 6e 67 65 78 74 65 6e 64 65 64 73 75 62 64 6f 6d ngextendedsubdom
12d0: 61 69 6e 6e 61 6d 65 77 69 74 68 6f 75 74 64 61 ainnamewithoutda
12e0: 73 68 65 73 69 6e 6f 72 64 65 72 74 6f 74 65 73 shesinordertotes
12f0: 74 77 6f 72 64 77 72 61 70 70 69 6e 67 7d 20 2d twordwrapping} -
1300: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6c body {..badssl l
1310: 6f 6e 67 65 78 74 65 6e 64 65 64 73 75 62 64 6f ongextendedsubdo
1320: 6d 61 69 6e 6e 61 6d 65 77 69 74 68 6f 75 74 64 mainnamewithoutd
1330: 61 73 68 65 73 69 6e 6f 72 64 65 72 74 6f 74 65 ashesinordertote
1340: 73 74 77 6f 72 64 77 72 61 70 70 69 6e 67 2e 62 stwordwrapping.b
1350: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
1360: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 .test BadSSL-1.3
1370: 31 20 7b 6d 69 74 6d 2d 73 6f 66 74 77 61 72 65 1 {mitm-software
1380: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
1390: 6c 20 6d 69 74 6d 2d 73 6f 66 74 77 61 72 65 2e l mitm-software.
13a0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
13b0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
13c0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
13d0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
13e0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e ailed due to "un
13f0: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 able to get loca
1400: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 l issuer certifi
1410: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f cate"} -returnCo
1420: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1430: 64 53 53 4c 2d 31 2e 33 32 20 7b 6e 6f 2d 63 6f dSSL-1.32 {no-co
1440: 6d 6d 6f 6e 2d 6e 61 6d 65 7d 20 2d 62 6f 64 79 mmon-name} -body
1450: 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 63 6f {..badssl no-co
1460: 6d 6d 6f 6e 2d 6e 61 6d 65 2e 62 61 64 73 73 6c mmon-name.badssl
1470: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
1480: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
1490: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
14a0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
14b0: 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 due to "certific
14c0: 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 ate has expired"
14d0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
14e0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
14f0: 31 2e 33 33 20 7b 6e 6f 2d 73 63 74 7d 20 2d 62 1.33 {no-sct} -b
1500: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f ody {..badssl no
1510: 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a -sct.badssl.com.
1520: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
1530: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
1540: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
1550: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
1560: 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 o "unable to get
1570: 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 local issuer ce
1580: 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 rtificate"} -ret
1590: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
15a0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 34 20 7b st BadSSL-1.34 {
15b0: 6e 6f 2d 73 75 62 6a 65 63 74 7d 20 2d 62 6f 64 no-subject} -bod
15c0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 73 y {..badssl no-s
15d0: 75 62 6a 65 63 74 2e 62 61 64 73 73 6c 2e 63 6f ubject.badssl.co
15e0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
15f0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
1600: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
1610: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
1620: 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 to "certificate
1630: 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d has expired"} -
1640: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1650: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 .test BadSSL-1.3
1660: 35 20 7b 6e 75 6c 6c 7d 20 2d 62 6f 64 79 20 7b 5 {null} -body {
1670: 0a 09 62 61 64 73 73 6c 20 6e 75 6c 6c 2e 62 61 ..badssl null.ba
1680: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
1690: 6d 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 match {glob} -re
16a0: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
16b0: 66 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 failed: * alert
16c0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 handshake failur
16d0: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
16e0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
16f0: 2d 31 2e 33 36 20 7b 70 69 6e 6e 69 6e 67 2d 74 -1.36 {pinning-t
1700: 65 73 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 est} -body {..ba
1710: 64 73 73 6c 20 70 69 6e 6e 69 6e 67 2d 74 65 73 dssl pinning-tes
1720: 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 t.badssl.com.
1730: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
1740: 31 2e 33 37 20 7b 70 72 65 61 63 74 2d 63 6c 69 1.37 {preact-cli
1750: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
1760: 6c 20 70 72 65 61 63 74 2d 63 6c 69 2e 62 61 64 l preact-cli.bad
1770: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
1780: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
1790: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
17a0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
17b0: 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c ed due to "unabl
17c0: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 e to get local i
17d0: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 ssuer certificat
17e0: 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 e"} -returnCodes
17f0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
1800: 4c 2d 31 2e 33 38 20 7b 70 72 65 6c 6f 61 64 65 L-1.38 {preloade
1810: 64 2d 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b 0a d-hsts} -body {.
1820: 09 62 61 64 73 73 6c 20 70 72 65 6c 6f 61 64 65 .badssl preloade
1830: 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f d-hsts.badssl.co
1840: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
1850: 64 53 53 4c 2d 31 2e 33 39 20 7b 72 63 34 2d 6d dSSL-1.39 {rc4-m
1860: 64 35 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 d5} -body {..bad
1870: 73 73 6c 20 72 63 34 2d 6d 64 35 2e 62 61 64 73 ssl rc4-md5.bads
1880: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 sl.com. } -ma
1890: 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 tch {glob} -resu
18a0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
18b0: 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 68 61 iled: * alert ha
18c0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d ndshake failure}
18d0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
18e0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
18f0: 2e 34 30 20 7b 72 63 34 7d 20 2d 62 6f 64 79 20 .40 {rc4} -body
1900: 7b 0a 09 62 61 64 73 73 6c 20 72 63 34 2e 62 61 {..badssl rc4.ba
1910: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
1920: 6d 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 match {glob} -re
1930: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
1940: 66 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 failed: * alert
1950: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 handshake failur
1960: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
1970: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
1980: 2d 31 2e 34 31 20 7b 72 65 76 6f 6b 65 64 7d 20 -1.41 {revoked}
1990: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
19a0: 72 65 76 6f 6b 65 64 2e 62 61 64 73 73 6c 2e 63 revoked.badssl.c
19b0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
19c0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
19d0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
19e0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
19f0: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 e to "certificat
1a00: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 e has expired"}
1a10: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1a20: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1a30: 34 32 20 7b 72 73 61 32 30 34 38 7d 20 2d 62 6f 42 {rsa2048} -bo
1a40: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 61 dy {..badssl rsa
1a50: 32 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 2048.badssl.com.
1a60: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
1a70: 53 4c 2d 31 2e 34 33 20 7b 72 73 61 34 30 39 36 SL-1.43 {rsa4096
1a80: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
1a90: 6c 20 72 73 61 34 30 39 36 2e 62 61 64 73 73 6c l rsa4096.badssl
1aa0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
1ab0: 20 42 61 64 53 53 4c 2d 31 2e 34 34 20 7b 72 73 BadSSL-1.44 {rs
1ac0: 61 38 31 39 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 a8192} -body {..
1ad0: 62 61 64 73 73 6c 20 72 73 61 38 31 39 32 2e 62 badssl rsa8192.b
1ae0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
1af0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 .test BadSSL-1.4
1b00: 35 20 7b 73 65 6c 66 2d 73 69 67 6e 65 64 7d 20 5 {self-signed}
1b10: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c -constraints {ol
1b20: 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 d_api} -body {..
1b30: 62 61 64 73 73 6c 20 73 65 6c 66 2d 73 69 67 6e badssl self-sign
1b40: 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ed.badssl.com.
1b50: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
1b60: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
1b70: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
1b80: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
1b90: 22 73 65 6c 66 20 73 69 67 6e 65 64 20 63 65 72 "self signed cer
1ba0: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 tificate"} -retu
1bb0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
1bc0: 74 20 42 61 64 53 53 4c 2d 31 2e 34 36 20 7b 73 t BadSSL-1.46 {s
1bd0: 65 6c 66 2d 73 69 67 6e 65 64 7d 20 2d 63 6f 6e elf-signed} -con
1be0: 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 straints {new_ap
1bf0: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
1c00: 73 6c 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e 62 sl self-signed.b
1c10: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
1c20: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
1c30: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
1c40: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
1c50: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c iled due to "sel
1c60: 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 f-signed certifi
1c70: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f cate"} -returnCo
1c80: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1c90: 64 53 53 4c 2d 31 2e 34 37 20 7b 73 68 61 31 2d dSSL-1.47 {sha1-
1ca0: 32 30 31 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 2016} -body {..b
1cb0: 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 36 2e adssl sha1-2016.
1cc0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
1cd0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
1ce0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
1cf0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
1d00: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e ailed due to "un
1d10: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 able to get loca
1d20: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 l issuer certifi
1d30: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f cate"} -returnCo
1d40: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1d50: 64 53 53 4c 2d 31 2e 34 38 20 7b 73 68 61 31 2d dSSL-1.48 {sha1-
1d60: 32 30 31 37 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 2017} -constrain
1d70: 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f ts {old_api} -bo
1d80: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 dy {..badssl sha
1d90: 31 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e 63 6f 1-2017.badssl.co
1da0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
1db0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
1dc0: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
1dd0: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
1de0: 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 to "certificate
1df0: 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d has expired"} -
1e00: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1e10: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 .test BadSSL-1.4
1e20: 39 20 7b 73 68 61 31 2d 32 30 31 37 7d 20 2d 63 9 {sha1-2017} -c
1e30: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f onstraints {new_
1e40: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 api} -body {..ba
1e50: 64 73 73 6c 20 73 68 61 31 2d 32 30 31 37 2e 62 dssl sha1-2017.b
1e60: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
1e70: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
1e80: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
1e90: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
1ea0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 43 41 20 iled due to "CA
1eb0: 73 69 67 6e 61 74 75 72 65 20 64 69 67 65 73 74 signature digest
1ec0: 20 61 6c 67 6f 72 69 74 68 6d 20 74 6f 6f 20 77 algorithm too w
1ed0: 65 61 6b 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 eak"} -returnCod
1ee0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
1ef0: 53 53 4c 2d 31 2e 35 30 20 7b 73 68 61 31 2d 69 SSL-1.50 {sha1-i
1f00: 6e 74 65 72 6d 65 64 69 61 74 65 7d 20 2d 62 6f ntermediate} -bo
1f10: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 dy {..badssl sha
1f20: 31 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 62 1-intermediate.b
1f30: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
1f40: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
1f50: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
1f60: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
1f70: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 iled due to "una
1f80: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c ble to get local
1f90: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 issuer certific
1fa0: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ate"} -returnCod
1fb0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
1fc0: 53 53 4c 2d 31 2e 35 31 20 7b 73 68 61 32 35 36 SSL-1.51 {sha256
1fd0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
1fe0: 6c 20 73 68 61 32 35 36 2e 62 61 64 73 73 6c 2e l sha256.badssl.
1ff0: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
2000: 42 61 64 53 53 4c 2d 31 2e 35 32 20 7b 73 68 61 BadSSL-1.52 {sha
2010: 33 38 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 384} -body {..ba
2020: 64 73 73 6c 20 73 68 61 33 38 34 2e 62 61 64 73 dssl sha384.bads
2030: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
2040: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
2050: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 failed: certific
2060: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 ate verify faile
2070: 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 d due to "certif
2080: 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 icate has expire
2090: 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 d"} -returnCodes
20a0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
20b0: 4c 2d 31 2e 35 33 20 7b 73 68 61 35 31 32 7d 20 L-1.53 {sha512}
20c0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
20d0: 73 68 61 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f sha512.badssl.co
20e0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
20f0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
2100: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
2110: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
2120: 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 to "certificate
2130: 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d has expired"} -
2140: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
2150: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 .test BadSSL-1.5
2160: 34 20 7b 73 74 61 74 69 63 2d 72 73 61 7d 20 2d 4 {static-rsa} -
2170: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
2180: 74 61 74 69 63 2d 72 73 61 2e 62 61 64 73 73 6c tatic-rsa.badssl
2190: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
21a0: 20 42 61 64 53 53 4c 2d 31 2e 35 35 20 7b 73 75 BadSSL-1.55 {su
21b0: 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 bdomain.preloade
21c0: 64 2d 68 73 74 73 7d 20 2d 63 6f 6e 73 74 72 61 d-hsts} -constra
21d0: 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d ints {old_api} -
21e0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
21f0: 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 ubdomain.preload
2200: 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 ed-hsts.badssl.c
2210: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
2220: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
2230: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
2240: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
2250: 65 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d e to "Hostname m
2260: 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 ismatch"} -retur
2270: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
2280: 20 42 61 64 53 53 4c 2d 31 2e 35 36 20 7b 73 75 BadSSL-1.56 {su
2290: 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 bdomain.preloade
22a0: 64 2d 68 73 74 73 7d 20 2d 63 6f 6e 73 74 72 61 d-hsts} -constra
22b0: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
22c0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
22d0: 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 ubdomain.preload
22e0: 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 ed-hsts.badssl.c
22f0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
2300: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
2310: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
2320: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
2330: 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20 6d e to "hostname m
2340: 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 ismatch"} -retur
2350: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
2360: 20 42 61 64 53 53 4c 2d 31 2e 35 37 20 7b 73 75 BadSSL-1.57 {su
2370: 70 65 72 66 69 73 68 7d 20 2d 62 6f 64 79 20 7b perfish} -body {
2380: 0a 09 62 61 64 73 73 6c 20 73 75 70 65 72 66 69 ..badssl superfi
2390: 73 68 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 sh.badssl.com.
23a0: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
23b0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
23c0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
23d0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
23e0: 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c "unable to get l
23f0: 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 ocal issuer cert
2400: 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 ificate"} -retur
2410: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
2420: 20 42 61 64 53 53 4c 2d 31 2e 35 38 20 7b 74 6c BadSSL-1.58 {tl
2430: 73 2d 76 31 2d 30 3a 31 30 31 30 7d 20 2d 63 6f s-v1-0:1010} -co
2440: 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 20 nstraints {tls1
2450: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
2460: 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d ..badssl tls-v1-
2470: 30 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 0.badssl.com:101
2480: 30 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 0. }..test Ba
2490: 64 53 53 4c 2d 31 2e 35 39 20 7b 74 6c 73 2d 76 dSSL-1.59 {tls-v
24a0: 31 2d 30 3a 31 30 31 30 7d 20 2d 63 6f 6e 73 74 1-0:1010} -const
24b0: 72 61 69 6e 74 73 20 7b 74 6c 73 31 20 6e 65 77 raints {tls1 new
24c0: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
24d0: 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 adssl tls-v1-0.b
24e0: 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 adssl.com:1010.
24f0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2500: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2510: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 unsupported prot
2520: 6f 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ocol} -returnCod
2530: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
2540: 53 53 4c 2d 31 2e 36 30 20 7b 74 6c 73 2d 76 31 SSL-1.60 {tls-v1
2550: 2d 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72 -1:1011} -constr
2560: 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6f 6c aints {tls1.1 ol
2570: 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 d_api} -body {..
2580: 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 2e badssl tls-v1-1.
2590: 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a badssl.com:1011.
25a0: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
25b0: 53 4c 2d 31 2e 36 31 20 7b 74 6c 73 2d 76 31 2d SL-1.61 {tls-v1-
25c0: 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72 61 1:1011} -constra
25d0: 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6e 65 77 ints {tls1.1 new
25e0: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
25f0: 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 2e 62 adssl tls-v1-1.b
2600: 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a 20 adssl.com:1011.
2610: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2620: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2630: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 unsupported prot
2640: 6f 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ocol} -returnCod
2650: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
2660: 53 53 4c 2d 31 2e 36 32 20 7b 74 6c 73 2d 76 31 SSL-1.62 {tls-v1
2670: 2d 32 3a 31 30 31 32 7d 20 2d 63 6f 6e 73 74 72 -2:1012} -constr
2680: 61 69 6e 74 73 20 7b 74 6c 73 31 2e 32 7d 20 2d aints {tls1.2} -
2690: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74 body {..badssl t
26a0: 6c 73 2d 76 31 2d 32 2e 62 61 64 73 73 6c 2e 63 ls-v1-2.badssl.c
26b0: 6f 6d 3a 31 30 31 32 0a 20 20 20 20 7d 0a 0a 74 om:1012. }..t
26c0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 33 20 est BadSSL-1.63
26d0: 7b 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 7d {untrusted-root}
26e0: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f -constraints {o
26f0: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ld_api} -body {.
2700: 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74 65 .badssl untruste
2710: 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63 6f d-root.badssl.co
2720: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
2730: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
2740: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
2750: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
2760: 20 74 6f 20 22 73 65 6c 66 20 73 69 67 6e 65 64 to "self signed
2770: 20 63 65 72 74 69 66 69 63 61 74 65 20 69 6e 20 certificate in
2780: 63 65 72 74 69 66 69 63 61 74 65 20 63 68 61 69 certificate chai
2790: 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 n"} -returnCodes
27a0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
27b0: 4c 2d 31 2e 36 34 20 7b 75 6e 74 72 75 73 74 65 L-1.64 {untruste
27c0: 64 2d 72 6f 6f 74 7d 20 2d 63 6f 6e 73 74 72 61 d-root} -constra
27d0: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
27e0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 75 body {..badssl u
27f0: 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 2e 62 61 ntrusted-root.ba
2800: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
2810: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
2820: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
2830: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
2840: 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c 66 led due to "self
2850: 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 -signed certific
2860: 61 74 65 20 69 6e 20 63 65 72 74 69 66 69 63 61 ate in certifica
2870: 74 65 20 63 68 61 69 6e 22 7d 20 2d 72 65 74 75 te chain"} -retu
2880: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
2890: 74 20 42 61 64 53 53 4c 2d 31 2e 36 35 20 7b 75 t BadSSL-1.65 {u
28a0: 70 67 72 61 64 65 7d 20 2d 62 6f 64 79 20 7b 0a pgrade} -body {.
28b0: 09 62 61 64 73 73 6c 20 75 70 67 72 61 64 65 2e .badssl upgrade.
28c0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
28d0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
28e0: 36 36 20 7b 77 65 62 70 61 63 6b 2d 64 65 76 2d 66 {webpack-dev-
28f0: 73 65 72 76 65 72 7d 20 2d 62 6f 64 79 20 7b 0a server} -body {.
2900: 09 62 61 64 73 73 6c 20 77 65 62 70 61 63 6b 2d .badssl webpack-
2910: 64 65 76 2d 73 65 72 76 65 72 2e 62 61 64 73 73 dev-server.badss
2920: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
2930: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
2940: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
2950: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
2960: 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 due to "unable
2970: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 to get local iss
2980: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 uer certificate"
2990: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
29a0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
29b0: 31 2e 36 37 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 1.67 {wrong.host
29c0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
29d0: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
29e0: 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e 67 2e 68 ..badssl wrong.h
29f0: 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ost.badssl.com.
2a00: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2a10: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2a20: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
2a30: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
2a40: 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 "Hostname misma
2a50: 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 tch"} -returnCod
2a60: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
2a70: 53 53 4c 2d 31 2e 36 38 20 7b 77 72 6f 6e 67 2e SSL-1.68 {wrong.
2a80: 68 6f 73 74 7d 20 2d 63 6f 6e 73 74 72 61 69 6e host} -constrain
2a90: 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f ts {new_api} -bo
2aa0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 77 72 6f dy {..badssl wro
2ab0: 6e 67 2e 68 6f 73 74 2e 62 61 64 73 73 6c 2e 63 ng.host.badssl.c
2ac0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
2ad0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
2ae0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
2af0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
2b00: 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20 6d e to "hostname m
2b10: 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 ismatch"} -retur
2b20: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
2b30: 20 42 61 64 53 53 4c 2d 31 2e 36 39 20 7b 6d 6f BadSSL-1.69 {mo
2b40: 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 7d 20 2d 62 zilla-modern} -b
2b50: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d 6f ody {..badssl mo
2b60: 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 2e 62 61 64 zilla-modern.bad
2b70: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 23 ssl.com. }..#
2b80: 20 43 6c 65 61 6e 75 70 0a 3a 3a 74 63 6c 74 65 Cleanup.::tclte
2b90: 73 74 3a 3a 63 6c 65 61 6e 75 70 54 65 73 74 73 st::cleanupTests
2ba0: 0a 72 65 74 75 72 6e 0a .return.