Artifact
0d6ad9cb827af5eb90811118a288fa74bc10171cbf0d60f9e049455c1df89c7f:
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64 # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20 test cases for
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68 age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d dren] ::tcltest]
0070: 20 3c 20 30 7d 20 7b 0a 09 70 61 63 6b 61 67 65 < 0} {..package
0080: 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 73 74 require tcltest
0090: 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d 70 6f ..namespace impo
00a0: 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a 2a 0a rt ::tcltest::*.
00b0: 7d 0a 0a 73 65 74 20 3a 3a 61 75 74 6f 5f 70 61 }..set ::auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74 th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 3a fo script]]]] $:
0100: 3a 61 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 :auto_path]..pac
0110: 6b 61 67 65 20 70 72 65 66 65 72 20 6c 61 74 65 kage prefer late
0120: 73 74 0a 70 61 63 6b 61 67 65 20 72 65 71 75 69 st.package requi
0130: 72 65 20 74 6c 73 0a 0a 23 20 43 6f 6e 73 74 72 re tls..# Constr
0140: 61 69 6e 74 73 0a 73 6f 75 72 63 65 20 5b 66 69 aints.source [fi
0150: 6c 65 20 6a 6f 69 6e 20 5b 66 69 6c 65 20 64 69 le join [file di
0160: 72 6e 61 6d 65 20 5b 69 6e 66 6f 20 73 63 72 69 rname [info scri
0170: 70 74 5d 5d 20 63 6f 6d 6d 6f 6e 2e 74 63 6c 5d pt]] common.tcl]
0180: 0a 0a 23 20 48 65 6c 70 65 72 20 66 75 6e 63 74 ..# Helper funct
0190: 69 6f 6e 73 0a 70 72 6f 63 20 62 61 64 73 73 6c ions.proc badssl
01a0: 20 7b 75 72 6c 7d 20 7b 73 65 74 20 70 6f 72 74 {url} {set port
01b0: 20 34 34 33 3b 6c 61 73 73 69 67 6e 20 5b 73 70 443;lassign [sp
01c0: 6c 69 74 20 24 75 72 6c 20 22 3a 22 5d 20 75 72 lit $url ":"] ur
01d0: 6c 20 70 6f 72 74 3b 69 66 20 7b 24 70 6f 72 74 l port;if {$port
01e0: 20 65 71 20 22 22 7d 20 7b 73 65 74 20 70 6f 72 eq ""} {set por
01f0: 74 20 34 34 33 7d 3b 73 65 74 20 63 6d 64 20 5b t 443};set cmd [
0200: 6c 69 73 74 20 74 6c 73 3a 3a 73 6f 63 6b 65 74 list tls::socket
0210: 20 2d 61 75 74 6f 73 65 72 76 65 72 6e 61 6d 65 -autoservername
0220: 20 31 20 2d 72 65 71 75 69 72 65 20 31 5d 3b 69 1 -require 1];i
0230: 66 20 7b 5b 69 6e 66 6f 20 65 78 69 73 74 73 20 f {[info exists
0240: 3a 3a 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46 ::env(SSL_CERT_F
0250: 49 4c 45 29 5d 7d 20 7b 6c 61 70 70 65 6e 64 20 ILE)]} {lappend
0260: 63 6d 64 20 2d 63 61 66 69 6c 65 20 24 3a 3a 65 cmd -cafile $::e
0270: 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45 nv(SSL_CERT_FILE
0280: 29 7d 3b 6c 61 70 70 65 6e 64 20 63 6d 64 20 24 )};lappend cmd $
0290: 75 72 6c 20 24 70 6f 72 74 3b 73 65 74 20 63 68 url $port;set ch
02a0: 20 5b 65 76 61 6c 20 24 63 6d 64 5d 3b 69 66 20 [eval $cmd];if
02b0: 7b 5b 63 61 74 63 68 20 7b 74 6c 73 3a 3a 68 61 {[catch {tls::ha
02c0: 6e 64 73 68 61 6b 65 20 24 63 68 7d 20 65 72 72 ndshake $ch} err
02d0: 5d 7d 20 7b 63 6c 6f 73 65 20 24 63 68 3b 72 65 ]} {close $ch;re
02e0: 74 75 72 6e 20 2d 63 6f 64 65 20 65 72 72 6f 72 turn -code error
02f0: 20 24 65 72 72 7d 20 65 6c 73 65 20 7b 63 6c 6f $err} else {clo
0300: 73 65 20 24 63 68 7d 7d 0a 0a 23 20 42 61 64 53 se $ch}}..# BadS
0310: 53 4c 2e 63 6f 6d 20 54 65 73 74 73 0a 0a 0a 74 SL.com Tests...t
0320: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 20 7b est BadSSL-1.1 {
0330: 31 30 30 30 20 73 61 6e 73 7d 20 2d 62 6f 64 79 1000 sans} -body
0340: 20 7b 0a 09 62 61 64 73 73 6c 20 31 30 30 30 2d {..badssl 1000-
0350: 73 61 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a sans.badssl.com.
0360: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
0370: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
0380: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
0390: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
03a0: 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68 o "certificate h
03b0: 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 as expired"} -re
03c0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
03d0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 20 7b est BadSSL-1.2 {
03e0: 31 30 30 30 30 20 73 61 6e 73 7d 20 2d 62 6f 64 10000 sans} -bod
03f0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 31 30 30 30 y {..badssl 1000
0400: 30 2d 73 61 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 0-sans.badssl.co
0410: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
0420: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
0430: 64 3a 20 65 78 63 65 73 73 69 76 65 20 6d 65 73 d: excessive mes
0440: 73 61 67 65 20 73 69 7a 65 7d 20 2d 72 65 74 75 sage size} -retu
0450: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
0460: 74 20 42 61 64 53 53 4c 2d 31 2e 33 20 7b 33 64 t BadSSL-1.3 {3d
0470: 65 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 es} -body {..bad
0480: 73 73 6c 20 33 64 65 73 2e 62 61 64 73 73 6c 2e ssl 3des.badssl.
0490: 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68 com. } -match
04a0: 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20 {glob} -result
04b0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
04c0: 64 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 73 d: * alert hands
04d0: 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 hake failure} -r
04e0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
04f0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20 test BadSSL-1.4
0500: 7b 63 61 70 74 69 76 65 20 70 6f 72 74 61 6c 7d {captive portal}
0510: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f -constraints {o
0520: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ld_api} -body {.
0530: 09 62 61 64 73 73 6c 20 63 61 70 74 69 76 65 2d .badssl captive-
0540: 70 6f 72 74 61 6c 2e 62 61 64 73 73 6c 2e 63 6f portal.badssl.co
0550: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
0560: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
0570: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
0580: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
0590: 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 to "Hostname mi
05a0: 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e smatch"} -return
05b0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
05c0: 42 61 64 53 53 4c 2d 31 2e 35 20 7b 63 61 70 74 BadSSL-1.5 {capt
05d0: 69 76 65 20 70 6f 72 74 61 6c 7d 20 2d 63 6f 6e ive portal} -con
05e0: 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 straints {new_ap
05f0: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
0600: 73 6c 20 63 61 70 74 69 76 65 2d 70 6f 72 74 61 sl captive-porta
0610: 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 l.badssl.com.
0620: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
0630: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
0640: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
0650: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
0660: 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 hostname mismatc
0670: 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 h"} -returnCodes
0680: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
0690: 4c 2d 31 2e 36 20 7b 63 62 63 7d 20 2d 62 6f 64 L-1.6 {cbc} -bod
06a0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 62 63 2e y {..badssl cbc.
06b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
06c0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
06d0: 37 20 7b 63 6c 69 65 6e 74 20 63 65 72 74 20 6d 7 {client cert m
06e0: 69 73 73 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a issing} -body {.
06f0: 09 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2d 63 .badssl client-c
0700: 65 72 74 2d 6d 69 73 73 69 6e 67 2e 62 61 64 73 ert-missing.bads
0710: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
0720: 73 74 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 63 st BadSSL-1.8 {c
0730: 6c 69 65 6e 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 lient} -body {..
0740: 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2e 62 61 badssl client.ba
0750: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
0760: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 39 20 test BadSSL-1.9
0770: 7b 64 68 20 63 6f 6d 70 6f 73 69 74 65 7d 20 2d {dh composite} -
0780: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 constraints {old
0790: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
07a0: 61 64 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69 adssl dh-composi
07b0: 74 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 te.badssl.com.
07c0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
07d0: 2d 31 2e 31 30 20 7b 64 68 20 63 6f 6d 70 6f 73 -1.10 {dh compos
07e0: 69 74 65 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 ite} -constraint
07f0: 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 s {new_api} -bod
0800: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 y {..badssl dh-c
0810: 6f 6d 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e omposite.badssl.
0820: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
0830: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
0840: 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 led: dh key too
0850: 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f small} -returnCo
0860: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
0870: 64 53 53 4c 2d 31 2e 31 31 20 7b 64 68 20 73 6d dSSL-1.11 {dh sm
0880: 61 6c 6c 20 73 75 62 67 72 6f 75 70 7d 20 2d 62 all subgroup} -b
0890: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 ody {..badssl dh
08a0: 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e -small-subgroup.
08b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
08c0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
08d0: 31 32 20 7b 64 68 34 38 30 7d 20 2d 63 6f 6e 73 12 {dh480} -cons
08e0: 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 traints {old_api
08f0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0900: 6c 20 64 68 34 38 30 2e 62 61 64 73 73 6c 2e 63 l dh480.badssl.c
0910: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
0920: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
0930: 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 ed: dh key too s
0940: 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 mall} -returnCod
0950: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
0960: 53 53 4c 2d 31 2e 31 33 20 7b 64 68 34 38 30 7d SSL-1.13 {dh480}
0970: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e -constraints {n
0980: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ew_api} -body {.
0990: 09 62 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61 .badssl dh480.ba
09a0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
09b0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
09c0: 65 20 66 61 69 6c 65 64 3a 20 6d 6f 64 75 6c 75 e failed: modulu
09d0: 73 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 s too small} -re
09e0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
09f0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 34 20 est BadSSL-1.14
0a00: 7b 64 68 35 31 32 7d 20 2d 63 6f 6e 73 74 72 61 {dh512} -constra
0a10: 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d ints {old_api} -
0a20: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 body {..badssl d
0a30: 68 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a h512.badssl.com.
0a40: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
0a50: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
0a60: 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 6c dh key too smal
0a70: 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 l} -returnCodes
0a80: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0a90: 2d 31 2e 31 35 20 7b 64 68 35 31 32 7d 20 2d 63 -1.15 {dh512} -c
0aa0: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6d 61 63 7d onstraints {mac}
0ab0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
0ac0: 20 64 68 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f dh512.badssl.co
0ad0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
0ae0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
0af0: 64 3a 20 75 6e 6b 6e 6f 77 6e 20 73 65 63 75 72 d: unknown secur
0b00: 69 74 79 20 62 69 74 73 7d 20 2d 72 65 74 75 72 ity bits} -retur
0b10: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
0b20: 20 42 61 64 53 53 4c 2d 31 2e 31 36 20 7b 64 68 BadSSL-1.16 {dh
0b30: 31 30 32 34 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 1024} -constrain
0b40: 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f ts {old_api} -bo
0b50: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 31 dy {..badssl dh1
0b60: 30 32 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 024.badssl.com.
0b70: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0b80: 4c 2d 31 2e 31 37 20 7b 64 68 31 30 32 34 7d 20 L-1.17 {dh1024}
0b90: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 -constraints {ne
0ba0: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 w_api} -body {..
0bb0: 62 61 64 73 73 6c 20 64 68 31 30 32 34 2e 62 61 badssl dh1024.ba
0bc0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
0bd0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
0be0: 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 e failed: dh key
0bf0: 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 too small} -ret
0c00: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
0c10: 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 38 20 7b st BadSSL-1.18 {
0c20: 64 68 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a dh2048} -body {.
0c30: 09 62 61 64 73 73 6c 20 64 68 32 30 34 38 2e 62 .badssl dh2048.b
0c40: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
0c50: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 .test BadSSL-1.1
0c60: 39 20 7b 64 73 64 74 65 73 74 70 72 6f 76 69 64 9 {dsdtestprovid
0c70: 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 er} -body {..bad
0c80: 73 73 6c 20 64 73 64 74 65 73 74 70 72 6f 76 69 ssl dsdtestprovi
0c90: 64 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 der.badssl.com.
0ca0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
0cb0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
0cc0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
0cd0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
0ce0: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 "unable to get
0cf0: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 local issuer cer
0d00: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 tificate"} -retu
0d10: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
0d20: 74 20 42 61 64 53 53 4c 2d 31 2e 32 30 20 7b 65 t BadSSL-1.20 {e
0d30: 63 63 32 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 cc256} -body {..
0d40: 62 61 64 73 73 6c 20 65 63 63 32 35 36 2e 62 61 badssl ecc256.ba
0d50: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
0d60: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 31 test BadSSL-1.21
0d70: 20 7b 65 63 63 33 38 34 7d 20 2d 62 6f 64 79 20 {ecc384} -body
0d80: 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 33 38 34 {..badssl ecc384
0d90: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0da0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0db0: 2e 32 32 20 7b 65 64 65 6c 6c 72 6f 6f 74 7d 20 .22 {edellroot}
0dc0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0dd0: 65 64 65 6c 6c 72 6f 6f 74 2e 62 61 64 73 73 6c edellroot.badssl
0de0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
0df0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
0e00: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
0e10: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
0e20: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 due to "unable t
0e30: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
0e40: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d er certificate"}
0e50: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
0e60: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0e70: 2e 32 33 20 7b 65 78 70 69 72 65 64 7d 20 2d 62 .23 {expired} -b
0e80: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 ody {..badssl ex
0e90: 70 69 72 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d pired.badssl.com
0ea0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0eb0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0ec0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
0ed0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
0ee0: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 to "certificate
0ef0: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 has expired"} -r
0f00: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
0f10: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 34 test BadSSL-1.24
0f20: 20 7b 65 78 74 65 6e 64 65 64 20 76 61 6c 69 64 {extended valid
0f30: 61 74 69 6f 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 ation} -body {..
0f40: 62 61 64 73 73 6c 20 65 78 74 65 6e 64 65 64 2d badssl extended-
0f50: 76 61 6c 69 64 61 74 69 6f 6e 2e 62 61 64 73 73 validation.badss
0f60: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
0f70: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
0f80: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
0f90: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
0fa0: 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 due to "certifi
0fb0: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 cate has expired
0fc0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
0fd0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0fe0: 2d 31 2e 32 35 20 7b 68 73 74 73 7d 20 2d 62 6f -1.25 {hsts} -bo
0ff0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 73 74 dy {..badssl hst
1000: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 s.badssl.com.
1010: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
1020: 31 2e 32 36 20 7b 68 74 74 70 73 20 65 76 65 72 1.26 {https ever
1030: 79 77 68 65 72 65 7d 20 2d 62 6f 64 79 20 7b 0a ywhere} -body {.
1040: 09 62 61 64 73 73 6c 20 68 74 74 70 73 2d 65 76 .badssl https-ev
1050: 65 72 79 77 68 65 72 65 2e 62 61 64 73 73 6c 2e erywhere.badssl.
1060: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
1070: 42 61 64 53 53 4c 2d 31 2e 32 37 20 7b 69 6e 63 BadSSL-1.27 {inc
1080: 6f 6d 70 6c 65 74 65 20 63 68 61 69 6e 7d 20 2d omplete chain} -
1090: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 69 body {..badssl i
10a0: 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 2e ncomplete-chain.
10b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
10c0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
10d0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
10e0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
10f0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e ailed due to "un
1100: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 able to get loca
1110: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 l issuer certifi
1120: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f cate"} -returnCo
1130: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1140: 64 53 53 4c 2d 31 2e 32 38 20 7b 69 6e 76 61 6c dSSL-1.28 {inval
1150: 69 64 20 65 78 70 65 63 74 65 64 20 73 63 74 7d id expected sct}
1160: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1170: 20 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65 invalid-expecte
1180: 64 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d d-sct.badssl.com
1190: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
11a0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
11b0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
11c0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
11d0: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 to "certificate
11e0: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 has expired"} -r
11f0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
1200: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 39 test BadSSL-1.29
1210: 20 7b 6c 6f 6e 67 20 65 78 74 65 6e 64 65 64 20 {long extended
1220: 73 75 62 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 63 subdomain name c
1230: 6f 6e 74 61 69 6e 69 6e 67 20 6d 61 6e 79 20 6c ontaining many l
1240: 65 74 74 65 72 73 20 61 6e 64 20 64 61 73 68 65 etters and dashe
1250: 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 s} -body {..bads
1260: 73 6c 20 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 sl long-extended
1270: 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d -subdomain-name-
1280: 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d containing-many-
1290: 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 letters-and-dash
12a0: 65 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 es.badssl.com.
12b0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
12c0: 2d 31 2e 33 30 20 7b 6c 6f 6e 67 65 78 74 65 6e -1.30 {longexten
12d0: 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 dedsubdomainname
12e0: 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f withoutdashesino
12f0: 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 rdertotestwordwr
1300: 61 70 70 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a apping} -body {.
1310: 09 62 61 64 73 73 6c 20 6c 6f 6e 67 65 78 74 65 .badssl longexte
1320: 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d ndedsubdomainnam
1330: 65 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e ewithoutdashesin
1340: 6f 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 ordertotestwordw
1350: 72 61 70 70 69 6e 67 2e 62 61 64 73 73 6c 2e 63 rapping.badssl.c
1360: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 om. }..test B
1370: 61 64 53 53 4c 2d 31 2e 33 31 20 7b 6d 69 74 6d adSSL-1.31 {mitm
1380: 20 73 6f 66 74 77 61 72 65 7d 20 2d 62 6f 64 79 software} -body
1390: 20 7b 0a 09 62 61 64 73 73 6c 20 6d 69 74 6d 2d {..badssl mitm-
13a0: 73 6f 66 74 77 61 72 65 2e 62 61 64 73 73 6c 2e software.badssl.
13b0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
13c0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
13d0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
13e0: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
13f0: 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f ue to "unable to
1400: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 get local issue
1410: 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 r certificate"}
1420: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1430: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1440: 33 32 20 7b 6e 6f 20 63 6f 6d 6d 6f 6e 20 6e 61 32 {no common na
1450: 6d 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 me} -body {..bad
1460: 73 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 ssl no-common-na
1470: 6d 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 me.badssl.com.
1480: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
1490: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
14a0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
14b0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
14c0: 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 "certificate has
14d0: 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 expired"} -retu
14e0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
14f0: 74 20 42 61 64 53 53 4c 2d 31 2e 33 33 20 7b 6e t BadSSL-1.33 {n
1500: 6f 20 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 o sct} -body {..
1510: 62 61 64 73 73 6c 20 6e 6f 2d 73 63 74 2e 62 61 badssl no-sct.ba
1520: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
1530: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
1540: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
1550: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
1560: 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 led due to "cert
1570: 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 ificate has expi
1580: 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 red"} -returnCod
1590: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
15a0: 53 53 4c 2d 31 2e 33 34 20 7b 6e 6f 20 73 75 62 SSL-1.34 {no sub
15b0: 6a 65 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 ject} -body {..b
15c0: 61 64 73 73 6c 20 6e 6f 2d 73 75 62 6a 65 63 74 adssl no-subject
15d0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
15e0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
15f0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1600: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1610: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
1620: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
1630: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
1640: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1650: 42 61 64 53 53 4c 2d 31 2e 33 35 20 7b 6e 75 6c BadSSL-1.35 {nul
1660: 6c 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 l} -body {..bads
1670: 73 6c 20 6e 75 6c 6c 2e 62 61 64 73 73 6c 2e 63 sl null.badssl.c
1680: 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68 20 om. } -match
1690: 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20 7b {glob} -result {
16a0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
16b0: 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 73 68 : * alert handsh
16c0: 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 ake failure} -re
16d0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
16e0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 36 20 est BadSSL-1.36
16f0: 7b 70 69 6e 6e 69 6e 67 20 74 65 73 74 7d 20 2d {pinning test} -
1700: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 70 body {..badssl p
1710: 69 6e 6e 69 6e 67 2d 74 65 73 74 2e 62 61 64 73 inning-test.bads
1720: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
1730: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 37 20 7b st BadSSL-1.37 {
1740: 70 72 65 61 63 74 20 63 6c 69 7d 20 2d 62 6f 64 preact cli} -bod
1750: 79 20 7b 0a 09 62 61 64 73 73 6c 20 70 72 65 61 y {..badssl prea
1760: 63 74 2d 63 6c 69 2e 62 61 64 73 73 6c 2e 63 6f ct-cli.badssl.co
1770: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
1780: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
1790: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
17a0: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
17b0: 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 to "unable to g
17c0: 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 et local issuer
17d0: 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 certificate"} -r
17e0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
17f0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 38 test BadSSL-1.38
1800: 20 7b 70 72 65 6c 6f 61 64 65 64 20 68 73 74 73 {preloaded hsts
1810: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
1820: 6c 20 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 l preloaded-hsts
1830: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1840: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1850: 2e 33 39 20 7b 72 63 34 20 6d 64 35 7d 20 2d 62 .39 {rc4 md5} -b
1860: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 63 ody {..badssl rc
1870: 34 2d 6d 64 35 2e 62 61 64 73 73 6c 2e 63 6f 6d 4-md5.badssl.com
1880: 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68 20 7b 67 . } -match {g
1890: 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 lob} -result {ha
18a0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
18b0: 2a 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61 6b * alert handshak
18c0: 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74 75 e failure} -retu
18d0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
18e0: 74 20 42 61 64 53 53 4c 2d 31 2e 34 30 20 7b 72 t BadSSL-1.40 {r
18f0: 63 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 c4} -body {..bad
1900: 73 73 6c 20 72 63 34 2e 62 61 64 73 73 6c 2e 63 ssl rc4.badssl.c
1910: 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68 20 om. } -match
1920: 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20 7b {glob} -result {
1930: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
1940: 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 73 68 : * alert handsh
1950: 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 ake failure} -re
1960: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
1970: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 31 20 est BadSSL-1.41
1980: 7b 72 65 76 6f 6b 65 64 7d 20 2d 62 6f 64 79 20 {revoked} -body
1990: 7b 0a 09 62 61 64 73 73 6c 20 72 65 76 6f 6b 65 {..badssl revoke
19a0: 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 d.badssl.com.
19b0: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
19c0: 31 2e 34 32 20 7b 72 73 61 32 30 34 38 7d 20 2d 1.42 {rsa2048} -
19d0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 body {..badssl r
19e0: 73 61 32 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f sa2048.badssl.co
19f0: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
1a00: 64 53 53 4c 2d 31 2e 34 33 20 7b 72 73 61 34 30 dSSL-1.43 {rsa40
1a10: 39 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 96} -body {..bad
1a20: 73 73 6c 20 72 73 61 34 30 39 36 2e 62 61 64 73 ssl rsa4096.bads
1a30: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
1a40: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 34 20 7b st BadSSL-1.44 {
1a50: 72 73 61 38 31 39 32 7d 20 2d 62 6f 64 79 20 7b rsa8192} -body {
1a60: 0a 09 62 61 64 73 73 6c 20 72 73 61 38 31 39 32 ..badssl rsa8192
1a70: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1a80: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1a90: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1aa0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1ab0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
1ac0: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
1ad0: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
1ae0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1af0: 42 61 64 53 53 4c 2d 31 2e 34 35 20 7b 73 65 6c BadSSL-1.45 {sel
1b00: 66 20 73 69 67 6e 65 64 7d 20 2d 63 6f 6e 73 74 f signed} -const
1b10: 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d raints {old_api}
1b20: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1b30: 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e 62 61 64 self-signed.bad
1b40: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
1b50: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
1b60: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
1b70: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
1b80: 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c 66 20 ed due to "self
1b90: 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 signed certifica
1ba0: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 te"} -returnCode
1bb0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
1bc0: 53 4c 2d 31 2e 34 36 20 7b 73 65 6c 66 20 73 69 SL-1.46 {self si
1bd0: 67 6e 65 64 7d 20 2d 63 6f 6e 73 74 72 61 69 6e gned} -constrain
1be0: 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f ts {new_api} -bo
1bf0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 65 6c dy {..badssl sel
1c00: 66 2d 73 69 67 6e 65 64 2e 62 61 64 73 73 6c 2e f-signed.badssl.
1c10: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1c20: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1c30: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1c40: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1c50: 75 65 20 74 6f 20 22 73 65 6c 66 2d 73 69 67 6e ue to "self-sign
1c60: 65 64 20 63 65 72 74 69 66 69 63 61 74 65 22 7d ed certificate"}
1c70: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1c80: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1c90: 2e 34 37 20 7b 73 68 61 31 20 32 30 31 36 7d 20 .47 {sha1 2016}
1ca0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
1cb0: 73 68 61 31 2d 32 30 31 36 2e 62 61 64 73 73 6c sha1-2016.badssl
1cc0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
1cd0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
1ce0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
1cf0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
1d00: 64 75 65 20 74 6f 20 22 43 41 20 73 69 67 6e 61 due to "CA signa
1d10: 74 75 72 65 20 64 69 67 65 73 74 20 61 6c 67 6f ture digest algo
1d20: 72 69 74 68 6d 20 74 6f 6f 20 77 65 61 6b 22 7d rithm too weak"}
1d30: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1d40: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1d50: 2e 34 38 20 7b 73 68 61 31 20 32 30 31 37 7d 20 .48 {sha1 2017}
1d60: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c -constraints {ol
1d70: 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 d_api} -body {..
1d80: 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 37 badssl sha1-2017
1d90: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1da0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1db0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1dc0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1dd0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
1de0: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
1df0: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
1e00: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1e10: 42 61 64 53 53 4c 2d 31 2e 34 39 20 7b 73 68 61 BadSSL-1.49 {sha
1e20: 31 20 32 30 31 37 7d 20 2d 63 6f 6e 73 74 72 61 1 2017} -constra
1e30: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
1e40: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1e50: 68 61 31 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e ha1-2017.badssl.
1e60: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1e70: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1e80: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1e90: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1ea0: 75 65 20 74 6f 20 22 43 41 20 73 69 67 6e 61 74 ue to "CA signat
1eb0: 75 72 65 20 64 69 67 65 73 74 20 61 6c 67 6f 72 ure digest algor
1ec0: 69 74 68 6d 20 74 6f 6f 20 77 65 61 6b 22 7d 20 ithm too weak"}
1ed0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1ee0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1ef0: 35 30 20 7b 73 68 61 31 20 69 6e 74 65 72 6d 65 50 {sha1 interme
1f00: 64 69 61 74 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 diate} -body {..
1f10: 62 61 64 73 73 6c 20 73 68 61 31 2d 69 6e 74 65 badssl sha1-inte
1f20: 72 6d 65 64 69 61 74 65 2e 62 61 64 73 73 6c 2e rmediate.badssl.
1f30: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1f40: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1f50: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1f60: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1f70: 75 65 20 74 6f 20 22 43 41 20 73 69 67 6e 61 74 ue to "CA signat
1f80: 75 72 65 20 64 69 67 65 73 74 20 61 6c 67 6f 72 ure digest algor
1f90: 69 74 68 6d 20 74 6f 6f 20 77 65 61 6b 22 7d 20 ithm too weak"}
1fa0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1fb0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1fc0: 35 31 20 7b 73 68 61 32 35 36 7d 20 2d 62 6f 64 51 {sha256} -bod
1fd0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 32 y {..badssl sha2
1fe0: 35 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 56.badssl.com.
1ff0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
2000: 2d 31 2e 35 32 20 7b 73 68 61 33 38 34 7d 20 2d -1.52 {sha384} -
2010: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
2020: 68 61 33 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d ha384.badssl.com
2030: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
2040: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
2050: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
2060: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
2070: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 to "certificate
2080: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 has expired"} -r
2090: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
20a0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 33 test BadSSL-1.53
20b0: 20 7b 73 68 61 35 31 32 7d 20 2d 62 6f 64 79 20 {sha512} -body
20c0: 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 35 31 32 {..badssl sha512
20d0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
20e0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
20f0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
2100: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
2110: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
2120: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
2130: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
2140: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
2150: 42 61 64 53 53 4c 2d 31 2e 35 34 20 7b 73 74 61 BadSSL-1.54 {sta
2160: 74 69 63 20 72 73 61 7d 20 2d 62 6f 64 79 20 7b tic rsa} -body {
2170: 0a 09 62 61 64 73 73 6c 20 73 74 61 74 69 63 2d ..badssl static-
2180: 72 73 61 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 rsa.badssl.com.
2190: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
21a0: 4c 2d 31 2e 35 35 20 7b 73 75 62 64 6f 6d 61 69 L-1.55 {subdomai
21b0: 6e 2e 70 72 65 6c 6f 61 64 65 64 20 68 73 74 73 n.preloaded hsts
21c0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
21d0: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
21e0: 0a 09 62 61 64 73 73 6c 20 73 75 62 64 6f 6d 61 ..badssl subdoma
21f0: 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 in.preloaded-hst
2200: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 s.badssl.com.
2210: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
2220: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
2230: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
2240: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
2250: 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 Hostname mismatc
2260: 68 22 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c h"}..test BadSSL
2270: 2d 31 2e 35 36 20 7b 73 75 62 64 6f 6d 61 69 6e -1.56 {subdomain
2280: 2e 70 72 65 6c 6f 61 64 65 64 20 68 73 74 73 7d .preloaded hsts}
2290: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e -constraints {n
22a0: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ew_api} -body {.
22b0: 09 62 61 64 73 73 6c 20 73 75 62 64 6f 6d 61 69 .badssl subdomai
22c0: 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 n.preloaded-hsts
22d0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
22e0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
22f0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
2300: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
2310: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 68 failed due to "h
2320: 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 ostname mismatch
2330: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
2340: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
2350: 2d 31 2e 35 37 20 7b 73 75 70 65 72 66 69 73 68 -1.57 {superfish
2360: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2370: 6c 20 73 75 70 65 72 66 69 73 68 2e 62 61 64 73 l superfish.bads
2380: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
2390: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
23a0: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 failed: certific
23b0: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 ate verify faile
23c0: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 d due to "unable
23d0: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 to get local is
23e0: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 suer certificate
23f0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
2400: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
2410: 2d 31 2e 35 38 20 7b 74 6c 73 20 76 31 20 30 3a -1.58 {tls v1 0:
2420: 31 30 31 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 1010} -constrain
2430: 74 73 20 7b 74 6c 73 31 20 6f 6c 64 5f 61 70 69 ts {tls1 old_api
2440: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2450: 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 61 64 73 73 l tls-v1-0.badss
2460: 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 20 20 20 7d l.com:1010. }
2470: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
2480: 35 39 20 7b 74 6c 73 20 76 31 20 30 3a 31 30 31 59 {tls v1 0:101
2490: 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 0} -constraints
24a0: 7b 74 6c 73 31 20 6e 65 77 5f 61 70 69 7d 20 2d {tls1 new_api} -
24b0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74 body {..badssl t
24c0: 6c 73 2d 76 31 2d 30 2e 62 61 64 73 73 6c 2e 63 ls-v1-0.badssl.c
24d0: 6f 6d 3a 31 30 31 30 0a 20 20 20 20 7d 20 2d 72 om:1010. } -r
24e0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
24f0: 20 66 61 69 6c 65 64 3a 20 75 6e 73 75 70 70 6f failed: unsuppo
2500: 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 7d 20 2d rted protocol} -
2510: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
2520: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 .test BadSSL-1.6
2530: 30 20 7b 74 6c 73 20 76 31 20 31 3a 31 30 31 31 0 {tls v1 1:1011
2540: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
2550: 74 6c 73 31 2e 31 20 6f 6c 64 5f 61 70 69 7d 20 tls1.1 old_api}
2560: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
2570: 74 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 6c 2e tls-v1-1.badssl.
2580: 63 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d 0a 0a com:1011. }..
2590: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 31 test BadSSL-1.61
25a0: 20 7b 74 6c 73 20 76 31 20 31 3a 31 30 31 31 7d {tls v1 1:1011}
25b0: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 -constraints {t
25c0: 6c 73 31 2e 31 20 6e 65 77 5f 61 70 69 7d 20 2d ls1.1 new_api} -
25d0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74 body {..badssl t
25e0: 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 6c 2e 63 ls-v1-1.badssl.c
25f0: 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d 20 2d 72 om:1011. } -r
2600: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
2610: 20 66 61 69 6c 65 64 3a 20 75 6e 73 75 70 70 6f failed: unsuppo
2620: 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 7d 20 2d rted protocol} -
2630: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
2640: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 .test BadSSL-1.6
2650: 32 20 7b 74 6c 73 20 76 31 20 32 3a 31 30 31 32 2 {tls v1 2:1012
2660: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
2670: 74 6c 73 31 2e 32 7d 20 2d 62 6f 64 79 20 7b 0a tls1.2} -body {.
2680: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 32 .badssl tls-v1-2
2690: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 32 .badssl.com:1012
26a0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
26b0: 53 53 4c 2d 31 2e 36 33 20 7b 75 6e 74 72 75 73 SSL-1.63 {untrus
26c0: 74 65 64 20 72 6f 6f 74 7d 20 2d 63 6f 6e 73 74 ted root} -const
26d0: 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d raints {old_api}
26e0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
26f0: 20 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 2e untrusted-root.
2700: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
2710: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
2720: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
2730: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
2740: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 ailed due to "se
2750: 6c 66 20 73 69 67 6e 65 64 20 63 65 72 74 69 66 lf signed certif
2760: 69 63 61 74 65 20 69 6e 20 63 65 72 74 69 66 69 icate in certifi
2770: 63 61 74 65 20 63 68 61 69 6e 22 7d 20 2d 72 65 cate chain"} -re
2780: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
2790: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 34 20 est BadSSL-1.64
27a0: 7b 75 6e 74 72 75 73 74 65 64 20 72 6f 6f 74 7d {untrusted root}
27b0: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e -constraints {n
27c0: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ew_api} -body {.
27d0: 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74 65 .badssl untruste
27e0: 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63 6f d-root.badssl.co
27f0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
2800: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
2810: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
2820: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
2830: 20 74 6f 20 22 73 65 6c 66 2d 73 69 67 6e 65 64 to "self-signed
2840: 20 63 65 72 74 69 66 69 63 61 74 65 20 69 6e 20 certificate in
2850: 63 65 72 74 69 66 69 63 61 74 65 20 63 68 61 69 certificate chai
2860: 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 n"} -returnCodes
2870: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
2880: 4c 2d 31 2e 36 35 20 7b 75 70 67 72 61 64 65 7d L-1.65 {upgrade}
2890: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
28a0: 20 75 70 67 72 61 64 65 2e 62 61 64 73 73 6c 2e upgrade.badssl.
28b0: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
28c0: 42 61 64 53 53 4c 2d 31 2e 36 36 20 7b 77 65 62 BadSSL-1.66 {web
28d0: 70 61 63 6b 20 64 65 76 20 73 65 72 76 65 72 7d pack dev server}
28e0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
28f0: 20 77 65 62 70 61 63 6b 2d 64 65 76 2d 73 65 72 webpack-dev-ser
2900: 76 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ver.badssl.com.
2910: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2920: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2930: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
2940: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
2950: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 "unable to get
2960: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 local issuer cer
2970: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 tificate"} -retu
2980: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
2990: 74 20 42 61 64 53 53 4c 2d 31 2e 36 37 20 7b 77 t BadSSL-1.67 {w
29a0: 72 6f 6e 67 2e 68 6f 73 74 7d 20 2d 63 6f 6e 73 rong.host} -cons
29b0: 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 traints {old_api
29c0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
29d0: 6c 20 77 72 6f 6e 67 2e 68 6f 73 74 2e 62 61 64 l wrong.host.bad
29e0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
29f0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
2a00: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
2a10: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
2a20: 65 64 20 64 75 65 20 74 6f 20 22 48 6f 73 74 6e ed due to "Hostn
2a30: 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 7d 20 2d ame mismatch"} -
2a40: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
2a50: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 .test BadSSL-1.6
2a60: 38 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 7d 20 2d 8 {wrong.host} -
2a70: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 constraints {new
2a80: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
2a90: 61 64 73 73 6c 20 77 72 6f 6e 67 2e 68 6f 73 74 adssl wrong.host
2aa0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
2ab0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
2ac0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
2ad0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
2ae0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 68 failed due to "h
2af0: 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 ostname mismatch
2b00: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
2b10: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
2b20: 2d 31 2e 36 39 20 7b 6d 6f 7a 69 6c 6c 61 20 6d -1.69 {mozilla m
2b30: 6f 64 65 72 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 odern} -body {..
2b40: 62 61 64 73 73 6c 20 6d 6f 7a 69 6c 6c 61 2d 6d badssl mozilla-m
2b50: 6f 64 65 72 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d odern.badssl.com
2b60: 0a 20 20 20 20 7d 0a 0a 23 20 43 6c 65 61 6e 75 . }..# Cleanu
2b70: 70 0a 3a 3a 74 63 6c 74 65 73 74 3a 3a 63 6c 65 p.::tcltest::cle
2b80: 61 6e 75 70 54 65 73 74 73 0a 72 65 74 75 72 6e anupTests.return
2b90: 0a .