Artifact
4b748d171ae94230ad389633f94ebfbb5e9d524b734d21cdc50e9b619aecc505:
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64 # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20 test cases for
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68 age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61 == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61 *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74 th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61 fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61 uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a ge require tls..
0120: 23 20 43 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f # Constraints.so
0130: 75 72 63 65 20 5b 66 69 6c 65 20 6a 6f 69 6e 20 urce [file join
0140: 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 [file dirname [i
0150: 6e 66 6f 20 73 63 72 69 70 74 5d 5d 20 63 6f 6d nfo script]] com
0160: 6d 6f 6e 2e 74 63 6c 5d 0a 0a 23 20 48 65 6c 70 mon.tcl]..# Help
0170: 65 72 20 66 75 6e 63 74 69 6f 6e 73 0a 70 72 6f er functions.pro
0180: 63 20 62 61 64 73 73 6c 20 7b 75 72 6c 7d 20 7b c badssl {url} {
0190: 73 65 74 20 70 6f 72 74 20 34 34 33 3b 6c 61 73 set port 443;las
01a0: 73 69 67 6e 20 5b 73 70 6c 69 74 20 24 75 72 6c sign [split $url
01b0: 20 22 3a 22 5d 20 75 72 6c 20 70 6f 72 74 3b 69 ":"] url port;i
01c0: 66 20 7b 24 70 6f 72 74 20 65 71 20 22 22 7d 20 f {$port eq ""}
01d0: 7b 73 65 74 20 70 6f 72 74 20 34 34 33 7d 3b 73 {set port 443};s
01e0: 65 74 20 63 6d 64 20 5b 6c 69 73 74 20 74 6c 73 et cmd [list tls
01f0: 3a 3a 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73 65 ::socket -autose
0200: 72 76 65 72 6e 61 6d 65 20 31 20 2d 72 65 71 75 rvername 1 -requ
0210: 69 72 65 20 31 5d 3b 69 66 20 7b 5b 69 6e 66 6f ire 1];if {[info
0220: 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28 53 53 exists ::env(SS
0230: 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d 20 7b L_CERT_FILE)]} {
0240: 6c 61 70 70 65 6e 64 20 63 6d 64 20 2d 63 61 66 lappend cmd -caf
0250: 69 6c 65 20 24 3a 3a 65 6e 76 28 53 53 4c 5f 43 ile $::env(SSL_C
0260: 45 52 54 5f 46 49 4c 45 29 7d 3b 6c 61 70 70 65 ERT_FILE)};lappe
0270: 6e 64 20 63 6d 64 20 24 75 72 6c 20 24 70 6f 72 nd cmd $url $por
0280: 74 3b 73 65 74 20 63 68 20 5b 65 76 61 6c 20 24 t;set ch [eval $
0290: 63 6d 64 5d 3b 69 66 20 7b 5b 63 61 74 63 68 20 cmd];if {[catch
02a0: 7b 74 6c 73 3a 3a 68 61 6e 64 73 68 61 6b 65 20 {tls::handshake
02b0: 24 63 68 7d 20 65 72 72 5d 7d 20 7b 63 6c 6f 73 $ch} err]} {clos
02c0: 65 20 24 63 68 3b 72 65 74 75 72 6e 20 2d 63 6f e $ch;return -co
02d0: 64 65 20 65 72 72 6f 72 20 24 65 72 72 7d 20 65 de error $err} e
02e0: 6c 73 65 20 7b 63 6c 6f 73 65 20 24 63 68 7d 7d lse {close $ch}}
02f0: 0a 0a 23 20 42 61 64 53 53 4c 2e 63 6f 6d 20 54 ..# BadSSL.com T
0300: 65 73 74 73 0a 0a 0a 74 65 73 74 20 42 61 64 53 ests...test BadS
0310: 53 4c 2d 31 2e 31 20 7b 31 30 30 30 2d 73 61 6e SL-1.1 {1000-san
0320: 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 s} -body {..bads
0330: 73 6c 20 31 30 30 30 2d 73 61 6e 73 2e 62 61 64 sl 1000-sans.bad
0340: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0350: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0360: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
0370: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
0380: 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 ed due to "certi
0390: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 ficate has expir
03a0: 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ed"} -returnCode
03b0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
03c0: 53 4c 2d 31 2e 32 20 7b 31 30 30 30 30 2d 73 61 SL-1.2 {10000-sa
03d0: 6e 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ns} -body {..bad
03e0: 73 73 6c 20 31 30 30 30 30 2d 73 61 6e 73 2e 62 ssl 10000-sans.b
03f0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
0400: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
0410: 6b 65 20 66 61 69 6c 65 64 3a 20 65 78 63 65 73 ke failed: exces
0420: 73 69 76 65 20 6d 65 73 73 61 67 65 20 73 69 7a sive message siz
0430: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
0440: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0450: 2d 31 2e 33 20 7b 33 64 65 73 7d 20 2d 62 6f 64 -1.3 {3des} -bod
0460: 79 20 7b 0a 09 62 61 64 73 73 6c 20 33 64 65 73 y {..badssl 3des
0470: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0480: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
0490: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c hake failed: ssl
04a0: 76 33 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61 v3 alert handsha
04b0: 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74 ke failure} -ret
04c0: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
04d0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20 7b 63 st BadSSL-1.4 {c
04e0: 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 7d 20 2d aptive-portal} -
04f0: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 constraints {old
0500: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
0510: 61 64 73 73 6c 20 63 61 70 74 69 76 65 2d 70 6f adssl captive-po
0520: 72 74 61 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a rtal.badssl.com.
0530: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
0540: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
0550: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
0560: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
0570: 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d o "Hostname mism
0580: 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f atch"} -returnCo
0590: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
05a0: 64 53 53 4c 2d 31 2e 35 20 7b 63 61 70 74 69 76 dSSL-1.5 {captiv
05b0: 65 2d 70 6f 72 74 61 6c 7d 20 2d 63 6f 6e 73 74 e-portal} -const
05c0: 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d raints {new_api}
05d0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
05e0: 20 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 2e captive-portal.
05f0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0600: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
0610: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
0620: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
0630: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 68 6f ailed due to "ho
0640: 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 stname mismatch"
0650: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
0660: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
0670: 31 2e 36 20 7b 63 62 63 7d 20 2d 62 6f 64 79 20 1.6 {cbc} -body
0680: 7b 0a 09 62 61 64 73 73 6c 20 63 62 63 2e 62 61 {..badssl cbc.ba
0690: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
06a0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 37 20 test BadSSL-1.7
06b0: 7b 63 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 69 73 {client-cert-mis
06c0: 73 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 sing} -body {..b
06d0: 61 64 73 73 6c 20 63 6c 69 65 6e 74 2d 63 65 72 adssl client-cer
06e0: 74 2d 6d 69 73 73 69 6e 67 2e 62 61 64 73 73 6c t-missing.badssl
06f0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
0700: 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 63 6c 69 BadSSL-1.8 {cli
0710: 65 6e 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 ent} -body {..ba
0720: 64 73 73 6c 20 63 6c 69 65 6e 74 2e 62 61 64 73 dssl client.bads
0730: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
0740: 73 74 20 42 61 64 53 53 4c 2d 31 2e 39 20 7b 64 st BadSSL-1.9 {d
0750: 68 2d 63 6f 6d 70 6f 73 69 74 65 7d 20 2d 63 6f h-composite} -co
0760: 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 nstraints {old_a
0770: 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 pi} -body {..bad
0780: 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69 74 65 ssl dh-composite
0790: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
07a0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
07b0: 2e 31 30 20 7b 64 68 2d 63 6f 6d 70 6f 73 69 74 .10 {dh-composit
07c0: 65 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 e} -constraints
07d0: 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 {new_api} -body
07e0: 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 6f 6d {..badssl dh-com
07f0: 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e 63 6f posite.badssl.co
0800: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
0810: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
0820: 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d d: dh key too sm
0830: 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 all} -returnCode
0840: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
0850: 53 4c 2d 31 2e 31 31 20 7b 64 68 2d 73 6d 61 6c SL-1.11 {dh-smal
0860: 6c 2d 73 75 62 67 72 6f 75 70 7d 20 2d 62 6f 64 l-subgroup} -bod
0870: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 73 y {..badssl dh-s
0880: 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e 62 61 mall-subgroup.ba
0890: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
08a0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 32 test BadSSL-1.12
08b0: 20 7b 64 68 34 38 30 7d 20 2d 63 6f 6e 73 74 72 {dh480} -constr
08c0: 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 aints {old_api}
08d0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
08e0: 64 68 34 38 30 2e 62 61 64 73 73 6c 2e 63 6f 6d dh480.badssl.com
08f0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0900: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0910: 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 : dh key too sma
0920: 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 ll} -returnCodes
0930: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
0940: 4c 2d 31 2e 31 33 20 7b 64 68 34 38 30 7d 20 2d L-1.13 {dh480} -
0950: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 constraints {new
0960: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
0970: 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61 64 73 adssl dh480.bads
0980: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
0990: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
09a0: 66 61 69 6c 65 64 3a 20 6d 6f 64 75 6c 75 73 20 failed: modulus
09b0: 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 too small} -retu
09c0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
09d0: 74 20 42 61 64 53 53 4c 2d 31 2e 31 34 20 7b 64 t BadSSL-1.14 {d
09e0: 68 35 31 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 h512} -body {..b
09f0: 61 64 73 73 6c 20 64 68 35 31 32 2e 62 61 64 73 adssl dh512.bads
0a00: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
0a10: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
0a20: 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 failed: dh key t
0a30: 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 oo small} -retur
0a40: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
0a50: 20 42 61 64 53 53 4c 2d 31 2e 31 35 20 7b 64 68 BadSSL-1.15 {dh
0a60: 31 30 32 34 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 1024} -constrain
0a70: 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f ts {old_api} -bo
0a80: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 31 dy {..badssl dh1
0a90: 30 32 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 024.badssl.com.
0aa0: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0ab0: 4c 2d 31 2e 31 36 20 7b 64 68 31 30 32 34 7d 20 L-1.16 {dh1024}
0ac0: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 -constraints {ne
0ad0: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 w_api} -body {..
0ae0: 62 61 64 73 73 6c 20 64 68 31 30 32 34 2e 62 61 badssl dh1024.ba
0af0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
0b00: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
0b10: 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 e failed: dh key
0b20: 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 too small} -ret
0b30: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
0b40: 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 37 20 7b st BadSSL-1.17 {
0b50: 64 68 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a dh2048} -body {.
0b60: 09 62 61 64 73 73 6c 20 64 68 32 30 34 38 2e 62 .badssl dh2048.b
0b70: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
0b80: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 .test BadSSL-1.1
0b90: 38 20 7b 64 73 64 74 65 73 74 70 72 6f 76 69 64 8 {dsdtestprovid
0ba0: 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 er} -body {..bad
0bb0: 73 73 6c 20 64 73 64 74 65 73 74 70 72 6f 76 69 ssl dsdtestprovi
0bc0: 64 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 der.badssl.com.
0bd0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
0be0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
0bf0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
0c00: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
0c10: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 "unable to get
0c20: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 local issuer cer
0c30: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 tificate"} -retu
0c40: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
0c50: 74 20 42 61 64 53 53 4c 2d 31 2e 31 39 20 7b 65 t BadSSL-1.19 {e
0c60: 63 63 32 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 cc256} -body {..
0c70: 62 61 64 73 73 6c 20 65 63 63 32 35 36 2e 62 61 badssl ecc256.ba
0c80: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
0c90: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 30 test BadSSL-1.20
0ca0: 20 7b 65 63 63 33 38 34 7d 20 2d 62 6f 64 79 20 {ecc384} -body
0cb0: 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 33 38 34 {..badssl ecc384
0cc0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0cd0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0ce0: 2e 32 31 20 7b 65 64 65 6c 6c 72 6f 6f 74 7d 20 .21 {edellroot}
0cf0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0d00: 65 64 65 6c 6c 72 6f 6f 74 2e 62 61 64 73 73 6c edellroot.badssl
0d10: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
0d20: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
0d30: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
0d40: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
0d50: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 due to "unable t
0d60: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
0d70: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d er certificate"}
0d80: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
0d90: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0da0: 2e 32 32 20 7b 65 78 70 69 72 65 64 7d 20 2d 62 .22 {expired} -b
0db0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 ody {..badssl ex
0dc0: 70 69 72 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d pired.badssl.com
0dd0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0de0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0df0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
0e00: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
0e10: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 to "certificate
0e20: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 has expired"} -r
0e30: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
0e40: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 33 test BadSSL-1.23
0e50: 20 7b 65 78 74 65 6e 64 65 64 2d 76 61 6c 69 64 {extended-valid
0e60: 61 74 69 6f 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 ation} -body {..
0e70: 62 61 64 73 73 6c 20 65 78 74 65 6e 64 65 64 2d badssl extended-
0e80: 76 61 6c 69 64 61 74 69 6f 6e 2e 62 61 64 73 73 validation.badss
0e90: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
0ea0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
0eb0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
0ec0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
0ed0: 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 due to "certifi
0ee0: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 cate has expired
0ef0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
0f00: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0f10: 2d 31 2e 32 34 20 7b 68 73 74 73 7d 20 2d 62 6f -1.24 {hsts} -bo
0f20: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 73 74 dy {..badssl hst
0f30: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 s.badssl.com.
0f40: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
0f50: 31 2e 32 35 20 7b 68 74 74 70 73 2d 65 76 65 72 1.25 {https-ever
0f60: 79 77 68 65 72 65 7d 20 2d 62 6f 64 79 20 7b 0a ywhere} -body {.
0f70: 09 62 61 64 73 73 6c 20 68 74 74 70 73 2d 65 76 .badssl https-ev
0f80: 65 72 79 77 68 65 72 65 2e 62 61 64 73 73 6c 2e erywhere.badssl.
0f90: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
0fa0: 42 61 64 53 53 4c 2d 31 2e 32 36 20 7b 69 6e 63 BadSSL-1.26 {inc
0fb0: 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 7d 20 2d omplete-chain} -
0fc0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 69 body {..badssl i
0fd0: 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 2e ncomplete-chain.
0fe0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0ff0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
1000: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
1010: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
1020: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e ailed due to "un
1030: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 able to get loca
1040: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 l issuer certifi
1050: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f cate"} -returnCo
1060: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1070: 64 53 53 4c 2d 31 2e 32 37 20 7b 69 6e 76 61 6c dSSL-1.27 {inval
1080: 69 64 2d 65 78 70 65 63 74 65 64 2d 73 63 74 7d id-expected-sct}
1090: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
10a0: 20 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65 invalid-expecte
10b0: 64 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d d-sct.badssl.com
10c0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
10d0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
10e0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
10f0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
1100: 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 to "unable to ge
1110: 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 t local issuer c
1120: 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 ertificate"} -re
1130: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
1140: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 38 20 est BadSSL-1.28
1150: 7b 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d 73 {long-extended-s
1160: 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63 6f ubdomain-name-co
1170: 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c 65 ntaining-many-le
1180: 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 65 73 tters-and-dashes
1190: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
11a0: 6c 20 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d l long-extended-
11b0: 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63 subdomain-name-c
11c0: 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c ontaining-many-l
11d0: 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 65 etters-and-dashe
11e0: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 s.badssl.com.
11f0: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
1200: 31 2e 32 39 20 7b 6c 6f 6e 67 65 78 74 65 6e 64 1.29 {longextend
1210: 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 77 edsubdomainnamew
1220: 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f 72 ithoutdashesinor
1230: 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 61 dertotestwordwra
1240: 70 70 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 pping} -body {..
1250: 62 61 64 73 73 6c 20 6c 6f 6e 67 65 78 74 65 6e badssl longexten
1260: 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 dedsubdomainname
1270: 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f withoutdashesino
1280: 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 rdertotestwordwr
1290: 61 70 70 69 6e 67 2e 62 61 64 73 73 6c 2e 63 6f apping.badssl.co
12a0: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
12b0: 64 53 53 4c 2d 31 2e 33 30 20 7b 6d 69 74 6d 2d dSSL-1.30 {mitm-
12c0: 73 6f 66 74 77 61 72 65 7d 20 2d 62 6f 64 79 20 software} -body
12d0: 7b 0a 09 62 61 64 73 73 6c 20 6d 69 74 6d 2d 73 {..badssl mitm-s
12e0: 6f 66 74 77 61 72 65 2e 62 61 64 73 73 6c 2e 63 oftware.badssl.c
12f0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
1300: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
1310: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
1320: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
1330: 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 e to "unable to
1340: 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 get local issuer
1350: 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d certificate"} -
1360: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1370: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 .test BadSSL-1.3
1380: 31 20 7b 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d 1 {no-common-nam
1390: 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 e} -body {..bads
13a0: 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d sl no-common-nam
13b0: 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 e.badssl.com.
13c0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
13d0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
13e0: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
13f0: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
1400: 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 certificate has
1410: 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 expired"} -retur
1420: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
1430: 20 42 61 64 53 53 4c 2d 31 2e 33 32 20 7b 6e 6f BadSSL-1.32 {no
1440: 2d 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 -sct} -body {..b
1450: 61 64 73 73 6c 20 6e 6f 2d 73 63 74 2e 62 61 64 adssl no-sct.bad
1460: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
1470: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
1480: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
1490: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
14a0: 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c ed due to "unabl
14b0: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 e to get local i
14c0: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 ssuer certificat
14d0: 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 e"} -returnCodes
14e0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
14f0: 4c 2d 31 2e 33 33 20 7b 6e 6f 2d 73 75 62 6a 65 L-1.33 {no-subje
1500: 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ct} -body {..bad
1510: 73 73 6c 20 6e 6f 2d 73 75 62 6a 65 63 74 2e 62 ssl no-subject.b
1520: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
1530: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
1540: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
1550: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
1560: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 iled due to "cer
1570: 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 tificate has exp
1580: 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f ired"} -returnCo
1590: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
15a0: 64 53 53 4c 2d 31 2e 33 34 20 7b 6e 75 6c 6c 7d dSSL-1.34 {null}
15b0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
15c0: 20 6e 75 6c 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d null.badssl.com
15d0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
15e0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
15f0: 3a 20 73 73 6c 76 33 20 61 6c 65 72 74 20 68 61 : sslv3 alert ha
1600: 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d ndshake failure}
1610: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1620: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1630: 2e 33 35 20 7b 70 69 6e 6e 69 6e 67 2d 74 65 73 .35 {pinning-tes
1640: 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 t} -body {..bads
1650: 73 6c 20 70 69 6e 6e 69 6e 67 2d 74 65 73 74 2e sl pinning-test.
1660: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
1670: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1680: 33 36 20 7b 70 72 65 61 63 74 2d 63 6c 69 7d 20 36 {preact-cli}
1690: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
16a0: 70 72 65 61 63 74 2d 63 6c 69 2e 62 61 64 73 73 preact-cli.badss
16b0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
16c0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
16d0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
16e0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
16f0: 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 due to "unable
1700: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 to get local iss
1710: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 uer certificate"
1720: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
1730: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
1740: 31 2e 33 37 20 7b 70 72 65 6c 6f 61 64 65 64 2d 1.37 {preloaded-
1750: 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 hsts} -body {..b
1760: 61 64 73 73 6c 20 70 72 65 6c 6f 61 64 65 64 2d adssl preloaded-
1770: 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a hsts.badssl.com.
1780: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
1790: 53 4c 2d 31 2e 33 38 20 7b 72 63 34 2d 6d 64 35 SL-1.38 {rc4-md5
17a0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
17b0: 6c 20 72 63 34 2d 6d 64 35 2e 62 61 64 73 73 6c l rc4-md5.badssl
17c0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
17d0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
17e0: 69 6c 65 64 3a 20 73 73 6c 76 33 20 61 6c 65 72 iled: sslv3 aler
17f0: 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c t handshake fail
1800: 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ure} -returnCode
1810: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
1820: 53 4c 2d 31 2e 33 39 20 7b 72 63 34 7d 20 2d 62 SL-1.39 {rc4} -b
1830: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 63 ody {..badssl rc
1840: 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 4.badssl.com.
1850: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
1860: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 shake failed: ss
1870: 6c 76 33 20 61 6c 65 72 74 20 68 61 6e 64 73 68 lv3 alert handsh
1880: 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 ake failure} -re
1890: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
18a0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 30 20 est BadSSL-1.40
18b0: 7b 72 65 76 6f 6b 65 64 7d 20 2d 62 6f 64 79 20 {revoked} -body
18c0: 7b 0a 09 62 61 64 73 73 6c 20 72 65 76 6f 6b 65 {..badssl revoke
18d0: 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 d.badssl.com.
18e0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
18f0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
1900: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
1910: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
1920: 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 certificate has
1930: 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 expired"} -retur
1940: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
1950: 20 42 61 64 53 53 4c 2d 31 2e 34 31 20 7b 72 73 BadSSL-1.41 {rs
1960: 61 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a 09 a2048} -body {..
1970: 62 61 64 73 73 6c 20 72 73 61 32 30 34 38 2e 62 badssl rsa2048.b
1980: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
1990: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 .test BadSSL-1.4
19a0: 32 20 7b 72 73 61 34 30 39 36 7d 20 2d 62 6f 64 2 {rsa4096} -bod
19b0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 61 34 y {..badssl rsa4
19c0: 30 39 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 096.badssl.com.
19d0: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
19e0: 4c 2d 31 2e 34 33 20 7b 72 73 61 38 31 39 32 7d L-1.43 {rsa8192}
19f0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1a00: 20 72 73 61 38 31 39 32 2e 62 61 64 73 73 6c 2e rsa8192.badssl.
1a10: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
1a20: 42 61 64 53 53 4c 2d 31 2e 34 34 20 7b 73 65 6c BadSSL-1.44 {sel
1a30: 66 2d 73 69 67 6e 65 64 7d 20 2d 63 6f 6e 73 74 f-signed} -const
1a40: 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d raints {old_api}
1a50: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1a60: 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e 62 61 64 self-signed.bad
1a70: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
1a80: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
1a90: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
1aa0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
1ab0: 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c 66 20 ed due to "self
1ac0: 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 signed certifica
1ad0: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 te"} -returnCode
1ae0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
1af0: 53 4c 2d 31 2e 34 35 20 7b 73 65 6c 66 2d 73 69 SL-1.45 {self-si
1b00: 67 6e 65 64 7d 20 2d 63 6f 6e 73 74 72 61 69 6e gned} -constrain
1b10: 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f ts {new_api} -bo
1b20: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 65 6c dy {..badssl sel
1b30: 66 2d 73 69 67 6e 65 64 2e 62 61 64 73 73 6c 2e f-signed.badssl.
1b40: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1b50: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1b60: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1b70: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1b80: 75 65 20 74 6f 20 22 73 65 6c 66 2d 73 69 67 6e ue to "self-sign
1b90: 65 64 20 63 65 72 74 69 66 69 63 61 74 65 22 7d ed certificate"}
1ba0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1bb0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1bc0: 2e 34 36 20 7b 73 68 61 31 2d 32 30 31 36 7d 20 .46 {sha1-2016}
1bd0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
1be0: 73 68 61 31 2d 32 30 31 36 2e 62 61 64 73 73 6c sha1-2016.badssl
1bf0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
1c00: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
1c10: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
1c20: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
1c30: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 due to "unable t
1c40: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
1c50: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d er certificate"}
1c60: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1c70: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1c80: 2e 34 37 20 7b 73 68 61 31 2d 32 30 31 37 7d 20 .47 {sha1-2017}
1c90: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c -constraints {ol
1ca0: 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 d_api} -body {..
1cb0: 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 37 badssl sha1-2017
1cc0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1cd0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1ce0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1cf0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1d00: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
1d10: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
1d20: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
1d30: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1d40: 42 61 64 53 53 4c 2d 31 2e 34 38 20 7b 73 68 61 BadSSL-1.48 {sha
1d50: 31 2d 32 30 31 37 7d 20 2d 63 6f 6e 73 74 72 61 1-2017} -constra
1d60: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
1d70: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1d80: 68 61 31 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e ha1-2017.badssl.
1d90: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1da0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1db0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1dc0: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1dd0: 75 65 20 74 6f 20 22 43 41 20 73 69 67 6e 61 74 ue to "CA signat
1de0: 75 72 65 20 64 69 67 65 73 74 20 61 6c 67 6f 72 ure digest algor
1df0: 69 74 68 6d 20 74 6f 6f 20 77 65 61 6b 22 7d 20 ithm too weak"}
1e00: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1e10: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1e20: 34 39 20 7b 73 68 61 31 2d 69 6e 74 65 72 6d 65 49 {sha1-interme
1e30: 64 69 61 74 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 diate} -body {..
1e40: 62 61 64 73 73 6c 20 73 68 61 31 2d 69 6e 74 65 badssl sha1-inte
1e50: 72 6d 65 64 69 61 74 65 2e 62 61 64 73 73 6c 2e rmediate.badssl.
1e60: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1e70: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1e80: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1e90: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1ea0: 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f ue to "unable to
1eb0: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 get local issue
1ec0: 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 r certificate"}
1ed0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1ee0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1ef0: 35 30 20 7b 73 68 61 32 35 36 7d 20 2d 62 6f 64 50 {sha256} -bod
1f00: 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 32 y {..badssl sha2
1f10: 35 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 56.badssl.com.
1f20: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
1f30: 2d 31 2e 35 31 20 7b 73 68 61 33 38 34 7d 20 2d -1.51 {sha384} -
1f40: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1f50: 68 61 33 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d ha384.badssl.com
1f60: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
1f70: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
1f80: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
1f90: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
1fa0: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 to "certificate
1fb0: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 has expired"} -r
1fc0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
1fd0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 32 test BadSSL-1.52
1fe0: 20 7b 73 68 61 35 31 32 7d 20 2d 62 6f 64 79 20 {sha512} -body
1ff0: 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 35 31 32 {..badssl sha512
2000: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
2010: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
2020: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
2030: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
2040: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
2050: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
2060: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
2070: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
2080: 42 61 64 53 53 4c 2d 31 2e 35 33 20 7b 73 74 61 BadSSL-1.53 {sta
2090: 74 69 63 2d 72 73 61 7d 20 2d 62 6f 64 79 20 7b tic-rsa} -body {
20a0: 0a 09 62 61 64 73 73 6c 20 73 74 61 74 69 63 2d ..badssl static-
20b0: 72 73 61 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 rsa.badssl.com.
20c0: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
20d0: 4c 2d 31 2e 35 34 20 7b 73 75 62 64 6f 6d 61 69 L-1.54 {subdomai
20e0: 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 n.preloaded-hsts
20f0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
2100: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
2110: 0a 09 62 61 64 73 73 6c 20 73 75 62 64 6f 6d 61 ..badssl subdoma
2120: 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 in.preloaded-hst
2130: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 s.badssl.com.
2140: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
2150: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
2160: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
2170: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
2180: 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 Hostname mismatc
2190: 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 h"} -returnCodes
21a0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
21b0: 4c 2d 31 2e 35 35 20 7b 73 75 62 64 6f 6d 61 69 L-1.55 {subdomai
21c0: 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 n.preloaded-hsts
21d0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
21e0: 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b new_api} -body {
21f0: 0a 09 62 61 64 73 73 6c 20 73 75 62 64 6f 6d 61 ..badssl subdoma
2200: 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 in.preloaded-hst
2210: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 s.badssl.com.
2220: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
2230: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
2240: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
2250: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
2260: 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 hostname mismatc
2270: 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 h"} -returnCodes
2280: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
2290: 4c 2d 31 2e 35 36 20 7b 73 75 70 65 72 66 69 73 L-1.56 {superfis
22a0: 68 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 h} -body {..bads
22b0: 73 6c 20 73 75 70 65 72 66 69 73 68 2e 62 61 64 sl superfish.bad
22c0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
22d0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
22e0: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
22f0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
2300: 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c ed due to "unabl
2310: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 e to get local i
2320: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 ssuer certificat
2330: 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 e"} -returnCodes
2340: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
2350: 4c 2d 31 2e 35 37 20 7b 74 6c 73 2d 76 31 2d 30 L-1.57 {tls-v1-0
2360: 3a 31 30 31 30 7d 20 2d 63 6f 6e 73 74 72 61 69 :1010} -constrai
2370: 6e 74 73 20 7b 74 6c 73 31 20 6f 6c 64 5f 61 70 nts {tls1 old_ap
2380: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
2390: 73 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 61 64 73 sl tls-v1-0.bads
23a0: 73 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 20 20 20 sl.com:1010.
23b0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
23c0: 2e 35 38 20 7b 74 6c 73 2d 76 31 2d 30 3a 31 30 .58 {tls-v1-0:10
23d0: 31 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 10} -constraints
23e0: 20 7b 74 6c 73 31 20 6e 65 77 5f 61 70 69 7d 20 {tls1 new_api}
23f0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
2400: 74 6c 73 2d 76 31 2d 30 2e 62 61 64 73 73 6c 2e tls-v1-0.badssl.
2410: 63 6f 6d 3a 31 30 31 30 0a 20 20 20 20 7d 20 2d com:1010. } -
2420: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
2430: 65 20 66 61 69 6c 65 64 3a 20 75 6e 73 75 70 70 e failed: unsupp
2440: 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 7d 20 orted protocol}
2450: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
2460: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
2470: 35 39 20 7b 74 6c 73 2d 76 31 2d 31 3a 31 30 31 59 {tls-v1-1:101
2480: 31 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 1} -constraints
2490: 7b 74 6c 73 31 2e 31 20 6f 6c 64 5f 61 70 69 7d {tls1.1 old_api}
24a0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
24b0: 20 74 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 6c tls-v1-1.badssl
24c0: 2e 63 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d 0a .com:1011. }.
24d0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 .test BadSSL-1.6
24e0: 30 20 7b 74 6c 73 2d 76 31 2d 31 3a 31 30 31 31 0 {tls-v1-1:1011
24f0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
2500: 74 6c 73 31 2e 31 20 6e 65 77 5f 61 70 69 7d 20 tls1.1 new_api}
2510: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
2520: 74 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 6c 2e tls-v1-1.badssl.
2530: 63 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d 20 2d com:1011. } -
2540: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
2550: 65 20 66 61 69 6c 65 64 3a 20 75 6e 73 75 70 70 e failed: unsupp
2560: 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 7d 20 orted protocol}
2570: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
2580: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
2590: 36 31 20 7b 74 6c 73 2d 76 31 2d 32 3a 31 30 31 61 {tls-v1-2:101
25a0: 32 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 2} -constraints
25b0: 7b 74 6c 73 31 2e 32 7d 20 2d 62 6f 64 79 20 7b {tls1.2} -body {
25c0: 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d ..badssl tls-v1-
25d0: 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 2.badssl.com:101
25e0: 32 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 2. }..test Ba
25f0: 64 53 53 4c 2d 31 2e 36 32 20 7b 75 6e 74 72 75 dSSL-1.62 {untru
2600: 73 74 65 64 2d 72 6f 6f 74 7d 20 2d 63 6f 6e 73 sted-root} -cons
2610: 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 traints {old_api
2620: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2630: 6c 20 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 l untrusted-root
2640: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
2650: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
2660: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
2670: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
2680: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 failed due to "s
2690: 65 6c 66 20 73 69 67 6e 65 64 20 63 65 72 74 69 elf signed certi
26a0: 66 69 63 61 74 65 20 69 6e 20 63 65 72 74 69 66 ficate in certif
26b0: 69 63 61 74 65 20 63 68 61 69 6e 22 7d 20 2d 72 icate chain"} -r
26c0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
26d0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 33 test BadSSL-1.63
26e0: 20 7b 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 {untrusted-root
26f0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
2700: 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b new_api} -body {
2710: 0a 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74 ..badssl untrust
2720: 65 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63 ed-root.badssl.c
2730: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
2740: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
2750: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
2760: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
2770: 65 20 74 6f 20 22 73 65 6c 66 2d 73 69 67 6e 65 e to "self-signe
2780: 64 20 63 65 72 74 69 66 69 63 61 74 65 20 69 6e d certificate in
2790: 20 63 65 72 74 69 66 69 63 61 74 65 20 63 68 61 certificate cha
27a0: 69 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 in"} -returnCode
27b0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
27c0: 53 4c 2d 31 2e 36 34 20 7b 75 70 67 72 61 64 65 SL-1.64 {upgrade
27d0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
27e0: 6c 20 75 70 67 72 61 64 65 2e 62 61 64 73 73 6c l upgrade.badssl
27f0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
2800: 20 42 61 64 53 53 4c 2d 31 2e 36 35 20 7b 77 65 BadSSL-1.65 {we
2810: 62 70 61 63 6b 2d 64 65 76 2d 73 65 72 76 65 72 bpack-dev-server
2820: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2830: 6c 20 77 65 62 70 61 63 6b 2d 64 65 76 2d 73 65 l webpack-dev-se
2840: 72 76 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a rver.badssl.com.
2850: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
2860: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
2870: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
2880: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
2890: 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 o "unable to get
28a0: 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 local issuer ce
28b0: 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 rtificate"} -ret
28c0: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
28d0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 36 20 7b st BadSSL-1.66 {
28e0: 77 72 6f 6e 67 2e 68 6f 73 74 7d 20 2d 63 6f 6e wrong.host} -con
28f0: 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 straints {old_ap
2900: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
2910: 73 6c 20 77 72 6f 6e 67 2e 68 6f 73 74 2e 62 61 sl wrong.host.ba
2920: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
2930: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
2940: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
2950: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
2960: 6c 65 64 20 64 75 65 20 74 6f 20 22 48 6f 73 74 led due to "Host
2970: 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 7d 20 name mismatch"}
2980: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
2990: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
29a0: 36 37 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 7d 20 67 {wrong.host}
29b0: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 -constraints {ne
29c0: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 w_api} -body {..
29d0: 62 61 64 73 73 6c 20 77 72 6f 6e 67 2e 68 6f 73 badssl wrong.hos
29e0: 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 t.badssl.com.
29f0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
2a00: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
2a10: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
2a20: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
2a30: 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 hostname mismatc
2a40: 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 h"} -returnCodes
2a50: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
2a60: 4c 2d 31 2e 36 38 20 7b 6d 6f 7a 69 6c 6c 61 2d L-1.68 {mozilla-
2a70: 6d 6f 64 65 72 6e 7d 20 2d 62 6f 64 79 20 7b 0a modern} -body {.
2a80: 09 62 61 64 73 73 6c 20 6d 6f 7a 69 6c 6c 61 2d .badssl mozilla-
2a90: 6d 6f 64 65 72 6e 2e 62 61 64 73 73 6c 2e 63 6f modern.badssl.co
2aa0: 6d 0a 20 20 20 20 7d 0a 0a 23 20 43 6c 65 61 6e m. }..# Clean
2ab0: 75 70 0a 3a 3a 74 63 6c 74 65 73 74 3a 3a 63 6c up.::tcltest::cl
2ac0: 65 61 6e 75 70 54 65 73 74 73 0a 72 65 74 75 72 eanupTests.retur
2ad0: 6e 0a n.