Artifact
62a312d78a4ede5a1229cf8d782364acdc5d5982803ffdcf4aaa773a84f446d3:
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64 # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20 test cases for
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68 age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61 == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61 *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74 th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61 fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61 uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a ge require tls..
0120: 23 20 46 69 6e 64 20 64 65 66 61 75 6c 74 20 43 # Find default C
0130: 41 20 63 65 72 74 69 66 69 63 61 74 65 73 20 64 A certificates d
0140: 69 72 65 63 74 6f 72 79 0a 69 66 20 7b 5b 69 6e irectory.if {[in
0150: 66 6f 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28 fo exists ::env(
0160: 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d SSL_CERT_FILE)]}
0170: 20 7b 73 65 74 20 3a 3a 63 61 66 69 6c 65 20 24 {set ::cafile $
0180: 3a 3a 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46 ::env(SSL_CERT_F
0190: 49 4c 45 29 7d 20 65 6c 73 65 20 7b 73 65 74 20 ILE)} else {set
01a0: 3a 3a 63 61 66 69 6c 65 20 5b 66 69 6c 65 20 6e ::cafile [file n
01b0: 6f 72 6d 61 6c 69 7a 65 20 7b 43 3a 5c 55 73 65 ormalize {C:\Use
01c0: 72 73 5c 42 72 69 61 6e 5c 44 6f 63 75 6d 65 6e rs\Brian\Documen
01d0: 74 73 5c 53 6f 75 72 63 65 5c 42 75 69 6c 64 5c ts\Source\Build\
01e0: 53 53 4c 2d 31 2e 31 5c 63 65 72 74 73 5c 63 61 SSL-1.1\certs\ca
01f0: 63 65 72 74 2e 70 65 6d 7d 5d 7d 0a 0a 23 20 43 cert.pem}]}..# C
0200: 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f 75 72 63 onstraints.sourc
0210: 65 20 5b 66 69 6c 65 20 6a 6f 69 6e 20 5b 66 69 e [file join [fi
0220: 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e 66 6f le dirname [info
0230: 20 73 63 72 69 70 74 5d 5d 20 63 6f 6d 6d 6f 6e script]] common
0240: 2e 74 63 6c 5d 0a 0a 23 20 48 65 6c 70 65 72 20 .tcl]..# Helper
0250: 66 75 6e 63 74 69 6f 6e 73 0a 70 72 6f 63 20 62 functions.proc b
0260: 61 64 73 73 6c 20 7b 75 72 6c 7d 20 7b 73 65 74 adssl {url} {set
0270: 20 70 6f 72 74 20 34 34 33 3b 6c 61 73 73 69 67 port 443;lassig
0280: 6e 20 5b 73 70 6c 69 74 20 24 75 72 6c 20 22 3a n [split $url ":
0290: 22 5d 20 75 72 6c 20 70 6f 72 74 3b 69 66 20 7b "] url port;if {
02a0: 24 70 6f 72 74 20 65 71 20 22 22 7d 20 7b 73 65 $port eq ""} {se
02b0: 74 20 70 6f 72 74 20 34 34 33 7d 3b 73 65 74 20 t port 443};set
02c0: 63 68 20 5b 74 6c 73 3a 3a 73 6f 63 6b 65 74 20 ch [tls::socket
02d0: 2d 61 75 74 6f 73 65 72 76 65 72 6e 61 6d 65 20 -autoservername
02e0: 31 20 2d 72 65 71 75 69 72 65 20 31 20 2d 63 61 1 -require 1 -ca
02f0: 66 69 6c 65 20 24 3a 3a 63 61 66 69 6c 65 20 24 file $::cafile $
0300: 75 72 6c 20 24 70 6f 72 74 5d 3b 69 66 20 7b 5b url $port];if {[
0310: 63 61 74 63 68 20 7b 74 6c 73 3a 3a 68 61 6e 64 catch {tls::hand
0320: 73 68 61 6b 65 20 24 63 68 7d 20 65 72 72 5d 7d shake $ch} err]}
0330: 20 7b 63 6c 6f 73 65 20 24 63 68 3b 72 65 74 75 {close $ch;retu
0340: 72 6e 20 2d 63 6f 64 65 20 65 72 72 6f 72 20 24 rn -code error $
0350: 65 72 72 7d 20 65 6c 73 65 20 7b 63 6c 6f 73 65 err} else {close
0360: 20 24 63 68 7d 7d 0a 0a 23 20 42 61 64 53 53 4c $ch}}..# BadSSL
0370: 2e 63 6f 6d 20 54 65 73 74 73 0a 0a 0a 74 65 73 .com Tests...tes
0380: 74 20 42 61 64 53 53 4c 2d 31 2e 31 20 7b 31 30 t BadSSL-1.1 {10
0390: 30 30 2d 73 61 6e 73 7d 20 2d 62 6f 64 79 20 7b 00-sans} -body {
03a0: 0a 09 62 61 64 73 73 6c 20 31 30 30 30 2d 73 61 ..badssl 1000-sa
03b0: 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ns.badssl.com.
03c0: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
03d0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
03e0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
03f0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a y failed due to:
0400: 20 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 certificate has
0410: 20 65 78 70 69 72 65 64 7d 20 2d 72 65 74 75 72 expired} -retur
0420: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
0430: 20 42 61 64 53 53 4c 2d 31 2e 32 20 7b 31 30 30 BadSSL-1.2 {100
0440: 30 30 2d 73 61 6e 73 7d 20 2d 62 6f 64 79 20 7b 00-sans} -body {
0450: 0a 09 62 61 64 73 73 6c 20 31 30 30 30 30 2d 73 ..badssl 10000-s
0460: 61 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ans.badssl.com.
0470: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
0480: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
0490: 65 78 63 65 73 73 69 76 65 20 6d 65 73 73 61 67 excessive messag
04a0: 65 20 73 69 7a 65 7d 20 2d 72 65 74 75 72 6e 43 e size} -returnC
04b0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
04c0: 61 64 53 53 4c 2d 31 2e 33 20 7b 33 64 65 73 7d adSSL-1.3 {3des}
04d0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
04e0: 20 33 64 65 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 3des.badssl.com
04f0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0500: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0510: 3a 20 73 73 6c 76 33 20 61 6c 65 72 74 20 68 61 : sslv3 alert ha
0520: 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d ndshake failure}
0530: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
0540: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0550: 2e 34 20 7b 63 61 70 74 69 76 65 2d 70 6f 72 74 .4 {captive-port
0560: 61 6c 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 al} -body {..bad
0570: 73 73 6c 20 63 61 70 74 69 76 65 2d 70 6f 72 74 ssl captive-port
0580: 61 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 al.badssl.com.
0590: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
05a0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
05b0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
05c0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a y failed due to:
05d0: 20 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 Hostname mismat
05e0: 63 68 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 ch} -returnCodes
05f0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
0600: 4c 2d 31 2e 35 20 7b 63 62 63 7d 20 2d 62 6f 64 L-1.5 {cbc} -bod
0610: 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 62 63 2e y {..badssl cbc.
0620: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0630: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
0640: 36 20 7b 63 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 6 {client-cert-m
0650: 69 73 73 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a issing} -body {.
0660: 09 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2d 63 .badssl client-c
0670: 65 72 74 2d 6d 69 73 73 69 6e 67 2e 62 61 64 73 ert-missing.bads
0680: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
0690: 73 74 20 42 61 64 53 53 4c 2d 31 2e 37 20 7b 63 st BadSSL-1.7 {c
06a0: 6c 69 65 6e 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 lient} -body {..
06b0: 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2e 62 61 badssl client.ba
06c0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
06d0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 38 20 test BadSSL-1.8
06e0: 7b 64 68 2d 63 6f 6d 70 6f 73 69 74 65 7d 20 2d {dh-composite} -
06f0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 body {..badssl d
0700: 68 2d 63 6f 6d 70 6f 73 69 74 65 2e 62 61 64 73 h-composite.bads
0710: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
0720: 73 74 20 42 61 64 53 53 4c 2d 31 2e 39 20 7b 64 st BadSSL-1.9 {d
0730: 68 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 h-small-subgroup
0740: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0750: 6c 20 64 68 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 l dh-small-subgr
0760: 6f 75 70 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 oup.badssl.com.
0770: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0780: 4c 2d 31 2e 31 30 20 7b 64 68 34 38 30 7d 20 2d L-1.10 {dh480} -
0790: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 body {..badssl d
07a0: 68 34 38 30 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a h480.badssl.com.
07b0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
07c0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
07d0: 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 6c dh key too smal
07e0: 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 l} -returnCodes
07f0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0800: 2d 31 2e 31 31 20 7b 64 68 35 31 32 7d 20 2d 62 -1.11 {dh512} -b
0810: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 ody {..badssl dh
0820: 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 512.badssl.com.
0830: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
0840: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
0850: 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 6c 6c dh key too small
0860: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
0870: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
0880: 31 2e 31 32 20 7b 64 68 31 30 32 34 7d 20 2d 62 1.12 {dh1024} -b
0890: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 ody {..badssl dh
08a0: 31 30 32 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 1024.badssl.com.
08b0: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
08c0: 53 4c 2d 31 2e 31 33 20 7b 64 68 32 30 34 38 7d SL-1.13 {dh2048}
08d0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
08e0: 20 64 68 32 30 34 38 2e 62 61 64 73 73 6c 2e 63 dh2048.badssl.c
08f0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 om. }..test B
0900: 61 64 53 53 4c 2d 31 2e 31 34 20 7b 64 73 64 74 adSSL-1.14 {dsdt
0910: 65 73 74 70 72 6f 76 69 64 65 72 7d 20 2d 62 6f estprovider} -bo
0920: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 73 64 dy {..badssl dsd
0930: 74 65 73 74 70 72 6f 76 69 64 65 72 2e 62 61 64 testprovider.bad
0940: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0950: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0960: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
0970: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
0980: 65 64 20 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c ed due to: unabl
0990: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 e to get local i
09a0: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 ssuer certificat
09b0: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
09c0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
09d0: 2d 31 2e 31 35 20 7b 65 63 63 32 35 36 7d 20 2d -1.15 {ecc256} -
09e0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 body {..badssl e
09f0: 63 63 32 35 36 2e 62 61 64 73 73 6c 2e 63 6f 6d cc256.badssl.com
0a00: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
0a10: 53 53 4c 2d 31 2e 31 36 20 7b 65 63 63 33 38 34 SSL-1.16 {ecc384
0a20: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0a30: 6c 20 65 63 63 33 38 34 2e 62 61 64 73 73 6c 2e l ecc384.badssl.
0a40: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
0a50: 42 61 64 53 53 4c 2d 31 2e 31 37 20 7b 65 64 65 BadSSL-1.17 {ede
0a60: 6c 6c 72 6f 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a llroot} -body {.
0a70: 09 62 61 64 73 73 6c 20 65 64 65 6c 6c 72 6f 6f .badssl edellroo
0a80: 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 t.badssl.com.
0a90: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
0aa0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
0ab0: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
0ac0: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 failed due to:
0ad0: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f unable to get lo
0ae0: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 cal issuer certi
0af0: 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 ficate} -returnC
0b00: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
0b10: 61 64 53 53 4c 2d 31 2e 31 38 20 7b 65 78 70 69 adSSL-1.18 {expi
0b20: 72 65 64 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 red} -body {..ba
0b30: 64 73 73 6c 20 65 78 70 69 72 65 64 2e 62 61 64 dssl expired.bad
0b40: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0b50: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0b60: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
0b70: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
0b80: 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72 74 69 ed due to: certi
0b90: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 ficate has expir
0ba0: 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 ed} -returnCodes
0bb0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
0bc0: 4c 2d 31 2e 31 39 20 7b 65 78 74 65 6e 64 65 64 L-1.19 {extended
0bd0: 2d 76 61 6c 69 64 61 74 69 6f 6e 7d 20 2d 62 6f -validation} -bo
0be0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 74 dy {..badssl ext
0bf0: 65 6e 64 65 64 2d 76 61 6c 69 64 61 74 69 6f 6e ended-validation
0c00: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0c10: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
0c20: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
0c30: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
0c40: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 failed due to: c
0c50: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
0c60: 78 70 69 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 xpired} -returnC
0c70: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
0c80: 61 64 53 53 4c 2d 31 2e 32 30 20 7b 68 73 74 73 adSSL-1.20 {hsts
0c90: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0ca0: 6c 20 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f l hsts.badssl.co
0cb0: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
0cc0: 64 53 53 4c 2d 31 2e 32 31 20 7b 68 74 74 70 73 dSSL-1.21 {https
0cd0: 2d 65 76 65 72 79 77 68 65 72 65 7d 20 2d 62 6f -everywhere} -bo
0ce0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 74 74 dy {..badssl htt
0cf0: 70 73 2d 65 76 65 72 79 77 68 65 72 65 2e 62 61 ps-everywhere.ba
0d00: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
0d10: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 32 test BadSSL-1.22
0d20: 20 7b 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 {incomplete-cha
0d30: 69 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 in} -body {..bad
0d40: 73 73 6c 20 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 ssl incomplete-c
0d50: 68 61 69 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a hain.badssl.com.
0d60: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
0d70: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
0d80: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
0d90: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
0da0: 6f 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 o: unable to get
0db0: 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 local issuer ce
0dc0: 72 74 69 66 69 63 61 74 65 7d 20 2d 72 65 74 75 rtificate} -retu
0dd0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
0de0: 74 20 42 61 64 53 53 4c 2d 31 2e 32 33 20 7b 69 t BadSSL-1.23 {i
0df0: 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65 64 2d nvalid-expected-
0e00: 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 sct} -body {..ba
0e10: 64 73 73 6c 20 69 6e 76 61 6c 69 64 2d 65 78 70 dssl invalid-exp
0e20: 65 63 74 65 64 2d 73 63 74 2e 62 61 64 73 73 6c ected-sct.badssl
0e30: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
0e40: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
0e50: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
0e60: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
0e70: 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 due to: unable t
0e80: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
0e90: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20 er certificate}
0ea0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
0eb0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
0ec0: 32 34 20 7b 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 24 {long-extende
0ed0: 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 d-subdomain-name
0ee0: 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 -containing-many
0ef0: 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 -letters-and-das
0f00: 68 65 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 hes} -body {..ba
0f10: 64 73 73 6c 20 6c 6f 6e 67 2d 65 78 74 65 6e 64 dssl long-extend
0f20: 65 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d ed-subdomain-nam
0f30: 65 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e e-containing-man
0f40: 79 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 y-letters-and-da
0f50: 73 68 65 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a shes.badssl.com.
0f60: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
0f70: 53 4c 2d 31 2e 32 35 20 7b 6c 6f 6e 67 65 78 74 SL-1.25 {longext
0f80: 65 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 endedsubdomainna
0f90: 6d 65 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 mewithoutdashesi
0fa0: 6e 6f 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 nordertotestword
0fb0: 77 72 61 70 70 69 6e 67 7d 20 2d 62 6f 64 79 20 wrapping} -body
0fc0: 7b 0a 09 62 61 64 73 73 6c 20 6c 6f 6e 67 65 78 {..badssl longex
0fd0: 74 65 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e tendedsubdomainn
0fe0: 61 6d 65 77 69 74 68 6f 75 74 64 61 73 68 65 73 amewithoutdashes
0ff0: 69 6e 6f 72 64 65 72 74 6f 74 65 73 74 77 6f 72 inordertotestwor
1000: 64 77 72 61 70 70 69 6e 67 2e 62 61 64 73 73 6c dwrapping.badssl
1010: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
1020: 20 42 61 64 53 53 4c 2d 31 2e 32 36 20 7b 6d 69 BadSSL-1.26 {mi
1030: 74 6d 2d 73 6f 66 74 77 61 72 65 7d 20 2d 62 6f tm-software} -bo
1040: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d 69 74 dy {..badssl mit
1050: 6d 2d 73 6f 66 74 77 61 72 65 2e 62 61 64 73 73 m-software.badss
1060: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
1070: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
1080: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
1090: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
10a0: 20 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 due to: unable
10b0: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 to get local iss
10c0: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d uer certificate}
10d0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
10e0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
10f0: 2e 32 37 20 7b 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e .27 {no-common-n
1100: 61 6d 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 ame} -body {..ba
1110: 64 73 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e dssl no-common-n
1120: 61 6d 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ame.badssl.com.
1130: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
1140: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
1150: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
1160: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
1170: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 68 61 : certificate ha
1180: 73 20 65 78 70 69 72 65 64 7d 20 2d 72 65 74 75 s expired} -retu
1190: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
11a0: 74 20 42 61 64 53 53 4c 2d 31 2e 32 38 20 7b 6e t BadSSL-1.28 {n
11b0: 6f 2d 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 o-sct} -body {..
11c0: 62 61 64 73 73 6c 20 6e 6f 2d 73 63 74 2e 62 61 badssl no-sct.ba
11d0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
11e0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
11f0: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
1200: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
1210: 6c 65 64 20 64 75 65 20 74 6f 3a 20 75 6e 61 62 led due to: unab
1220: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 le to get local
1230: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 issuer certifica
1240: 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 te} -returnCodes
1250: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
1260: 4c 2d 31 2e 32 39 20 7b 6e 6f 2d 73 75 62 6a 65 L-1.29 {no-subje
1270: 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ct} -body {..bad
1280: 73 73 6c 20 6e 6f 2d 73 75 62 6a 65 63 74 2e 62 ssl no-subject.b
1290: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
12a0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
12b0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
12c0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
12d0: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72 iled due to: cer
12e0: 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 tificate has exp
12f0: 69 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ired} -returnCod
1300: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
1310: 53 53 4c 2d 31 2e 33 30 20 7b 6e 75 6c 6c 7d 20 SSL-1.30 {null}
1320: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
1330: 6e 75 6c 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a null.badssl.com.
1340: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
1350: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
1360: 20 73 73 6c 76 33 20 61 6c 65 72 74 20 68 61 6e sslv3 alert han
1370: 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 dshake failure}
1380: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1390: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
13a0: 33 31 20 7b 70 69 6e 6e 69 6e 67 2d 74 65 73 74 31 {pinning-test
13b0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
13c0: 6c 20 70 69 6e 6e 69 6e 67 2d 74 65 73 74 2e 62 l pinning-test.b
13d0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
13e0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 .test BadSSL-1.3
13f0: 32 20 7b 70 72 65 61 63 74 2d 63 6c 69 7d 20 2d 2 {preact-cli} -
1400: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 70 body {..badssl p
1410: 72 65 61 63 74 2d 63 6c 69 2e 62 61 64 73 73 6c react-cli.badssl
1420: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
1430: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
1440: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
1450: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
1460: 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 due to: unable t
1470: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
1480: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20 er certificate}
1490: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
14a0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
14b0: 33 33 20 7b 70 72 65 6c 6f 61 64 65 64 2d 68 73 33 {preloaded-hs
14c0: 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ts} -body {..bad
14d0: 73 73 6c 20 70 72 65 6c 6f 61 64 65 64 2d 68 73 ssl preloaded-hs
14e0: 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ts.badssl.com.
14f0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
1500: 2d 31 2e 33 34 20 7b 72 63 34 2d 6d 64 35 7d 20 -1.34 {rc4-md5}
1510: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
1520: 72 63 34 2d 6d 64 35 2e 62 61 64 73 73 6c 2e 63 rc4-md5.badssl.c
1530: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
1540: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
1550: 65 64 3a 20 73 73 6c 76 33 20 61 6c 65 72 74 20 ed: sslv3 alert
1560: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 handshake failur
1570: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
1580: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
1590: 2d 31 2e 33 35 20 7b 72 63 34 7d 20 2d 62 6f 64 -1.35 {rc4} -bod
15a0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 63 34 2e y {..badssl rc4.
15b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
15c0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
15d0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c 76 ake failed: sslv
15e0: 33 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61 6b 3 alert handshak
15f0: 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74 75 e failure} -retu
1600: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
1610: 74 20 42 61 64 53 53 4c 2d 31 2e 33 36 20 7b 72 t BadSSL-1.36 {r
1620: 65 76 6f 6b 65 64 7d 20 2d 62 6f 64 79 20 7b 0a evoked} -body {.
1630: 09 62 61 64 73 73 6c 20 72 65 76 6f 6b 65 64 2e .badssl revoked.
1640: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
1650: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
1660: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
1670: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
1680: 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65 ailed due to: ce
1690: 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78 rtificate has ex
16a0: 70 69 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f pired} -returnCo
16b0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
16c0: 64 53 53 4c 2d 31 2e 33 37 20 7b 72 73 61 32 30 dSSL-1.37 {rsa20
16d0: 34 38 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 48} -body {..bad
16e0: 73 73 6c 20 72 73 61 32 30 34 38 2e 62 61 64 73 ssl rsa2048.bads
16f0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
1700: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 38 20 7b st BadSSL-1.38 {
1710: 72 73 61 34 30 39 36 7d 20 2d 62 6f 64 79 20 7b rsa4096} -body {
1720: 0a 09 62 61 64 73 73 6c 20 72 73 61 34 30 39 36 ..badssl rsa4096
1730: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1740: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1750: 2e 33 39 20 7b 72 73 61 38 31 39 32 7d 20 2d 62 .39 {rsa8192} -b
1760: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 ody {..badssl rs
1770: 61 38 31 39 32 2e 62 61 64 73 73 6c 2e 63 6f 6d a8192.badssl.com
1780: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
1790: 53 53 4c 2d 31 2e 34 30 20 7b 73 65 6c 66 2d 73 SSL-1.40 {self-s
17a0: 69 67 6e 65 64 7d 20 2d 62 6f 64 79 20 7b 0a 09 igned} -body {..
17b0: 62 61 64 73 73 6c 20 73 65 6c 66 2d 73 69 67 6e badssl self-sign
17c0: 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ed.badssl.com.
17d0: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
17e0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
17f0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
1800: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a y failed due to:
1810: 20 73 65 6c 66 20 73 69 67 6e 65 64 20 63 65 72 self signed cer
1820: 74 69 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 tificate} -retur
1830: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
1840: 20 42 61 64 53 53 4c 2d 31 2e 34 31 20 7b 73 68 BadSSL-1.41 {sh
1850: 61 31 2d 32 30 31 36 7d 20 2d 62 6f 64 79 20 7b a1-2016} -body {
1860: 0a 09 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 ..badssl sha1-20
1870: 31 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 16.badssl.com.
1880: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
1890: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
18a0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
18b0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a y failed due to:
18c0: 20 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c unable to get l
18d0: 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 ocal issuer cert
18e0: 69 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e ificate} -return
18f0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1900: 42 61 64 53 53 4c 2d 31 2e 34 32 20 7b 73 68 61 BadSSL-1.42 {sha
1910: 31 2d 32 30 31 37 7d 20 2d 62 6f 64 79 20 7b 0a 1-2017} -body {.
1920: 09 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 .badssl sha1-201
1930: 37 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 7.badssl.com.
1940: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
1950: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
1960: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
1970: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 failed due to:
1980: 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 certificate has
1990: 65 78 70 69 72 65 64 7d 20 2d 72 65 74 75 72 6e expired} -return
19a0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
19b0: 42 61 64 53 53 4c 2d 31 2e 34 33 20 7b 73 68 61 BadSSL-1.43 {sha
19c0: 31 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 7d 20 1-intermediate}
19d0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
19e0: 73 68 61 31 2d 69 6e 74 65 72 6d 65 64 69 61 74 sha1-intermediat
19f0: 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 e.badssl.com.
1a00: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
1a10: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
1a20: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
1a30: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 failed due to:
1a40: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f unable to get lo
1a50: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 cal issuer certi
1a60: 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 ficate} -returnC
1a70: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
1a80: 61 64 53 53 4c 2d 31 2e 34 34 20 7b 73 68 61 32 adSSL-1.44 {sha2
1a90: 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 56} -body {..bad
1aa0: 73 73 6c 20 73 68 61 32 35 36 2e 62 61 64 73 73 ssl sha256.badss
1ab0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 l.com. }..tes
1ac0: 74 20 42 61 64 53 53 4c 2d 31 2e 34 35 20 7b 73 t BadSSL-1.45 {s
1ad0: 68 61 33 38 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 ha384} -body {..
1ae0: 62 61 64 73 73 6c 20 73 68 61 33 38 34 2e 62 61 badssl sha384.ba
1af0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
1b00: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
1b10: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
1b20: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
1b30: 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72 74 led due to: cert
1b40: 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 ificate has expi
1b50: 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 red} -returnCode
1b60: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
1b70: 53 4c 2d 31 2e 34 36 20 7b 73 68 61 35 31 32 7d SL-1.46 {sha512}
1b80: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1b90: 20 73 68 61 35 31 32 2e 62 61 64 73 73 6c 2e 63 sha512.badssl.c
1ba0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
1bb0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
1bc0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
1bd0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
1be0: 65 20 74 6f 3a 20 63 65 72 74 69 66 69 63 61 74 e to: certificat
1bf0: 65 20 68 61 73 20 65 78 70 69 72 65 64 7d 20 2d e has expired} -
1c00: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1c10: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 .test BadSSL-1.4
1c20: 37 20 7b 73 74 61 74 69 63 2d 72 73 61 7d 20 2d 7 {static-rsa} -
1c30: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1c40: 74 61 74 69 63 2d 72 73 61 2e 62 61 64 73 73 6c tatic-rsa.badssl
1c50: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 .com. }..test
1c60: 20 42 61 64 53 53 4c 2d 31 2e 34 38 20 7b 73 75 BadSSL-1.48 {su
1c70: 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 bdomain.preloade
1c80: 64 2d 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b 0a d-hsts} -body {.
1c90: 09 62 61 64 73 73 6c 20 73 75 62 64 6f 6d 61 69 .badssl subdomai
1ca0: 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 n.preloaded-hsts
1cb0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1cc0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1cd0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1ce0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1cf0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 48 failed due to: H
1d00: 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 ostname mismatch
1d10: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
1d20: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
1d30: 31 2e 34 39 20 7b 73 75 70 65 72 66 69 73 68 7d 1.49 {superfish}
1d40: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1d50: 20 73 75 70 65 72 66 69 73 68 2e 62 61 64 73 73 superfish.badss
1d60: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
1d70: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
1d80: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
1d90: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
1da0: 20 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 due to: unable
1db0: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 to get local iss
1dc0: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d uer certificate}
1dd0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1de0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1df0: 2e 35 30 20 7b 74 6c 73 2d 76 31 2d 30 3a 31 30 .50 {tls-v1-0:10
1e00: 31 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 10} -constraints
1e10: 20 7b 74 6c 73 31 7d 20 2d 62 6f 64 79 20 7b 0a {tls1} -body {.
1e20: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30 .badssl tls-v1-0
1e30: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 .badssl.com:1010
1e40: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
1e50: 53 53 4c 2d 31 2e 35 31 20 7b 74 6c 73 2d 76 31 SSL-1.51 {tls-v1
1e60: 2d 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72 -1:1011} -constr
1e70: 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 7d 20 2d aints {tls1.1} -
1e80: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74 body {..badssl t
1e90: 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 6c 2e 63 ls-v1-1.badssl.c
1ea0: 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d 0a 0a 74 om:1011. }..t
1eb0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 32 20 est BadSSL-1.52
1ec0: 7b 74 6c 73 2d 76 31 2d 32 3a 31 30 31 32 7d 20 {tls-v1-2:1012}
1ed0: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c -constraints {tl
1ee0: 73 31 2e 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 s1.2} -body {..b
1ef0: 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 32 2e 62 adssl tls-v1-2.b
1f00: 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 32 0a 20 adssl.com:1012.
1f10: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
1f20: 4c 2d 31 2e 35 33 20 7b 75 6e 74 72 75 73 74 65 L-1.53 {untruste
1f30: 64 2d 72 6f 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a d-root} -body {.
1f40: 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74 65 .badssl untruste
1f50: 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63 6f d-root.badssl.co
1f60: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
1f70: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
1f80: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
1f90: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
1fa0: 20 74 6f 3a 20 73 65 6c 66 20 73 69 67 6e 65 64 to: self signed
1fb0: 20 63 65 72 74 69 66 69 63 61 74 65 20 69 6e 20 certificate in
1fc0: 63 65 72 74 69 66 69 63 61 74 65 20 63 68 61 69 certificate chai
1fd0: 6e 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 n} -returnCodes
1fe0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
1ff0: 2d 31 2e 35 34 20 7b 75 70 67 72 61 64 65 7d 20 -1.54 {upgrade}
2000: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
2010: 75 70 67 72 61 64 65 2e 62 61 64 73 73 6c 2e 63 upgrade.badssl.c
2020: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 om. }..test B
2030: 61 64 53 53 4c 2d 31 2e 35 35 20 7b 77 65 62 70 adSSL-1.55 {webp
2040: 61 63 6b 2d 64 65 76 2d 73 65 72 76 65 72 7d 20 ack-dev-server}
2050: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
2060: 77 65 62 70 61 63 6b 2d 64 65 76 2d 73 65 72 76 webpack-dev-serv
2070: 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 er.badssl.com.
2080: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
2090: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
20a0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
20b0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a y failed due to:
20c0: 20 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c unable to get l
20d0: 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 ocal issuer cert
20e0: 69 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e ificate} -return
20f0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
2100: 42 61 64 53 53 4c 2d 31 2e 35 36 20 7b 77 72 6f BadSSL-1.56 {wro
2110: 6e 67 2e 68 6f 73 74 7d 20 2d 62 6f 64 79 20 7b ng.host} -body {
2120: 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e 67 2e 68 ..badssl wrong.h
2130: 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ost.badssl.com.
2140: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2150: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2160: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
2170: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
2180: 3a 20 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 : Hostname misma
2190: 74 63 68 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 tch} -returnCode
21a0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
21b0: 53 4c 2d 31 2e 35 37 20 7b 6d 6f 7a 69 6c 6c 61 SL-1.57 {mozilla
21c0: 2d 6d 6f 64 65 72 6e 7d 20 2d 62 6f 64 79 20 7b -modern} -body {
21d0: 0a 09 62 61 64 73 73 6c 20 6d 6f 7a 69 6c 6c 61 ..badssl mozilla
21e0: 2d 6d 6f 64 65 72 6e 2e 62 61 64 73 73 6c 2e 63 -modern.badssl.c
21f0: 6f 6d 0a 20 20 20 20 7d 0a 0a 23 20 43 6c 65 61 om. }..# Clea
2200: 6e 75 70 0a 3a 3a 74 63 6c 74 65 73 74 3a 3a 63 nup.::tcltest::c
2210: 6c 65 61 6e 75 70 54 65 73 74 73 0a 72 65 74 75 leanupTests.retu
2220: 72 6e 0a rn.