TclTLS: Hex Artifact Content

Artifact 8442154e7f8c3e49ce7fca623aebcf01ad29a70cbf2412c91434d886649dc3d4:

File tests/badssl.test — part of check-in [fe85c1fb85] at 2025-02-22 23:15:33 on branch tls-2.0 — Added package prefer to test scripts to use beta releases. Corrected Makefile and tests/all.tcl to pass args for make test. Set test case socket defaults to -require 0 since test certificates are out-of-date. (user: bohagan, size: 11079) [annotate] [blame] [check-ins using]
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64  # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20   test cases for 
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f  badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b  ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68  age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c   [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d  dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61   == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65  ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d  st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a  port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61  *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74  th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b   [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e  file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61  fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61  uto_path]..packa
0110: 67 65 20 70 72 65 66 65 72 20 6c 61 74 65 73 74  ge prefer latest
0120: 0a 70 61 63 6b 61 67 65 20 72 65 71 75 69 72 65  .package require
0130: 20 74 6c 73 0a 0a 23 20 43 6f 6e 73 74 72 61 69   tls..# Constrai
0140: 6e 74 73 0a 73 6f 75 72 63 65 20 5b 66 69 6c 65  nts.source [file
0150: 20 6a 6f 69 6e 20 5b 66 69 6c 65 20 64 69 72 6e   join [file dirn
0160: 61 6d 65 20 5b 69 6e 66 6f 20 73 63 72 69 70 74  ame [info script
0170: 5d 5d 20 63 6f 6d 6d 6f 6e 2e 74 63 6c 5d 0a 0a  ]] common.tcl]..
0180: 23 20 48 65 6c 70 65 72 20 66 75 6e 63 74 69 6f  # Helper functio
0190: 6e 73 0a 70 72 6f 63 20 62 61 64 73 73 6c 20 7b  ns.proc badssl {
01a0: 75 72 6c 7d 20 7b 73 65 74 20 70 6f 72 74 20 34  url} {set port 4
01b0: 34 33 3b 6c 61 73 73 69 67 6e 20 5b 73 70 6c 69  43;lassign [spli
01c0: 74 20 24 75 72 6c 20 22 3a 22 5d 20 75 72 6c 20  t $url ":"] url 
01d0: 70 6f 72 74 3b 69 66 20 7b 24 70 6f 72 74 20 65  port;if {$port e
01e0: 71 20 22 22 7d 20 7b 73 65 74 20 70 6f 72 74 20  q ""} {set port 
01f0: 34 34 33 7d 3b 73 65 74 20 63 6d 64 20 5b 6c 69  443};set cmd [li
0200: 73 74 20 74 6c 73 3a 3a 73 6f 63 6b 65 74 20 2d  st tls::socket -
0210: 61 75 74 6f 73 65 72 76 65 72 6e 61 6d 65 20 31  autoservername 1
0220: 20 2d 72 65 71 75 69 72 65 20 31 5d 3b 69 66 20   -require 1];if 
0230: 7b 5b 69 6e 66 6f 20 65 78 69 73 74 73 20 3a 3a  {[info exists ::
0240: 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46 49 4c  env(SSL_CERT_FIL
0250: 45 29 5d 7d 20 7b 6c 61 70 70 65 6e 64 20 63 6d  E)]} {lappend cm
0260: 64 20 2d 63 61 66 69 6c 65 20 24 3a 3a 65 6e 76  d -cafile $::env
0270: 28 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45 29 7d  (SSL_CERT_FILE)}
0280: 3b 6c 61 70 70 65 6e 64 20 63 6d 64 20 24 75 72  ;lappend cmd $ur
0290: 6c 20 24 70 6f 72 74 3b 73 65 74 20 63 68 20 5b  l $port;set ch [
02a0: 65 76 61 6c 20 24 63 6d 64 5d 3b 69 66 20 7b 5b  eval $cmd];if {[
02b0: 63 61 74 63 68 20 7b 74 6c 73 3a 3a 68 61 6e 64  catch {tls::hand
02c0: 73 68 61 6b 65 20 24 63 68 7d 20 65 72 72 5d 7d  shake $ch} err]}
02d0: 20 7b 63 6c 6f 73 65 20 24 63 68 3b 72 65 74 75   {close $ch;retu
02e0: 72 6e 20 2d 63 6f 64 65 20 65 72 72 6f 72 20 24  rn -code error $
02f0: 65 72 72 7d 20 65 6c 73 65 20 7b 63 6c 6f 73 65  err} else {close
0300: 20 24 63 68 7d 7d 0a 0a 23 20 42 61 64 53 53 4c   $ch}}..# BadSSL
0310: 2e 63 6f 6d 20 54 65 73 74 73 0a 0a 0a 74 65 73  .com Tests...tes
0320: 74 20 42 61 64 53 53 4c 2d 31 2e 31 20 7b 31 30  t BadSSL-1.1 {10
0330: 30 30 2d 73 61 6e 73 7d 20 2d 62 6f 64 79 20 7b  00-sans} -body {
0340: 0a 09 62 61 64 73 73 6c 20 31 30 30 30 2d 73 61  ..badssl 1000-sa
0350: 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  ns.badssl.com.  
0360: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e    } -result {han
0370: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63  dshake failed: c
0380: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66  ertificate verif
0390: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20  y failed due to 
03a0: 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73  "certificate has
03b0: 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75   expired"} -retu
03c0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
03d0: 74 20 42 61 64 53 53 4c 2d 31 2e 32 20 7b 31 30  t BadSSL-1.2 {10
03e0: 30 30 30 2d 73 61 6e 73 7d 20 2d 62 6f 64 79 20  000-sans} -body 
03f0: 7b 0a 09 62 61 64 73 73 6c 20 31 30 30 30 30 2d  {..badssl 10000-
0400: 73 61 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  sans.badssl.com.
0410: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
0420: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
0430: 20 65 78 63 65 73 73 69 76 65 20 6d 65 73 73 61   excessive messa
0440: 67 65 20 73 69 7a 65 7d 20 2d 72 65 74 75 72 6e  ge size} -return
0450: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
0460: 42 61 64 53 53 4c 2d 31 2e 33 20 7b 33 64 65 73  BadSSL-1.3 {3des
0470: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
0480: 6c 20 33 64 65 73 2e 62 61 64 73 73 6c 2e 63 6f  l 3des.badssl.co
0490: 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68 20 7b  m.    } -match {
04a0: 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20 7b 68  glob} -result {h
04b0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
04c0: 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61   * alert handsha
04d0: 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74  ke failure} -ret
04e0: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
04f0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20 7b 63  st BadSSL-1.4 {c
0500: 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 7d 20 2d  aptive-portal} -
0510: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64  constraints {old
0520: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  _api} -body {..b
0530: 61 64 73 73 6c 20 63 61 70 74 69 76 65 2d 70 6f  adssl captive-po
0540: 72 74 61 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  rtal.badssl.com.
0550: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
0560: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
0570: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
0580: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
0590: 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d  o "Hostname mism
05a0: 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f  atch"} -returnCo
05b0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
05c0: 64 53 53 4c 2d 31 2e 35 20 7b 63 61 70 74 69 76  dSSL-1.5 {captiv
05d0: 65 2d 70 6f 72 74 61 6c 7d 20 2d 63 6f 6e 73 74  e-portal} -const
05e0: 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d  raints {new_api}
05f0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
0600: 20 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 2e   captive-portal.
0610: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0620: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
0630: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
0640: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
0650: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 68 6f  ailed due to "ho
0660: 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22  stname mismatch"
0670: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
0680: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
0690: 31 2e 36 20 7b 63 62 63 7d 20 2d 62 6f 64 79 20  1.6 {cbc} -body 
06a0: 7b 0a 09 62 61 64 73 73 6c 20 63 62 63 2e 62 61  {..badssl cbc.ba
06b0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
06c0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 37 20  test BadSSL-1.7 
06d0: 7b 63 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 69 73  {client-cert-mis
06e0: 73 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  sing} -body {..b
06f0: 61 64 73 73 6c 20 63 6c 69 65 6e 74 2d 63 65 72  adssl client-cer
0700: 74 2d 6d 69 73 73 69 6e 67 2e 62 61 64 73 73 6c  t-missing.badssl
0710: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
0720: 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 63 6c 69   BadSSL-1.8 {cli
0730: 65 6e 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ent} -body {..ba
0740: 64 73 73 6c 20 63 6c 69 65 6e 74 2e 62 61 64 73  dssl client.bads
0750: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0760: 73 74 20 42 61 64 53 53 4c 2d 31 2e 39 20 7b 64  st BadSSL-1.9 {d
0770: 68 2d 63 6f 6d 70 6f 73 69 74 65 7d 20 2d 63 6f  h-composite} -co
0780: 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61  nstraints {old_a
0790: 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  pi} -body {..bad
07a0: 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69 74 65  ssl dh-composite
07b0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
07c0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
07d0: 2e 31 30 20 7b 64 68 2d 63 6f 6d 70 6f 73 69 74  .10 {dh-composit
07e0: 65 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20  e} -constraints 
07f0: 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20  {new_api} -body 
0800: 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 6f 6d  {..badssl dh-com
0810: 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e 63 6f  posite.badssl.co
0820: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
0830: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
0840: 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d  d: dh key too sm
0850: 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  all} -returnCode
0860: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
0870: 53 4c 2d 31 2e 31 31 20 7b 64 68 2d 73 6d 61 6c  SL-1.11 {dh-smal
0880: 6c 2d 73 75 62 67 72 6f 75 70 7d 20 2d 62 6f 64  l-subgroup} -bod
0890: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 73  y {..badssl dh-s
08a0: 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e 62 61  mall-subgroup.ba
08b0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
08c0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 32  test BadSSL-1.12
08d0: 20 7b 64 68 34 38 30 7d 20 2d 63 6f 6e 73 74 72   {dh480} -constr
08e0: 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20  aints {old_api} 
08f0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
0900: 64 68 34 38 30 2e 62 61 64 73 73 6c 2e 63 6f 6d  dh480.badssl.com
0910: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
0920: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
0930: 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61  : dh key too sma
0940: 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  ll} -returnCodes
0950: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
0960: 4c 2d 31 2e 31 33 20 7b 64 68 34 38 30 7d 20 2d  L-1.13 {dh480} -
0970: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77  constraints {new
0980: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  _api} -body {..b
0990: 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61 64 73  adssl dh480.bads
09a0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
09b0: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
09c0: 66 61 69 6c 65 64 3a 20 6d 6f 64 75 6c 75 73 20  failed: modulus 
09d0: 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75  too small} -retu
09e0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
09f0: 74 20 42 61 64 53 53 4c 2d 31 2e 31 34 20 7b 64  t BadSSL-1.14 {d
0a00: 68 35 31 32 7d 20 2d 63 6f 6e 73 74 72 61 69 6e  h512} -constrain
0a10: 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f  ts {old_api} -bo
0a20: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 35  dy {..badssl dh5
0a30: 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  12.badssl.com.  
0a40: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e    } -result {han
0a50: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 64  dshake failed: d
0a60: 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d  h key too small}
0a70: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
0a80: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0a90: 2e 31 35 20 7b 64 68 35 31 32 7d 20 2d 63 6f 6e  .15 {dh512} -con
0aa0: 73 74 72 61 69 6e 74 73 20 7b 6d 61 63 7d 20 2d  straints {mac} -
0ab0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64  body {..badssl d
0ac0: 68 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  h512.badssl.com.
0ad0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
0ae0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
0af0: 20 75 6e 6b 6e 6f 77 6e 20 73 65 63 75 72 69 74   unknown securit
0b00: 79 20 62 69 74 73 7d 20 2d 72 65 74 75 72 6e 43  y bits} -returnC
0b10: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
0b20: 61 64 53 53 4c 2d 31 2e 31 36 20 7b 64 68 31 30  adSSL-1.16 {dh10
0b30: 32 34 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73  24} -constraints
0b40: 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79   {old_api} -body
0b50: 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 31 30 32   {..badssl dh102
0b60: 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  4.badssl.com.   
0b70: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
0b80: 31 2e 31 37 20 7b 64 68 31 30 32 34 7d 20 2d 63  1.17 {dh1024} -c
0b90: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f  onstraints {new_
0ba0: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  api} -body {..ba
0bb0: 64 73 73 6c 20 64 68 31 30 32 34 2e 62 61 64 73  dssl dh1024.bads
0bc0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
0bd0: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
0be0: 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 74  failed: dh key t
0bf0: 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72  oo small} -retur
0c00: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
0c10: 20 42 61 64 53 53 4c 2d 31 2e 31 38 20 7b 64 68   BadSSL-1.18 {dh
0c20: 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  2048} -body {..b
0c30: 61 64 73 73 6c 20 64 68 32 30 34 38 2e 62 61 64  adssl dh2048.bad
0c40: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74  ssl.com.    }..t
0c50: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 39 20  est BadSSL-1.19 
0c60: 7b 64 73 64 74 65 73 74 70 72 6f 76 69 64 65 72  {dsdtestprovider
0c70: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
0c80: 6c 20 64 73 64 74 65 73 74 70 72 6f 76 69 64 65  l dsdtestprovide
0c90: 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  r.badssl.com.   
0ca0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
0cb0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
0cc0: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
0cd0: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22   failed due to "
0ce0: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f  unable to get lo
0cf0: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69  cal issuer certi
0d00: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e  ficate"} -return
0d10: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
0d20: 42 61 64 53 53 4c 2d 31 2e 32 30 20 7b 65 63 63  BadSSL-1.20 {ecc
0d30: 32 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  256} -body {..ba
0d40: 64 73 73 6c 20 65 63 63 32 35 36 2e 62 61 64 73  dssl ecc256.bads
0d50: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0d60: 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 31 20 7b  st BadSSL-1.21 {
0d70: 65 63 63 33 38 34 7d 20 2d 62 6f 64 79 20 7b 0a  ecc384} -body {.
0d80: 09 62 61 64 73 73 6c 20 65 63 63 33 38 34 2e 62  .badssl ecc384.b
0d90: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
0da0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32  .test BadSSL-1.2
0db0: 32 20 7b 65 64 65 6c 6c 72 6f 6f 74 7d 20 2d 62  2 {edellroot} -b
0dc0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 64  ody {..badssl ed
0dd0: 65 6c 6c 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63  ellroot.badssl.c
0de0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
0df0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
0e00: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
0e10: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
0e20: 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20  e to "unable to 
0e30: 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72  get local issuer
0e40: 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d   certificate"} -
0e50: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
0e60: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32  .test BadSSL-1.2
0e70: 33 20 7b 65 78 70 69 72 65 64 7d 20 2d 62 6f 64  3 {expired} -bod
0e80: 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 70 69  y {..badssl expi
0e90: 72 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  red.badssl.com. 
0ea0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
0eb0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
0ec0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
0ed0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
0ee0: 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61   "certificate ha
0ef0: 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74  s expired"} -ret
0f00: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
0f10: 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 34 20 7b  st BadSSL-1.24 {
0f20: 65 78 74 65 6e 64 65 64 2d 76 61 6c 69 64 61 74  extended-validat
0f30: 69 6f 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ion} -body {..ba
0f40: 64 73 73 6c 20 65 78 74 65 6e 64 65 64 2d 76 61  dssl extended-va
0f50: 6c 69 64 61 74 69 6f 6e 2e 62 61 64 73 73 6c 2e  lidation.badssl.
0f60: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
0f70: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
0f80: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
0f90: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
0fa0: 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61  ue to "certifica
0fb0: 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d  te has expired"}
0fc0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
0fd0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0fe0: 2e 32 35 20 7b 68 73 74 73 7d 20 2d 62 6f 64 79  .25 {hsts} -body
0ff0: 20 7b 0a 09 62 61 64 73 73 6c 20 68 73 74 73 2e   {..badssl hsts.
1000: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
1010: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1020: 32 36 20 7b 68 74 74 70 73 2d 65 76 65 72 79 77  26 {https-everyw
1030: 68 65 72 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  here} -body {..b
1040: 61 64 73 73 6c 20 68 74 74 70 73 2d 65 76 65 72  adssl https-ever
1050: 79 77 68 65 72 65 2e 62 61 64 73 73 6c 2e 63 6f  ywhere.badssl.co
1060: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
1070: 64 53 53 4c 2d 31 2e 32 37 20 7b 69 6e 63 6f 6d  dSSL-1.27 {incom
1080: 70 6c 65 74 65 2d 63 68 61 69 6e 7d 20 2d 62 6f  plete-chain} -bo
1090: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 69 6e 63  dy {..badssl inc
10a0: 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 2e 62 61  omplete-chain.ba
10b0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
10c0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
10d0: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
10e0: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
10f0: 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62  led due to "unab
1100: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20  le to get local 
1110: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61  issuer certifica
1120: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  te"} -returnCode
1130: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
1140: 53 4c 2d 31 2e 32 38 20 7b 69 6e 76 61 6c 69 64  SL-1.28 {invalid
1150: 2d 65 78 70 65 63 74 65 64 2d 73 63 74 7d 20 2d  -expected-sct} -
1160: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 69  body {..badssl i
1170: 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65 64 2d  nvalid-expected-
1180: 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  sct.badssl.com. 
1190: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
11a0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
11b0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
11c0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
11d0: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20   "unable to get 
11e0: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72  local issuer cer
11f0: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75  tificate"} -retu
1200: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
1210: 74 20 42 61 64 53 53 4c 2d 31 2e 32 39 20 7b 6c  t BadSSL-1.29 {l
1220: 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d 73 75 62  ong-extended-sub
1230: 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63 6f 6e 74  domain-name-cont
1240: 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c 65 74 74  aining-many-lett
1250: 65 72 73 2d 61 6e 64 2d 64 61 73 68 65 73 7d 20  ers-and-dashes} 
1260: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1270: 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d 73 75  long-extended-su
1280: 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63 6f 6e  bdomain-name-con
1290: 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c 65 74  taining-many-let
12a0: 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 65 73 2e  ters-and-dashes.
12b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
12c0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
12d0: 33 30 20 7b 6c 6f 6e 67 65 78 74 65 6e 64 65 64  30 {longextended
12e0: 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 77 69 74  subdomainnamewit
12f0: 68 6f 75 74 64 61 73 68 65 73 69 6e 6f 72 64 65  houtdashesinorde
1300: 72 74 6f 74 65 73 74 77 6f 72 64 77 72 61 70 70  rtotestwordwrapp
1310: 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ing} -body {..ba
1320: 64 73 73 6c 20 6c 6f 6e 67 65 78 74 65 6e 64 65  dssl longextende
1330: 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 77 69  dsubdomainnamewi
1340: 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f 72 64  thoutdashesinord
1350: 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 61 70  ertotestwordwrap
1360: 70 69 6e 67 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  ping.badssl.com.
1370: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53      }..test BadS
1380: 53 4c 2d 31 2e 33 31 20 7b 6d 69 74 6d 2d 73 6f  SL-1.31 {mitm-so
1390: 66 74 77 61 72 65 7d 20 2d 62 6f 64 79 20 7b 0a  ftware} -body {.
13a0: 09 62 61 64 73 73 6c 20 6d 69 74 6d 2d 73 6f 66  .badssl mitm-sof
13b0: 74 77 61 72 65 2e 62 61 64 73 73 6c 2e 63 6f 6d  tware.badssl.com
13c0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
13d0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
13e0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
13f0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
1400: 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65  to "unable to ge
1410: 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63  t local issuer c
1420: 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65  ertificate"} -re
1430: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
1440: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 32 20  est BadSSL-1.32 
1450: 7b 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d 65 7d  {no-common-name}
1460: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
1470: 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d 65 2e   no-common-name.
1480: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
1490: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
14a0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
14b0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
14c0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65  ailed due to "ce
14d0: 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78  rtificate has ex
14e0: 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43  pired"} -returnC
14f0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
1500: 61 64 53 53 4c 2d 31 2e 33 33 20 7b 6e 6f 2d 73  adSSL-1.33 {no-s
1510: 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ct} -body {..bad
1520: 73 73 6c 20 6e 6f 2d 73 63 74 2e 62 61 64 73 73  ssl no-sct.badss
1530: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73  l.com.    }..tes
1540: 74 20 42 61 64 53 53 4c 2d 31 2e 33 34 20 7b 6e  t BadSSL-1.34 {n
1550: 6f 2d 73 75 62 6a 65 63 74 7d 20 2d 62 6f 64 79  o-subject} -body
1560: 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 73 75   {..badssl no-su
1570: 62 6a 65 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  bject.badssl.com
1580: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
1590: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
15a0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
15b0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
15c0: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20  to "certificate 
15d0: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72  has expired"} -r
15e0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
15f0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 35  test BadSSL-1.35
1600: 20 7b 6e 75 6c 6c 7d 20 2d 62 6f 64 79 20 7b 0a   {null} -body {.
1610: 09 62 61 64 73 73 6c 20 6e 75 6c 6c 2e 62 61 64  .badssl null.bad
1620: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d  ssl.com.    } -m
1630: 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73  atch {glob} -res
1640: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
1650: 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 68  ailed: * alert h
1660: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65  andshake failure
1670: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
1680: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
1690: 31 2e 33 36 20 7b 70 69 6e 6e 69 6e 67 2d 74 65  1.36 {pinning-te
16a0: 73 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  st} -body {..bad
16b0: 73 73 6c 20 70 69 6e 6e 69 6e 67 2d 74 65 73 74  ssl pinning-test
16c0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
16d0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
16e0: 2e 33 37 20 7b 70 72 65 61 63 74 2d 63 6c 69 7d  .37 {preact-cli}
16f0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
1700: 20 70 72 65 61 63 74 2d 63 6c 69 2e 62 61 64 73   preact-cli.bads
1710: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
1720: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
1730: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63  failed: certific
1740: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65  ate verify faile
1750: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65  d due to "unable
1760: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73   to get local is
1770: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65  suer certificate
1780: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
1790: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
17a0: 2d 31 2e 33 38 20 7b 70 72 65 6c 6f 61 64 65 64  -1.38 {preloaded
17b0: 2d 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09  -hsts} -body {..
17c0: 62 61 64 73 73 6c 20 70 72 65 6c 6f 61 64 65 64  badssl preloaded
17d0: 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d  -hsts.badssl.com
17e0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
17f0: 53 53 4c 2d 31 2e 33 39 20 7b 72 63 34 2d 6d 64  SSL-1.39 {rc4-md
1800: 35 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  5} -body {..bads
1810: 73 6c 20 72 63 34 2d 6d 64 35 2e 62 61 64 73 73  sl rc4-md5.badss
1820: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74  l.com.    } -mat
1830: 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c  ch {glob} -resul
1840: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
1850: 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e  led: * alert han
1860: 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20  dshake failure} 
1870: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
1880: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1890: 34 30 20 7b 72 63 34 7d 20 2d 62 6f 64 79 20 7b  40 {rc4} -body {
18a0: 0a 09 62 61 64 73 73 6c 20 72 63 34 2e 62 61 64  ..badssl rc4.bad
18b0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d  ssl.com.    } -m
18c0: 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73  atch {glob} -res
18d0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
18e0: 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 68  ailed: * alert h
18f0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65  andshake failure
1900: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
1910: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
1920: 31 2e 34 31 20 7b 72 65 76 6f 6b 65 64 7d 20 2d  1.41 {revoked} -
1930: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72  body {..badssl r
1940: 65 76 6f 6b 65 64 2e 62 61 64 73 73 6c 2e 63 6f  evoked.badssl.co
1950: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
1960: 64 53 53 4c 2d 31 2e 34 32 20 7b 72 73 61 32 30  dSSL-1.42 {rsa20
1970: 34 38 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  48} -body {..bad
1980: 73 73 6c 20 72 73 61 32 30 34 38 2e 62 61 64 73  ssl rsa2048.bads
1990: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
19a0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 33 20 7b  st BadSSL-1.43 {
19b0: 72 73 61 34 30 39 36 7d 20 2d 62 6f 64 79 20 7b  rsa4096} -body {
19c0: 0a 09 62 61 64 73 73 6c 20 72 73 61 34 30 39 36  ..badssl rsa4096
19d0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
19e0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
19f0: 2e 34 34 20 7b 72 73 61 38 31 39 32 7d 20 2d 62  .44 {rsa8192} -b
1a00: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 73  ody {..badssl rs
1a10: 61 38 31 39 32 2e 62 61 64 73 73 6c 2e 63 6f 6d  a8192.badssl.com
1a20: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
1a30: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
1a40: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
1a50: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
1a60: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20  to "certificate 
1a70: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72  has expired"} -r
1a80: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
1a90: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 35  test BadSSL-1.45
1aa0: 20 7b 73 65 6c 66 2d 73 69 67 6e 65 64 7d 20 2d   {self-signed} -
1ab0: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64  constraints {old
1ac0: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  _api} -body {..b
1ad0: 61 64 73 73 6c 20 73 65 6c 66 2d 73 69 67 6e 65  adssl self-signe
1ae0: 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  d.badssl.com.   
1af0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
1b00: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
1b10: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
1b20: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22   failed due to "
1b30: 73 65 6c 66 20 73 69 67 6e 65 64 20 63 65 72 74  self signed cert
1b40: 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72  ificate"} -retur
1b50: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
1b60: 20 42 61 64 53 53 4c 2d 31 2e 34 36 20 7b 73 65   BadSSL-1.46 {se
1b70: 6c 66 2d 73 69 67 6e 65 64 7d 20 2d 63 6f 6e 73  lf-signed} -cons
1b80: 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69  traints {new_api
1b90: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
1ba0: 6c 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e 62 61  l self-signed.ba
1bb0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
1bc0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
1bd0: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1be0: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1bf0: 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c 66  led due to "self
1c00: 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63  -signed certific
1c10: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64  ate"} -returnCod
1c20: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
1c30: 53 53 4c 2d 31 2e 34 37 20 7b 73 68 61 31 2d 32  SSL-1.47 {sha1-2
1c40: 30 31 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  016} -body {..ba
1c50: 64 73 73 6c 20 73 68 61 31 2d 32 30 31 36 2e 62  dssl sha1-2016.b
1c60: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
1c70: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
1c80: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
1c90: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
1ca0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61  iled due to "una
1cb0: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c  ble to get local
1cc0: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63   issuer certific
1cd0: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64  ate"} -returnCod
1ce0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
1cf0: 53 53 4c 2d 31 2e 34 38 20 7b 73 68 61 31 2d 32  SSL-1.48 {sha1-2
1d00: 30 31 37 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74  017} -constraint
1d10: 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64  s {old_api} -bod
1d20: 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 31  y {..badssl sha1
1d30: 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e 63 6f 6d  -2017.badssl.com
1d40: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
1d50: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
1d60: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
1d70: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
1d80: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20  to "certificate 
1d90: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72  has expired"} -r
1da0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
1db0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 39  test BadSSL-1.49
1dc0: 20 7b 73 68 61 31 2d 32 30 31 37 7d 20 2d 63 6f   {sha1-2017} -co
1dd0: 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61  nstraints {new_a
1de0: 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  pi} -body {..bad
1df0: 73 73 6c 20 73 68 61 31 2d 32 30 31 37 2e 62 61  ssl sha1-2017.ba
1e00: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
1e10: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
1e20: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1e30: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1e40: 6c 65 64 20 64 75 65 20 74 6f 20 22 43 41 20 73  led due to "CA s
1e50: 69 67 6e 61 74 75 72 65 20 64 69 67 65 73 74 20  ignature digest 
1e60: 61 6c 67 6f 72 69 74 68 6d 20 74 6f 6f 20 77 65  algorithm too we
1e70: 61 6b 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  ak"} -returnCode
1e80: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
1e90: 53 4c 2d 31 2e 35 30 20 7b 73 68 61 31 2d 69 6e  SL-1.50 {sha1-in
1ea0: 74 65 72 6d 65 64 69 61 74 65 7d 20 2d 62 6f 64  termediate} -bod
1eb0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 31  y {..badssl sha1
1ec0: 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 62 61  -intermediate.ba
1ed0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
1ee0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
1ef0: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1f00: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1f10: 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62  led due to "unab
1f20: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20  le to get local 
1f30: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61  issuer certifica
1f40: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  te"} -returnCode
1f50: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
1f60: 53 4c 2d 31 2e 35 31 20 7b 73 68 61 32 35 36 7d  SL-1.51 {sha256}
1f70: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
1f80: 20 73 68 61 32 35 36 2e 62 61 64 73 73 6c 2e 63   sha256.badssl.c
1f90: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
1fa0: 61 64 53 53 4c 2d 31 2e 35 32 20 7b 73 68 61 33  adSSL-1.52 {sha3
1fb0: 38 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  84} -body {..bad
1fc0: 73 73 6c 20 73 68 61 33 38 34 2e 62 61 64 73 73  ssl sha384.badss
1fd0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
1fe0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
1ff0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
2000: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
2010: 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69   due to "certifi
2020: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64  cate has expired
2030: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
2040: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
2050: 2d 31 2e 35 33 20 7b 73 68 61 35 31 32 7d 20 2d  -1.53 {sha512} -
2060: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73  body {..badssl s
2070: 68 61 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d  ha512.badssl.com
2080: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
2090: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
20a0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
20b0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
20c0: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20  to "certificate 
20d0: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72  has expired"} -r
20e0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
20f0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 34  test BadSSL-1.54
2100: 20 7b 73 74 61 74 69 63 2d 72 73 61 7d 20 2d 62   {static-rsa} -b
2110: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 74  ody {..badssl st
2120: 61 74 69 63 2d 72 73 61 2e 62 61 64 73 73 6c 2e  atic-rsa.badssl.
2130: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20  com.    }..test 
2140: 42 61 64 53 53 4c 2d 31 2e 35 35 20 7b 73 75 62  BadSSL-1.55 {sub
2150: 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64  domain.preloaded
2160: 2d 68 73 74 73 7d 20 2d 63 6f 6e 73 74 72 61 69  -hsts} -constrai
2170: 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62  nts {old_api} -b
2180: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 75  ody {..badssl su
2190: 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65  bdomain.preloade
21a0: 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f  d-hsts.badssl.co
21b0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
21c0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
21d0: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
21e0: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
21f0: 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69   to "Hostname mi
2200: 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e  smatch"} -return
2210: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
2220: 42 61 64 53 53 4c 2d 31 2e 35 36 20 7b 73 75 62  BadSSL-1.56 {sub
2230: 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64  domain.preloaded
2240: 2d 68 73 74 73 7d 20 2d 63 6f 6e 73 74 72 61 69  -hsts} -constrai
2250: 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62  nts {new_api} -b
2260: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 75  ody {..badssl su
2270: 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65  bdomain.preloade
2280: 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f  d-hsts.badssl.co
2290: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
22a0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
22b0: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
22c0: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
22d0: 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20 6d 69   to "hostname mi
22e0: 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e  smatch"} -return
22f0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
2300: 42 61 64 53 53 4c 2d 31 2e 35 37 20 7b 73 75 70  BadSSL-1.57 {sup
2310: 65 72 66 69 73 68 7d 20 2d 62 6f 64 79 20 7b 0a  erfish} -body {.
2320: 09 62 61 64 73 73 6c 20 73 75 70 65 72 66 69 73  .badssl superfis
2330: 68 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  h.badssl.com.   
2340: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
2350: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
2360: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
2370: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22   failed due to "
2380: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f  unable to get lo
2390: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69  cal issuer certi
23a0: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e  ficate"} -return
23b0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
23c0: 42 61 64 53 53 4c 2d 31 2e 35 38 20 7b 74 6c 73  BadSSL-1.58 {tls
23d0: 2d 76 31 2d 30 3a 31 30 31 30 7d 20 2d 63 6f 6e  -v1-0:1010} -con
23e0: 73 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 20 6f  straints {tls1 o
23f0: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a  ld_api} -body {.
2400: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30  .badssl tls-v1-0
2410: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30  .badssl.com:1010
2420: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
2430: 53 53 4c 2d 31 2e 35 39 20 7b 74 6c 73 2d 76 31  SSL-1.59 {tls-v1
2440: 2d 30 3a 31 30 31 30 7d 20 2d 63 6f 6e 73 74 72  -0:1010} -constr
2450: 61 69 6e 74 73 20 7b 74 6c 73 31 20 6e 65 77 5f  aints {tls1 new_
2460: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  api} -body {..ba
2470: 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 61  dssl tls-v1-0.ba
2480: 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 20  dssl.com:1010.  
2490: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e    } -result {han
24a0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 75  dshake failed: u
24b0: 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f  nsupported proto
24c0: 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  col} -returnCode
24d0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
24e0: 53 4c 2d 31 2e 36 30 20 7b 74 6c 73 2d 76 31 2d  SL-1.60 {tls-v1-
24f0: 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72 61  1:1011} -constra
2500: 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6f 6c 64  ints {tls1.1 old
2510: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  _api} -body {..b
2520: 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 2e 62  adssl tls-v1-1.b
2530: 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a 20  adssl.com:1011. 
2540: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
2550: 4c 2d 31 2e 36 31 20 7b 74 6c 73 2d 76 31 2d 31  L-1.61 {tls-v1-1
2560: 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72 61 69  :1011} -constrai
2570: 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6e 65 77 5f  nts {tls1.1 new_
2580: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  api} -body {..ba
2590: 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 2e 62 61  dssl tls-v1-1.ba
25a0: 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a 20 20  dssl.com:1011.  
25b0: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e    } -result {han
25c0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 75  dshake failed: u
25d0: 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f  nsupported proto
25e0: 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  col} -returnCode
25f0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
2600: 53 4c 2d 31 2e 36 32 20 7b 74 6c 73 2d 76 31 2d  SL-1.62 {tls-v1-
2610: 32 3a 31 30 31 32 7d 20 2d 63 6f 6e 73 74 72 61  2:1012} -constra
2620: 69 6e 74 73 20 7b 74 6c 73 31 2e 32 7d 20 2d 62  ints {tls1.2} -b
2630: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74 6c  ody {..badssl tl
2640: 73 2d 76 31 2d 32 2e 62 61 64 73 73 6c 2e 63 6f  s-v1-2.badssl.co
2650: 6d 3a 31 30 31 32 0a 20 20 20 20 7d 0a 0a 74 65  m:1012.    }..te
2660: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 33 20 7b  st BadSSL-1.63 {
2670: 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 7d 20  untrusted-root} 
2680: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c  -constraints {ol
2690: 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09  d_api} -body {..
26a0: 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74 65 64  badssl untrusted
26b0: 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  -root.badssl.com
26c0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
26d0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
26e0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
26f0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
2700: 74 6f 20 22 73 65 6c 66 20 73 69 67 6e 65 64 20  to "self signed 
2710: 63 65 72 74 69 66 69 63 61 74 65 20 69 6e 20 63  certificate in c
2720: 65 72 74 69 66 69 63 61 74 65 20 63 68 61 69 6e  ertificate chain
2730: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
2740: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
2750: 2d 31 2e 36 34 20 7b 75 6e 74 72 75 73 74 65 64  -1.64 {untrusted
2760: 2d 72 6f 6f 74 7d 20 2d 63 6f 6e 73 74 72 61 69  -root} -constrai
2770: 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62  nts {new_api} -b
2780: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 75 6e  ody {..badssl un
2790: 74 72 75 73 74 65 64 2d 72 6f 6f 74 2e 62 61 64  trusted-root.bad
27a0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
27b0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
27c0: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
27d0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
27e0: 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c 66 2d  ed due to "self-
27f0: 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61  signed certifica
2800: 74 65 20 69 6e 20 63 65 72 74 69 66 69 63 61 74  te in certificat
2810: 65 20 63 68 61 69 6e 22 7d 20 2d 72 65 74 75 72  e chain"} -retur
2820: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
2830: 20 42 61 64 53 53 4c 2d 31 2e 36 35 20 7b 75 70   BadSSL-1.65 {up
2840: 67 72 61 64 65 7d 20 2d 62 6f 64 79 20 7b 0a 09  grade} -body {..
2850: 62 61 64 73 73 6c 20 75 70 67 72 61 64 65 2e 62  badssl upgrade.b
2860: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
2870: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36  .test BadSSL-1.6
2880: 36 20 7b 77 65 62 70 61 63 6b 2d 64 65 76 2d 73  6 {webpack-dev-s
2890: 65 72 76 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09  erver} -body {..
28a0: 62 61 64 73 73 6c 20 77 65 62 70 61 63 6b 2d 64  badssl webpack-d
28b0: 65 76 2d 73 65 72 76 65 72 2e 62 61 64 73 73 6c  ev-server.badssl
28c0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
28d0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
28e0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
28f0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
2900: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74  due to "unable t
2910: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75  o get local issu
2920: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d  er certificate"}
2930: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
2940: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
2950: 2e 36 37 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 7d  .67 {wrong.host}
2960: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f   -constraints {o
2970: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a  ld_api} -body {.
2980: 09 62 61 64 73 73 6c 20 77 72 6f 6e 67 2e 68 6f  .badssl wrong.ho
2990: 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  st.badssl.com.  
29a0: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e    } -result {han
29b0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63  dshake failed: c
29c0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66  ertificate verif
29d0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20  y failed due to 
29e0: 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74  "Hostname mismat
29f0: 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  ch"} -returnCode
2a00: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
2a10: 53 4c 2d 31 2e 36 38 20 7b 77 72 6f 6e 67 2e 68  SL-1.68 {wrong.h
2a20: 6f 73 74 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74  ost} -constraint
2a30: 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64  s {new_api} -bod
2a40: 79 20 7b 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e  y {..badssl wron
2a50: 67 2e 68 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f  g.host.badssl.co
2a60: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
2a70: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
2a80: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
2a90: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
2aa0: 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20 6d 69   to "hostname mi
2ab0: 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e  smatch"} -return
2ac0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
2ad0: 42 61 64 53 53 4c 2d 31 2e 36 39 20 7b 6d 6f 7a  BadSSL-1.69 {moz
2ae0: 69 6c 6c 61 2d 6d 6f 64 65 72 6e 7d 20 2d 62 6f  illa-modern} -bo
2af0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d 6f 7a  dy {..badssl moz
2b00: 69 6c 6c 61 2d 6d 6f 64 65 72 6e 2e 62 61 64 73  illa-modern.bads
2b10: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 23 20  sl.com.    }..# 
2b20: 43 6c 65 61 6e 75 70 0a 3a 3a 74 63 6c 74 65 73  Cleanup.::tcltes
2b30: 74 3a 3a 63 6c 65 61 6e 75 70 54 65 73 74 73 0a  t::cleanupTests.
2b40: 72 65 74 75 72 6e 0a                             return.