TclTLS: Hex Artifact Content

Artifact 89e2c5b1af623b0010df8d9c30eab037a207f294b9f631ba3c600afd08805a28:

File tests/badssl.test — part of check-in [b186ba1b7d] at 2023-11-14 03:53:04 on branch crypto — Split ciphers test file into digest and info test files. Added common.tcl file for common test constraints. Updated HMAC and CMAC test cases Added RFC 4231 HMAC example test cases. (user: bohagan, size: 8698) [annotate] [blame] [check-ins using] [more...]
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64  # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20   test cases for 
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f  badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b  ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68  age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c   [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d  dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61   == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65  ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d  st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a  port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61  *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74  th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b   [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e  file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61  fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61  uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a  ge require tls..
0120: 23 20 46 69 6e 64 20 64 65 66 61 75 6c 74 20 43  # Find default C
0130: 41 20 63 65 72 74 69 66 69 63 61 74 65 73 20 64  A certificates d
0140: 69 72 65 63 74 6f 72 79 0a 69 66 20 7b 5b 69 6e  irectory.if {[in
0150: 66 6f 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28  fo exists ::env(
0160: 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d  SSL_CERT_FILE)]}
0170: 20 7b 73 65 74 20 3a 3a 63 61 66 69 6c 65 20 24   {set ::cafile $
0180: 3a 3a 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46  ::env(SSL_CERT_F
0190: 49 4c 45 29 7d 20 65 6c 73 65 20 7b 73 65 74 20  ILE)} else {set 
01a0: 3a 3a 63 61 66 69 6c 65 20 5b 66 69 6c 65 20 6e  ::cafile [file n
01b0: 6f 72 6d 61 6c 69 7a 65 20 7b 43 3a 5c 55 73 65  ormalize {C:\Use
01c0: 72 73 5c 42 72 69 61 6e 5c 44 6f 63 75 6d 65 6e  rs\Brian\Documen
01d0: 74 73 5c 53 6f 75 72 63 65 5c 42 75 69 6c 64 5c  ts\Source\Build\
01e0: 53 53 4c 2d 31 2e 31 5c 63 65 72 74 73 5c 63 61  SSL-1.1\certs\ca
01f0: 63 65 72 74 2e 70 65 6d 7d 5d 7d 0a 0a 23 20 43  cert.pem}]}..# C
0200: 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f 75 72 63  onstraints.sourc
0210: 65 20 63 6f 6d 6d 6f 6e 2e 74 63 6c 0a 0a 23 20  e common.tcl..# 
0220: 48 65 6c 70 65 72 20 66 75 6e 63 74 69 6f 6e 73  Helper functions
0230: 0a 70 72 6f 63 20 62 61 64 73 73 6c 20 7b 75 72  .proc badssl {ur
0240: 6c 7d 20 7b 73 65 74 20 70 6f 72 74 20 34 34 33  l} {set port 443
0250: 3b 6c 61 73 73 69 67 6e 20 5b 73 70 6c 69 74 20  ;lassign [split 
0260: 24 75 72 6c 20 22 3a 22 5d 20 75 72 6c 20 70 6f  $url ":"] url po
0270: 72 74 3b 69 66 20 7b 24 70 6f 72 74 20 65 71 20  rt;if {$port eq 
0280: 22 22 7d 20 7b 73 65 74 20 70 6f 72 74 20 34 34  ""} {set port 44
0290: 33 7d 3b 73 65 74 20 63 68 20 5b 74 6c 73 3a 3a  3};set ch [tls::
02a0: 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73 65 72 76  socket -autoserv
02b0: 65 72 6e 61 6d 65 20 31 20 2d 72 65 71 75 69 72  ername 1 -requir
02c0: 65 20 31 20 2d 63 61 66 69 6c 65 20 24 3a 3a 63  e 1 -cafile $::c
02d0: 61 66 69 6c 65 20 24 75 72 6c 20 24 70 6f 72 74  afile $url $port
02e0: 5d 3b 69 66 20 7b 5b 63 61 74 63 68 20 7b 74 6c  ];if {[catch {tl
02f0: 73 3a 3a 68 61 6e 64 73 68 61 6b 65 20 24 63 68  s::handshake $ch
0300: 7d 20 65 72 72 5d 7d 20 7b 63 6c 6f 73 65 20 24  } err]} {close $
0310: 63 68 3b 72 65 74 75 72 6e 20 2d 63 6f 64 65 20  ch;return -code 
0320: 65 72 72 6f 72 20 24 65 72 72 7d 20 65 6c 73 65  error $err} else
0330: 20 7b 63 6c 6f 73 65 20 24 63 68 7d 7d 0a 0a 23   {close $ch}}..#
0340: 20 42 61 64 53 53 4c 2e 63 6f 6d 20 54 65 73 74   BadSSL.com Test
0350: 73 0a 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  s...test BadSSL-
0360: 31 2e 31 20 7b 31 30 30 30 2d 73 61 6e 73 7d 20  1.1 {1000-sans} 
0370: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
0380: 31 30 30 30 2d 73 61 6e 73 2e 62 61 64 73 73 6c  1000-sans.badssl
0390: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
03a0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
03b0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
03c0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
03d0: 64 75 65 20 74 6f 3a 20 63 65 72 74 69 66 69 63  due to: certific
03e0: 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 7d  ate has expired}
03f0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
0400: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0410: 2e 32 20 7b 31 30 30 30 30 2d 73 61 6e 73 7d 20  .2 {10000-sans} 
0420: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
0430: 31 30 30 30 30 2d 73 61 6e 73 2e 62 61 64 73 73  10000-sans.badss
0440: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
0450: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
0460: 61 69 6c 65 64 3a 20 65 78 63 65 73 73 69 76 65  ailed: excessive
0470: 20 6d 65 73 73 61 67 65 20 73 69 7a 65 7d 20 2d   message size} -
0480: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
0490: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33  .test BadSSL-1.3
04a0: 20 7b 33 64 65 73 7d 20 2d 62 6f 64 79 20 7b 0a   {3des} -body {.
04b0: 09 62 61 64 73 73 6c 20 33 64 65 73 2e 62 61 64  .badssl 3des.bad
04c0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
04d0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
04e0: 20 66 61 69 6c 65 64 3a 20 73 73 6c 76 33 20 61   failed: sslv3 a
04f0: 6c 65 72 74 20 68 61 6e 64 73 68 61 6b 65 20 66  lert handshake f
0500: 61 69 6c 75 72 65 7d 20 2d 72 65 74 75 72 6e 43  ailure} -returnC
0510: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
0520: 61 64 53 53 4c 2d 31 2e 34 20 7b 63 61 70 74 69  adSSL-1.4 {capti
0530: 76 65 2d 70 6f 72 74 61 6c 7d 20 2d 62 6f 64 79  ve-portal} -body
0540: 20 7b 0a 09 62 61 64 73 73 6c 20 63 61 70 74 69   {..badssl capti
0550: 76 65 2d 70 6f 72 74 61 6c 2e 62 61 64 73 73 6c  ve-portal.badssl
0560: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
0570: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
0580: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
0590: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
05a0: 64 75 65 20 74 6f 3a 20 48 6f 73 74 6e 61 6d 65  due to: Hostname
05b0: 20 6d 69 73 6d 61 74 63 68 7d 20 2d 72 65 74 75   mismatch} -retu
05c0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
05d0: 74 20 42 61 64 53 53 4c 2d 31 2e 35 20 7b 63 62  t BadSSL-1.5 {cb
05e0: 63 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  c} -body {..bads
05f0: 73 6c 20 63 62 63 2e 62 61 64 73 73 6c 2e 63 6f  sl cbc.badssl.co
0600: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
0610: 64 53 53 4c 2d 31 2e 36 20 7b 63 6c 69 65 6e 74  dSSL-1.6 {client
0620: 2d 63 65 72 74 2d 6d 69 73 73 69 6e 67 7d 20 2d  -cert-missing} -
0630: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 63  body {..badssl c
0640: 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 69 73 73 69  lient-cert-missi
0650: 6e 67 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  ng.badssl.com.  
0660: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
0670: 2d 31 2e 37 20 7b 63 6c 69 65 6e 74 7d 20 2d 62  -1.7 {client} -b
0680: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 6c  ody {..badssl cl
0690: 69 65 6e 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  ient.badssl.com.
06a0: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53      }..test BadS
06b0: 53 4c 2d 31 2e 38 20 7b 64 68 2d 63 6f 6d 70 6f  SL-1.8 {dh-compo
06c0: 73 69 74 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  site} -body {..b
06d0: 61 64 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69  adssl dh-composi
06e0: 74 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  te.badssl.com.  
06f0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
0700: 2d 31 2e 39 20 7b 64 68 2d 73 6d 61 6c 6c 2d 73  -1.9 {dh-small-s
0710: 75 62 67 72 6f 75 70 7d 20 2d 62 6f 64 79 20 7b  ubgroup} -body {
0720: 0a 09 62 61 64 73 73 6c 20 64 68 2d 73 6d 61 6c  ..badssl dh-smal
0730: 6c 2d 73 75 62 67 72 6f 75 70 2e 62 61 64 73 73  l-subgroup.badss
0740: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73  l.com.    }..tes
0750: 74 20 42 61 64 53 53 4c 2d 31 2e 31 30 20 7b 64  t BadSSL-1.10 {d
0760: 68 34 38 30 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  h480} -body {..b
0770: 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61 64 73  adssl dh480.bads
0780: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
0790: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
07a0: 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 74  failed: dh key t
07b0: 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72  oo small} -retur
07c0: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
07d0: 20 42 61 64 53 53 4c 2d 31 2e 31 31 20 7b 64 68   BadSSL-1.11 {dh
07e0: 35 31 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  512} -body {..ba
07f0: 64 73 73 6c 20 64 68 35 31 32 2e 62 61 64 73 73  dssl dh512.badss
0800: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
0810: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
0820: 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 6f  ailed: dh key to
0830: 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e  o small} -return
0840: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
0850: 42 61 64 53 53 4c 2d 31 2e 31 32 20 7b 64 68 31  BadSSL-1.12 {dh1
0860: 30 32 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  024} -body {..ba
0870: 64 73 73 6c 20 64 68 31 30 32 34 2e 62 61 64 73  dssl dh1024.bads
0880: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0890: 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 33 20 7b  st BadSSL-1.13 {
08a0: 64 68 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a  dh2048} -body {.
08b0: 09 62 61 64 73 73 6c 20 64 68 32 30 34 38 2e 62  .badssl dh2048.b
08c0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
08d0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31  .test BadSSL-1.1
08e0: 34 20 7b 64 73 64 74 65 73 74 70 72 6f 76 69 64  4 {dsdtestprovid
08f0: 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  er} -body {..bad
0900: 73 73 6c 20 64 73 64 74 65 73 74 70 72 6f 76 69  ssl dsdtestprovi
0910: 64 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  der.badssl.com. 
0920: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
0930: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
0940: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
0950: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
0960: 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20  : unable to get 
0970: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72  local issuer cer
0980: 74 69 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72  tificate} -retur
0990: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
09a0: 20 42 61 64 53 53 4c 2d 31 2e 31 35 20 7b 65 63   BadSSL-1.15 {ec
09b0: 63 32 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  c256} -body {..b
09c0: 61 64 73 73 6c 20 65 63 63 32 35 36 2e 62 61 64  adssl ecc256.bad
09d0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74  ssl.com.    }..t
09e0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 36 20  est BadSSL-1.16 
09f0: 7b 65 63 63 33 38 34 7d 20 2d 62 6f 64 79 20 7b  {ecc384} -body {
0a00: 0a 09 62 61 64 73 73 6c 20 65 63 63 33 38 34 2e  ..badssl ecc384.
0a10: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0a20: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
0a30: 31 37 20 7b 65 64 65 6c 6c 72 6f 6f 74 7d 20 2d  17 {edellroot} -
0a40: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65  body {..badssl e
0a50: 64 65 6c 6c 72 6f 6f 74 2e 62 61 64 73 73 6c 2e  dellroot.badssl.
0a60: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
0a70: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
0a80: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
0a90: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
0aa0: 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f  ue to: unable to
0ab0: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65   get local issue
0ac0: 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20 2d  r certificate} -
0ad0: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
0ae0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31  .test BadSSL-1.1
0af0: 38 20 7b 65 78 70 69 72 65 64 7d 20 2d 62 6f 64  8 {expired} -bod
0b00: 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 70 69  y {..badssl expi
0b10: 72 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  red.badssl.com. 
0b20: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
0b30: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
0b40: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
0b50: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
0b60: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 68 61  : certificate ha
0b70: 73 20 65 78 70 69 72 65 64 7d 20 2d 72 65 74 75  s expired} -retu
0b80: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
0b90: 74 20 42 61 64 53 53 4c 2d 31 2e 31 39 20 7b 65  t BadSSL-1.19 {e
0ba0: 78 74 65 6e 64 65 64 2d 76 61 6c 69 64 61 74 69  xtended-validati
0bb0: 6f 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  on} -body {..bad
0bc0: 73 73 6c 20 65 78 74 65 6e 64 65 64 2d 76 61 6c  ssl extended-val
0bd0: 69 64 61 74 69 6f 6e 2e 62 61 64 73 73 6c 2e 63  idation.badssl.c
0be0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
0bf0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
0c00: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
0c10: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
0c20: 65 20 74 6f 3a 20 63 65 72 74 69 66 69 63 61 74  e to: certificat
0c30: 65 20 68 61 73 20 65 78 70 69 72 65 64 7d 20 2d  e has expired} -
0c40: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
0c50: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32  .test BadSSL-1.2
0c60: 30 20 7b 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b  0 {hsts} -body {
0c70: 0a 09 62 61 64 73 73 6c 20 68 73 74 73 2e 62 61  ..badssl hsts.ba
0c80: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
0c90: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 31  test BadSSL-1.21
0ca0: 20 7b 68 74 74 70 73 2d 65 76 65 72 79 77 68 65   {https-everywhe
0cb0: 72 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  re} -body {..bad
0cc0: 73 73 6c 20 68 74 74 70 73 2d 65 76 65 72 79 77  ssl https-everyw
0cd0: 68 65 72 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  here.badssl.com.
0ce0: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53      }..test BadS
0cf0: 53 4c 2d 31 2e 32 32 20 7b 69 6e 63 6f 6d 70 6c  SL-1.22 {incompl
0d00: 65 74 65 2d 63 68 61 69 6e 7d 20 2d 62 6f 64 79  ete-chain} -body
0d10: 20 7b 0a 09 62 61 64 73 73 6c 20 69 6e 63 6f 6d   {..badssl incom
0d20: 70 6c 65 74 65 2d 63 68 61 69 6e 2e 62 61 64 73  plete-chain.bads
0d30: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
0d40: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
0d50: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63  failed: certific
0d60: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65  ate verify faile
0d70: 64 20 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65  d due to: unable
0d80: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73   to get local is
0d90: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65  suer certificate
0da0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
0db0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
0dc0: 31 2e 32 33 20 7b 69 6e 76 61 6c 69 64 2d 65 78  1.23 {invalid-ex
0dd0: 70 65 63 74 65 64 2d 73 63 74 7d 20 2d 62 6f 64  pected-sct} -bod
0de0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 69 6e 76 61  y {..badssl inva
0df0: 6c 69 64 2d 65 78 70 65 63 74 65 64 2d 73 63 74  lid-expected-sct
0e00: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0e10: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
0e20: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72  hake failed: cer
0e30: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20  tificate verify 
0e40: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 75  failed due to: u
0e50: 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63  nable to get loc
0e60: 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66  al issuer certif
0e70: 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f  icate} -returnCo
0e80: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
0e90: 64 53 53 4c 2d 31 2e 32 34 20 7b 6c 6f 6e 67 2d  dSSL-1.24 {long-
0ea0: 65 78 74 65 6e 64 65 64 2d 73 75 62 64 6f 6d 61  extended-subdoma
0eb0: 69 6e 2d 6e 61 6d 65 2d 63 6f 6e 74 61 69 6e 69  in-name-containi
0ec0: 6e 67 2d 6d 61 6e 79 2d 6c 65 74 74 65 72 73 2d  ng-many-letters-
0ed0: 61 6e 64 2d 64 61 73 68 65 73 7d 20 2d 62 6f 64  and-dashes} -bod
0ee0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6c 6f 6e 67  y {..badssl long
0ef0: 2d 65 78 74 65 6e 64 65 64 2d 73 75 62 64 6f 6d  -extended-subdom
0f00: 61 69 6e 2d 6e 61 6d 65 2d 63 6f 6e 74 61 69 6e  ain-name-contain
0f10: 69 6e 67 2d 6d 61 6e 79 2d 6c 65 74 74 65 72 73  ing-many-letters
0f20: 2d 61 6e 64 2d 64 61 73 68 65 73 2e 62 61 64 73  -and-dashes.bads
0f30: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0f40: 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 35 20 7b  st BadSSL-1.25 {
0f50: 6c 6f 6e 67 65 78 74 65 6e 64 65 64 73 75 62 64  longextendedsubd
0f60: 6f 6d 61 69 6e 6e 61 6d 65 77 69 74 68 6f 75 74  omainnamewithout
0f70: 64 61 73 68 65 73 69 6e 6f 72 64 65 72 74 6f 74  dashesinordertot
0f80: 65 73 74 77 6f 72 64 77 72 61 70 70 69 6e 67 7d  estwordwrapping}
0f90: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
0fa0: 20 6c 6f 6e 67 65 78 74 65 6e 64 65 64 73 75 62   longextendedsub
0fb0: 64 6f 6d 61 69 6e 6e 61 6d 65 77 69 74 68 6f 75  domainnamewithou
0fc0: 74 64 61 73 68 65 73 69 6e 6f 72 64 65 72 74 6f  tdashesinorderto
0fd0: 74 65 73 74 77 6f 72 64 77 72 61 70 70 69 6e 67  testwordwrapping
0fe0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0ff0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
1000: 2e 32 36 20 7b 6d 69 74 6d 2d 73 6f 66 74 77 61  .26 {mitm-softwa
1010: 72 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  re} -body {..bad
1020: 73 73 6c 20 6d 69 74 6d 2d 73 6f 66 74 77 61 72  ssl mitm-softwar
1030: 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  e.badssl.com.   
1040: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
1050: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
1060: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
1070: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20   failed due to: 
1080: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f  unable to get lo
1090: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69  cal issuer certi
10a0: 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43  ficate} -returnC
10b0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
10c0: 61 64 53 53 4c 2d 31 2e 32 37 20 7b 6e 6f 2d 63  adSSL-1.27 {no-c
10d0: 6f 6d 6d 6f 6e 2d 6e 61 6d 65 7d 20 2d 62 6f 64  ommon-name} -bod
10e0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 63  y {..badssl no-c
10f0: 6f 6d 6d 6f 6e 2d 6e 61 6d 65 2e 62 61 64 73 73  ommon-name.badss
1100: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
1110: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
1120: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
1130: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
1140: 20 64 75 65 20 74 6f 3a 20 63 65 72 74 69 66 69   due to: certifi
1150: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64  cate has expired
1160: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
1170: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
1180: 31 2e 32 38 20 7b 6e 6f 2d 73 63 74 7d 20 2d 62  1.28 {no-sct} -b
1190: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f  ody {..badssl no
11a0: 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  -sct.badssl.com.
11b0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
11c0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
11d0: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
11e0: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
11f0: 6f 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67 65 74  o: unable to get
1200: 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65   local issuer ce
1210: 72 74 69 66 69 63 61 74 65 7d 20 2d 72 65 74 75  rtificate} -retu
1220: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
1230: 74 20 42 61 64 53 53 4c 2d 31 2e 32 39 20 7b 6e  t BadSSL-1.29 {n
1240: 6f 2d 73 75 62 6a 65 63 74 7d 20 2d 62 6f 64 79  o-subject} -body
1250: 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 73 75   {..badssl no-su
1260: 62 6a 65 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  bject.badssl.com
1270: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
1280: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
1290: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
12a0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
12b0: 74 6f 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  to: certificate 
12c0: 68 61 73 20 65 78 70 69 72 65 64 7d 20 2d 72 65  has expired} -re
12d0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
12e0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 30 20  est BadSSL-1.30 
12f0: 7b 6e 75 6c 6c 7d 20 2d 62 6f 64 79 20 7b 0a 09  {null} -body {..
1300: 62 61 64 73 73 6c 20 6e 75 6c 6c 2e 62 61 64 73  badssl null.bads
1310: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
1320: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
1330: 66 61 69 6c 65 64 3a 20 73 73 6c 76 33 20 61 6c  failed: sslv3 al
1340: 65 72 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61  ert handshake fa
1350: 69 6c 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f  ilure} -returnCo
1360: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1370: 64 53 53 4c 2d 31 2e 33 31 20 7b 70 69 6e 6e 69  dSSL-1.31 {pinni
1380: 6e 67 2d 74 65 73 74 7d 20 2d 62 6f 64 79 20 7b  ng-test} -body {
1390: 0a 09 62 61 64 73 73 6c 20 70 69 6e 6e 69 6e 67  ..badssl pinning
13a0: 2d 74 65 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  -test.badssl.com
13b0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
13c0: 53 53 4c 2d 31 2e 33 32 20 7b 70 72 65 61 63 74  SSL-1.32 {preact
13d0: 2d 63 6c 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  -cli} -body {..b
13e0: 61 64 73 73 6c 20 70 72 65 61 63 74 2d 63 6c 69  adssl preact-cli
13f0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
1400: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
1410: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72  hake failed: cer
1420: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20  tificate verify 
1430: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 75  failed due to: u
1440: 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63  nable to get loc
1450: 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66  al issuer certif
1460: 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f  icate} -returnCo
1470: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1480: 64 53 53 4c 2d 31 2e 33 33 20 7b 70 72 65 6c 6f  dSSL-1.33 {prelo
1490: 61 64 65 64 2d 68 73 74 73 7d 20 2d 62 6f 64 79  aded-hsts} -body
14a0: 20 7b 0a 09 62 61 64 73 73 6c 20 70 72 65 6c 6f   {..badssl prelo
14b0: 61 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c  aded-hsts.badssl
14c0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
14d0: 20 42 61 64 53 53 4c 2d 31 2e 33 34 20 7b 72 63   BadSSL-1.34 {rc
14e0: 34 2d 6d 64 35 7d 20 2d 62 6f 64 79 20 7b 0a 09  4-md5} -body {..
14f0: 62 61 64 73 73 6c 20 72 63 34 2d 6d 64 35 2e 62  badssl rc4-md5.b
1500: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
1510: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
1520: 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c 76 33  ke failed: sslv3
1530: 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61 6b 65   alert handshake
1540: 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74 75 72   failure} -retur
1550: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
1560: 20 42 61 64 53 53 4c 2d 31 2e 33 35 20 7b 72 63   BadSSL-1.35 {rc
1570: 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  4} -body {..bads
1580: 73 6c 20 72 63 34 2e 62 61 64 73 73 6c 2e 63 6f  sl rc4.badssl.co
1590: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
15a0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
15b0: 64 3a 20 73 73 6c 76 33 20 61 6c 65 72 74 20 68  d: sslv3 alert h
15c0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65  andshake failure
15d0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
15e0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
15f0: 31 2e 33 36 20 7b 72 65 76 6f 6b 65 64 7d 20 2d  1.36 {revoked} -
1600: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72  body {..badssl r
1610: 65 76 6f 6b 65 64 2e 62 61 64 73 73 6c 2e 63 6f  evoked.badssl.co
1620: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
1630: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
1640: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
1650: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
1660: 20 74 6f 3a 20 63 65 72 74 69 66 69 63 61 74 65   to: certificate
1670: 20 68 61 73 20 65 78 70 69 72 65 64 7d 20 2d 72   has expired} -r
1680: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
1690: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 37  test BadSSL-1.37
16a0: 20 7b 72 73 61 32 30 34 38 7d 20 2d 62 6f 64 79   {rsa2048} -body
16b0: 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 61 32 30   {..badssl rsa20
16c0: 34 38 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  48.badssl.com.  
16d0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
16e0: 2d 31 2e 33 38 20 7b 72 73 61 34 30 39 36 7d 20  -1.38 {rsa4096} 
16f0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1700: 72 73 61 34 30 39 36 2e 62 61 64 73 73 6c 2e 63  rsa4096.badssl.c
1710: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
1720: 61 64 53 53 4c 2d 31 2e 33 39 20 7b 72 73 61 38  adSSL-1.39 {rsa8
1730: 31 39 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  192} -body {..ba
1740: 64 73 73 6c 20 72 73 61 38 31 39 32 2e 62 61 64  dssl rsa8192.bad
1750: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74  ssl.com.    }..t
1760: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 30 20  est BadSSL-1.40 
1770: 7b 73 65 6c 66 2d 73 69 67 6e 65 64 7d 20 2d 62  {self-signed} -b
1780: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 65  ody {..badssl se
1790: 6c 66 2d 73 69 67 6e 65 64 2e 62 61 64 73 73 6c  lf-signed.badssl
17a0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
17b0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
17c0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
17d0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
17e0: 64 75 65 20 74 6f 3a 20 73 65 6c 66 20 73 69 67  due to: self sig
17f0: 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 7d  ned certificate}
1800: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
1810: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
1820: 2e 34 31 20 7b 73 68 61 31 2d 32 30 31 36 7d 20  .41 {sha1-2016} 
1830: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1840: 73 68 61 31 2d 32 30 31 36 2e 62 61 64 73 73 6c  sha1-2016.badssl
1850: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
1860: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
1870: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
1880: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
1890: 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74  due to: unable t
18a0: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75  o get local issu
18b0: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20  er certificate} 
18c0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
18d0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
18e0: 34 32 20 7b 73 68 61 31 2d 32 30 31 37 7d 20 2d  42 {sha1-2017} -
18f0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73  body {..badssl s
1900: 68 61 31 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e  ha1-2017.badssl.
1910: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
1920: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
1930: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
1940: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
1950: 75 65 20 74 6f 3a 20 63 65 72 74 69 66 69 63 61  ue to: certifica
1960: 74 65 20 68 61 73 20 65 78 70 69 72 65 64 7d 20  te has expired} 
1970: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
1980: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1990: 34 33 20 7b 73 68 61 31 2d 69 6e 74 65 72 6d 65  43 {sha1-interme
19a0: 64 69 61 74 65 7d 20 2d 62 6f 64 79 20 7b 0a 09  diate} -body {..
19b0: 62 61 64 73 73 6c 20 73 68 61 31 2d 69 6e 74 65  badssl sha1-inte
19c0: 72 6d 65 64 69 61 74 65 2e 62 61 64 73 73 6c 2e  rmediate.badssl.
19d0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
19e0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
19f0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
1a00: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
1a10: 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f  ue to: unable to
1a20: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65   get local issue
1a30: 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20 2d  r certificate} -
1a40: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
1a50: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34  .test BadSSL-1.4
1a60: 34 20 7b 73 68 61 32 35 36 7d 20 2d 62 6f 64 79  4 {sha256} -body
1a70: 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 32 35   {..badssl sha25
1a80: 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  6.badssl.com.   
1a90: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
1aa0: 31 2e 34 35 20 7b 73 68 61 33 38 34 7d 20 2d 62  1.45 {sha384} -b
1ab0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68  ody {..badssl sh
1ac0: 61 33 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  a384.badssl.com.
1ad0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
1ae0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
1af0: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
1b00: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
1b10: 6f 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 68  o: certificate h
1b20: 61 73 20 65 78 70 69 72 65 64 7d 20 2d 72 65 74  as expired} -ret
1b30: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
1b40: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 36 20 7b  st BadSSL-1.46 {
1b50: 73 68 61 35 31 32 7d 20 2d 62 6f 64 79 20 7b 0a  sha512} -body {.
1b60: 09 62 61 64 73 73 6c 20 73 68 61 35 31 32 2e 62  .badssl sha512.b
1b70: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
1b80: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
1b90: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
1ba0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
1bb0: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72  iled due to: cer
1bc0: 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70  tificate has exp
1bd0: 69 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64  ired} -returnCod
1be0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
1bf0: 53 53 4c 2d 31 2e 34 37 20 7b 73 74 61 74 69 63  SSL-1.47 {static
1c00: 2d 72 73 61 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  -rsa} -body {..b
1c10: 61 64 73 73 6c 20 73 74 61 74 69 63 2d 72 73 61  adssl static-rsa
1c20: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
1c30: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
1c40: 2e 34 38 20 7b 73 75 62 64 6f 6d 61 69 6e 2e 70  .48 {subdomain.p
1c50: 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 7d 20 2d  reloaded-hsts} -
1c60: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73  body {..badssl s
1c70: 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64  ubdomain.preload
1c80: 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63  ed-hsts.badssl.c
1c90: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
1ca0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
1cb0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
1cc0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
1cd0: 65 20 74 6f 3a 20 48 6f 73 74 6e 61 6d 65 20 6d  e to: Hostname m
1ce0: 69 73 6d 61 74 63 68 7d 20 2d 72 65 74 75 72 6e  ismatch} -return
1cf0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
1d00: 42 61 64 53 53 4c 2d 31 2e 34 39 20 7b 73 75 70  BadSSL-1.49 {sup
1d10: 65 72 66 69 73 68 7d 20 2d 62 6f 64 79 20 7b 0a  erfish} -body {.
1d20: 09 62 61 64 73 73 6c 20 73 75 70 65 72 66 69 73  .badssl superfis
1d30: 68 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  h.badssl.com.   
1d40: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
1d50: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
1d60: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
1d70: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20   failed due to: 
1d80: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f  unable to get lo
1d90: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69  cal issuer certi
1da0: 66 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43  ficate} -returnC
1db0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
1dc0: 61 64 53 53 4c 2d 31 2e 35 30 20 7b 74 6c 73 2d  adSSL-1.50 {tls-
1dd0: 76 31 2d 30 3a 31 30 31 30 7d 20 2d 63 6f 6e 73  v1-0:1010} -cons
1de0: 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 7d 20 2d  traints {tls1} -
1df0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74  body {..badssl t
1e00: 6c 73 2d 76 31 2d 30 2e 62 61 64 73 73 6c 2e 63  ls-v1-0.badssl.c
1e10: 6f 6d 3a 31 30 31 30 0a 20 20 20 20 7d 0a 0a 74  om:1010.    }..t
1e20: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 31 20  est BadSSL-1.51 
1e30: 7b 74 6c 73 2d 76 31 2d 31 3a 31 30 31 31 7d 20  {tls-v1-1:1011} 
1e40: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c  -constraints {tl
1e50: 73 31 2e 31 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  s1.1} -body {..b
1e60: 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 2e 62  adssl tls-v1-1.b
1e70: 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a 20  adssl.com:1011. 
1e80: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
1e90: 4c 2d 31 2e 35 32 20 7b 74 6c 73 2d 76 31 2d 32  L-1.52 {tls-v1-2
1ea0: 3a 31 30 31 32 7d 20 2d 63 6f 6e 73 74 72 61 69  :1012} -constrai
1eb0: 6e 74 73 20 7b 74 6c 73 31 2e 32 7d 20 2d 62 6f  nts {tls1.2} -bo
1ec0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74 6c 73  dy {..badssl tls
1ed0: 2d 76 31 2d 32 2e 62 61 64 73 73 6c 2e 63 6f 6d  -v1-2.badssl.com
1ee0: 3a 31 30 31 32 0a 20 20 20 20 7d 0a 0a 74 65 73  :1012.    }..tes
1ef0: 74 20 42 61 64 53 53 4c 2d 31 2e 35 33 20 7b 75  t BadSSL-1.53 {u
1f00: 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 7d 20 2d  ntrusted-root} -
1f10: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 75  body {..badssl u
1f20: 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 2e 62 61  ntrusted-root.ba
1f30: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
1f40: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
1f50: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1f60: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1f70: 6c 65 64 20 64 75 65 20 74 6f 3a 20 73 65 6c 66  led due to: self
1f80: 20 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63   signed certific
1f90: 61 74 65 20 69 6e 20 63 65 72 74 69 66 69 63 61  ate in certifica
1fa0: 74 65 20 63 68 61 69 6e 7d 20 2d 72 65 74 75 72  te chain} -retur
1fb0: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
1fc0: 20 42 61 64 53 53 4c 2d 31 2e 35 34 20 7b 75 70   BadSSL-1.54 {up
1fd0: 67 72 61 64 65 7d 20 2d 62 6f 64 79 20 7b 0a 09  grade} -body {..
1fe0: 62 61 64 73 73 6c 20 75 70 67 72 61 64 65 2e 62  badssl upgrade.b
1ff0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
2000: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35  .test BadSSL-1.5
2010: 35 20 7b 77 65 62 70 61 63 6b 2d 64 65 76 2d 73  5 {webpack-dev-s
2020: 65 72 76 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09  erver} -body {..
2030: 62 61 64 73 73 6c 20 77 65 62 70 61 63 6b 2d 64  badssl webpack-d
2040: 65 76 2d 73 65 72 76 65 72 2e 62 61 64 73 73 6c  ev-server.badssl
2050: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
2060: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
2070: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
2080: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
2090: 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74  due to: unable t
20a0: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75  o get local issu
20b0: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20  er certificate} 
20c0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
20d0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
20e0: 35 36 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 7d 20  56 {wrong.host} 
20f0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
2100: 77 72 6f 6e 67 2e 68 6f 73 74 2e 62 61 64 73 73  wrong.host.badss
2110: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
2120: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
2130: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
2140: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
2150: 20 64 75 65 20 74 6f 3a 20 48 6f 73 74 6e 61 6d   due to: Hostnam
2160: 65 20 6d 69 73 6d 61 74 63 68 7d 20 2d 72 65 74  e mismatch} -ret
2170: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
2180: 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 37 20 7b  st BadSSL-1.57 {
2190: 6d 6f 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 7d 20  mozilla-modern} 
21a0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
21b0: 6d 6f 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 2e 62  mozilla-modern.b
21c0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
21d0: 0a 23 20 43 6c 65 61 6e 75 70 0a 3a 3a 74 63 6c  .# Cleanup.::tcl
21e0: 74 65 73 74 3a 3a 63 6c 65 61 6e 75 70 54 65 73  test::cleanupTes
21f0: 74 73 0a 72 65 74 75 72 6e 0a                    ts.return.