TclTLS: Hex Artifact Content

Artifact a6c7605a90df3ffa4d6ed5fd1913c9567e2836da9a2130f71e5a150c1ee8508b:

File tests/badssl.test — part of check-in [56211138fe] at 2025-10-05 22:27:26 on branch tls-2.0 — Test case updates to fix error messages, move broken ciphers to old_api category, use package prefer latest (user: bohagan, size: 11081) [annotate] [blame] [check-ins using]
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64  # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20   test cases for 
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f  badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b  ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68  age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c   [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d  dren] ::tcltest]
0070: 20 3c 20 30 7d 20 7b 0a 09 70 61 63 6b 61 67 65   < 0} {..package
0080: 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 73 74   require tcltest
0090: 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d 70 6f  ..namespace impo
00a0: 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a 2a 0a  rt ::tcltest::*.
00b0: 7d 0a 0a 73 65 74 20 3a 3a 61 75 74 6f 5f 70 61  }..set ::auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74  th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b   [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e  file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 3a  fo script]]]] $:
0100: 3a 61 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63  :auto_path]..pac
0110: 6b 61 67 65 20 70 72 65 66 65 72 20 6c 61 74 65  kage prefer late
0120: 73 74 0a 70 61 63 6b 61 67 65 20 72 65 71 75 69  st.package requi
0130: 72 65 20 74 6c 73 0a 0a 23 20 43 6f 6e 73 74 72  re tls..# Constr
0140: 61 69 6e 74 73 0a 73 6f 75 72 63 65 20 5b 66 69  aints.source [fi
0150: 6c 65 20 6a 6f 69 6e 20 5b 66 69 6c 65 20 64 69  le join [file di
0160: 72 6e 61 6d 65 20 5b 69 6e 66 6f 20 73 63 72 69  rname [info scri
0170: 70 74 5d 5d 20 63 6f 6d 6d 6f 6e 2e 74 63 6c 5d  pt]] common.tcl]
0180: 0a 0a 23 20 48 65 6c 70 65 72 20 66 75 6e 63 74  ..# Helper funct
0190: 69 6f 6e 73 0a 70 72 6f 63 20 62 61 64 73 73 6c  ions.proc badssl
01a0: 20 7b 75 72 6c 7d 20 7b 73 65 74 20 70 6f 72 74   {url} {set port
01b0: 20 34 34 33 3b 6c 61 73 73 69 67 6e 20 5b 73 70   443;lassign [sp
01c0: 6c 69 74 20 24 75 72 6c 20 22 3a 22 5d 20 75 72  lit $url ":"] ur
01d0: 6c 20 70 6f 72 74 3b 69 66 20 7b 24 70 6f 72 74  l port;if {$port
01e0: 20 65 71 20 22 22 7d 20 7b 73 65 74 20 70 6f 72   eq ""} {set por
01f0: 74 20 34 34 33 7d 3b 73 65 74 20 63 6d 64 20 5b  t 443};set cmd [
0200: 6c 69 73 74 20 74 6c 73 3a 3a 73 6f 63 6b 65 74  list tls::socket
0210: 20 2d 61 75 74 6f 73 65 72 76 65 72 6e 61 6d 65   -autoservername
0220: 20 31 20 2d 72 65 71 75 69 72 65 20 31 5d 3b 69   1 -require 1];i
0230: 66 20 7b 5b 69 6e 66 6f 20 65 78 69 73 74 73 20  f {[info exists 
0240: 3a 3a 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46  ::env(SSL_CERT_F
0250: 49 4c 45 29 5d 7d 20 7b 6c 61 70 70 65 6e 64 20  ILE)]} {lappend 
0260: 63 6d 64 20 2d 63 61 66 69 6c 65 20 24 3a 3a 65  cmd -cafile $::e
0270: 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45  nv(SSL_CERT_FILE
0280: 29 7d 3b 6c 61 70 70 65 6e 64 20 63 6d 64 20 24  )};lappend cmd $
0290: 75 72 6c 20 24 70 6f 72 74 3b 73 65 74 20 63 68  url $port;set ch
02a0: 20 5b 65 76 61 6c 20 24 63 6d 64 5d 3b 69 66 20   [eval $cmd];if 
02b0: 7b 5b 63 61 74 63 68 20 7b 74 6c 73 3a 3a 68 61  {[catch {tls::ha
02c0: 6e 64 73 68 61 6b 65 20 24 63 68 7d 20 65 72 72  ndshake $ch} err
02d0: 5d 7d 20 7b 63 6c 6f 73 65 20 24 63 68 3b 72 65  ]} {close $ch;re
02e0: 74 75 72 6e 20 2d 63 6f 64 65 20 65 72 72 6f 72  turn -code error
02f0: 20 24 65 72 72 7d 20 65 6c 73 65 20 7b 63 6c 6f   $err} else {clo
0300: 73 65 20 24 63 68 7d 7d 0a 0a 23 20 42 61 64 53  se $ch}}..# BadS
0310: 53 4c 2e 63 6f 6d 20 54 65 73 74 73 0a 0a 0a 74  SL.com Tests...t
0320: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 20 7b  est BadSSL-1.1 {
0330: 31 30 30 30 20 73 61 6e 73 7d 20 2d 62 6f 64 79  1000 sans} -body
0340: 20 7b 0a 09 62 61 64 73 73 6c 20 31 30 30 30 2d   {..badssl 1000-
0350: 73 61 6e 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  sans.badssl.com.
0360: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
0370: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
0380: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
0390: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
03a0: 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68  o "certificate h
03b0: 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65  as expired"} -re
03c0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
03d0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 20 7b  est BadSSL-1.2 {
03e0: 31 30 30 30 30 20 73 61 6e 73 7d 20 2d 62 6f 64  10000 sans} -bod
03f0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 31 30 30 30  y {..badssl 1000
0400: 30 2d 73 61 6e 73 2e 62 61 64 73 73 6c 2e 63 6f  0-sans.badssl.co
0410: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
0420: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
0430: 64 3a 20 65 78 63 65 73 73 69 76 65 20 6d 65 73  d: excessive mes
0440: 73 61 67 65 20 73 69 7a 65 7d 20 2d 72 65 74 75  sage size} -retu
0450: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
0460: 74 20 42 61 64 53 53 4c 2d 31 2e 33 20 7b 33 64  t BadSSL-1.3 {3d
0470: 65 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  es} -body {..bad
0480: 73 73 6c 20 33 64 65 73 2e 62 61 64 73 73 6c 2e  ssl 3des.badssl.
0490: 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68  com.    } -match
04a0: 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20   {glob} -result 
04b0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
04c0: 64 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 73  d: * alert hands
04d0: 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72  hake failure} -r
04e0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
04f0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20  test BadSSL-1.4 
0500: 7b 63 61 70 74 69 76 65 20 70 6f 72 74 61 6c 7d  {captive portal}
0510: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f   -constraints {o
0520: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a  ld_api} -body {.
0530: 09 62 61 64 73 73 6c 20 63 61 70 74 69 76 65 2d  .badssl captive-
0540: 70 6f 72 74 61 6c 2e 62 61 64 73 73 6c 2e 63 6f  portal.badssl.co
0550: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
0560: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
0570: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
0580: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
0590: 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69   to "Hostname mi
05a0: 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e  smatch"} -return
05b0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
05c0: 42 61 64 53 53 4c 2d 31 2e 35 20 7b 63 61 70 74  BadSSL-1.5 {capt
05d0: 69 76 65 20 70 6f 72 74 61 6c 7d 20 2d 63 6f 6e  ive portal} -con
05e0: 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70  straints {new_ap
05f0: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  i} -body {..bads
0600: 73 6c 20 63 61 70 74 69 76 65 2d 70 6f 72 74 61  sl captive-porta
0610: 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  l.badssl.com.   
0620: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
0630: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
0640: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
0650: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22   failed due to "
0660: 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63  hostname mismatc
0670: 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  h"} -returnCodes
0680: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
0690: 4c 2d 31 2e 36 20 7b 63 62 63 7d 20 2d 62 6f 64  L-1.6 {cbc} -bod
06a0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 62 63 2e  y {..badssl cbc.
06b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
06c0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
06d0: 37 20 7b 63 6c 69 65 6e 74 20 63 65 72 74 20 6d  7 {client cert m
06e0: 69 73 73 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a  issing} -body {.
06f0: 09 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2d 63  .badssl client-c
0700: 65 72 74 2d 6d 69 73 73 69 6e 67 2e 62 61 64 73  ert-missing.bads
0710: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0720: 73 74 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 63  st BadSSL-1.8 {c
0730: 6c 69 65 6e 74 7d 20 2d 62 6f 64 79 20 7b 0a 09  lient} -body {..
0740: 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2e 62 61  badssl client.ba
0750: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
0760: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 39 20  test BadSSL-1.9 
0770: 7b 64 68 20 63 6f 6d 70 6f 73 69 74 65 7d 20 2d  {dh composite} -
0780: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64  constraints {old
0790: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  _api} -body {..b
07a0: 61 64 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69  adssl dh-composi
07b0: 74 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  te.badssl.com.  
07c0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
07d0: 2d 31 2e 31 30 20 7b 64 68 20 63 6f 6d 70 6f 73  -1.10 {dh compos
07e0: 69 74 65 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74  ite} -constraint
07f0: 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64  s {new_api} -bod
0800: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63  y {..badssl dh-c
0810: 6f 6d 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e  omposite.badssl.
0820: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
0830: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
0840: 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20  led: dh key too 
0850: 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f  small} -returnCo
0860: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
0870: 64 53 53 4c 2d 31 2e 31 31 20 7b 64 68 20 73 6d  dSSL-1.11 {dh sm
0880: 61 6c 6c 20 73 75 62 67 72 6f 75 70 7d 20 2d 62  all subgroup} -b
0890: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68  ody {..badssl dh
08a0: 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e  -small-subgroup.
08b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
08c0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
08d0: 31 32 20 7b 64 68 34 38 30 7d 20 2d 63 6f 6e 73  12 {dh480} -cons
08e0: 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69  traints {old_api
08f0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
0900: 6c 20 64 68 34 38 30 2e 62 61 64 73 73 6c 2e 63  l dh480.badssl.c
0910: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
0920: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
0930: 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73  ed: dh key too s
0940: 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64  mall} -returnCod
0950: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
0960: 53 53 4c 2d 31 2e 31 33 20 7b 64 68 34 38 30 7d  SSL-1.13 {dh480}
0970: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e   -constraints {n
0980: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a  ew_api} -body {.
0990: 09 62 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61  .badssl dh480.ba
09a0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
09b0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
09c0: 65 20 66 61 69 6c 65 64 3a 20 6d 6f 64 75 6c 75  e failed: modulu
09d0: 73 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65  s too small} -re
09e0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
09f0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 34 20  est BadSSL-1.14 
0a00: 7b 64 68 35 31 32 7d 20 2d 63 6f 6e 73 74 72 61  {dh512} -constra
0a10: 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d  ints {old_api} -
0a20: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64  body {..badssl d
0a30: 68 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  h512.badssl.com.
0a40: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
0a50: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
0a60: 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 6d 61 6c   dh key too smal
0a70: 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  l} -returnCodes 
0a80: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
0a90: 2d 31 2e 31 35 20 7b 64 68 35 31 32 7d 20 2d 63  -1.15 {dh512} -c
0aa0: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6d 61 63 7d  onstraints {mac}
0ab0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
0ac0: 20 64 68 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f   dh512.badssl.co
0ad0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
0ae0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
0af0: 64 3a 20 75 6e 6b 6e 6f 77 6e 20 73 65 63 75 72  d: unknown secur
0b00: 69 74 79 20 62 69 74 73 7d 20 2d 72 65 74 75 72  ity bits} -retur
0b10: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
0b20: 20 42 61 64 53 53 4c 2d 31 2e 31 36 20 7b 64 68   BadSSL-1.16 {dh
0b30: 31 30 32 34 7d 20 2d 63 6f 6e 73 74 72 61 69 6e  1024} -constrain
0b40: 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f  ts {old_api} -bo
0b50: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 31  dy {..badssl dh1
0b60: 30 32 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  024.badssl.com. 
0b70: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
0b80: 4c 2d 31 2e 31 37 20 7b 64 68 31 30 32 34 7d 20  L-1.17 {dh1024} 
0b90: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65  -constraints {ne
0ba0: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09  w_api} -body {..
0bb0: 62 61 64 73 73 6c 20 64 68 31 30 32 34 2e 62 61  badssl dh1024.ba
0bc0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
0bd0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
0be0: 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79  e failed: dh key
0bf0: 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74   too small} -ret
0c00: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
0c10: 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 38 20 7b  st BadSSL-1.18 {
0c20: 64 68 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a  dh2048} -body {.
0c30: 09 62 61 64 73 73 6c 20 64 68 32 30 34 38 2e 62  .badssl dh2048.b
0c40: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
0c50: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31  .test BadSSL-1.1
0c60: 39 20 7b 64 73 64 74 65 73 74 70 72 6f 76 69 64  9 {dsdtestprovid
0c70: 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  er} -body {..bad
0c80: 73 73 6c 20 64 73 64 74 65 73 74 70 72 6f 76 69  ssl dsdtestprovi
0c90: 64 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  der.badssl.com. 
0ca0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
0cb0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
0cc0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
0cd0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
0ce0: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20   "unable to get 
0cf0: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72  local issuer cer
0d00: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75  tificate"} -retu
0d10: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
0d20: 74 20 42 61 64 53 53 4c 2d 31 2e 32 30 20 7b 65  t BadSSL-1.20 {e
0d30: 63 63 32 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09  cc256} -body {..
0d40: 62 61 64 73 73 6c 20 65 63 63 32 35 36 2e 62 61  badssl ecc256.ba
0d50: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
0d60: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 31  test BadSSL-1.21
0d70: 20 7b 65 63 63 33 38 34 7d 20 2d 62 6f 64 79 20   {ecc384} -body 
0d80: 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 33 38 34  {..badssl ecc384
0d90: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0da0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0db0: 2e 32 32 20 7b 65 64 65 6c 6c 72 6f 6f 74 7d 20  .22 {edellroot} 
0dc0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
0dd0: 65 64 65 6c 6c 72 6f 6f 74 2e 62 61 64 73 73 6c  edellroot.badssl
0de0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
0df0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
0e00: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
0e10: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
0e20: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74  due to "unable t
0e30: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75  o get local issu
0e40: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d  er certificate"}
0e50: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
0e60: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0e70: 2e 32 33 20 7b 65 78 70 69 72 65 64 7d 20 2d 62  .23 {expired} -b
0e80: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78  ody {..badssl ex
0e90: 70 69 72 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d  pired.badssl.com
0ea0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
0eb0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
0ec0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
0ed0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
0ee0: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20  to "certificate 
0ef0: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72  has expired"} -r
0f00: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
0f10: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 34  test BadSSL-1.24
0f20: 20 7b 65 78 74 65 6e 64 65 64 20 76 61 6c 69 64   {extended valid
0f30: 61 74 69 6f 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09  ation} -body {..
0f40: 62 61 64 73 73 6c 20 65 78 74 65 6e 64 65 64 2d  badssl extended-
0f50: 76 61 6c 69 64 61 74 69 6f 6e 2e 62 61 64 73 73  validation.badss
0f60: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
0f70: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
0f80: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
0f90: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
0fa0: 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69   due to "certifi
0fb0: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64  cate has expired
0fc0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
0fd0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
0fe0: 2d 31 2e 32 35 20 7b 68 73 74 73 7d 20 2d 62 6f  -1.25 {hsts} -bo
0ff0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 73 74  dy {..badssl hst
1000: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  s.badssl.com.   
1010: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
1020: 31 2e 32 36 20 7b 68 74 74 70 73 20 65 76 65 72  1.26 {https ever
1030: 79 77 68 65 72 65 7d 20 2d 62 6f 64 79 20 7b 0a  ywhere} -body {.
1040: 09 62 61 64 73 73 6c 20 68 74 74 70 73 2d 65 76  .badssl https-ev
1050: 65 72 79 77 68 65 72 65 2e 62 61 64 73 73 6c 2e  erywhere.badssl.
1060: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20  com.    }..test 
1070: 42 61 64 53 53 4c 2d 31 2e 32 37 20 7b 69 6e 63  BadSSL-1.27 {inc
1080: 6f 6d 70 6c 65 74 65 20 63 68 61 69 6e 7d 20 2d  omplete chain} -
1090: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 69  body {..badssl i
10a0: 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 2e  ncomplete-chain.
10b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
10c0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
10d0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
10e0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
10f0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e  ailed due to "un
1100: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61  able to get loca
1110: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69  l issuer certifi
1120: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f  cate"} -returnCo
1130: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1140: 64 53 53 4c 2d 31 2e 32 38 20 7b 69 6e 76 61 6c  dSSL-1.28 {inval
1150: 69 64 20 65 78 70 65 63 74 65 64 20 73 63 74 7d  id expected sct}
1160: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
1170: 20 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65   invalid-expecte
1180: 64 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  d-sct.badssl.com
1190: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
11a0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
11b0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
11c0: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
11d0: 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65  to "unable to ge
11e0: 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63  t local issuer c
11f0: 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65  ertificate"} -re
1200: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
1210: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 39 20  est BadSSL-1.29 
1220: 7b 6c 6f 6e 67 20 65 78 74 65 6e 64 65 64 20 73  {long extended s
1230: 75 62 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 63 6f  ubdomain name co
1240: 6e 74 61 69 6e 69 6e 67 20 6d 61 6e 79 20 6c 65  ntaining many le
1250: 74 74 65 72 73 20 61 6e 64 20 64 61 73 68 65 73  tters and dashes
1260: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
1270: 6c 20 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d  l long-extended-
1280: 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63  subdomain-name-c
1290: 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c  ontaining-many-l
12a0: 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 65  etters-and-dashe
12b0: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  s.badssl.com.   
12c0: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
12d0: 31 2e 33 30 20 7b 6c 6f 6e 67 65 78 74 65 6e 64  1.30 {longextend
12e0: 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 77  edsubdomainnamew
12f0: 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f 72  ithoutdashesinor
1300: 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 61  dertotestwordwra
1310: 70 70 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09  pping} -body {..
1320: 62 61 64 73 73 6c 20 6c 6f 6e 67 65 78 74 65 6e  badssl longexten
1330: 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65  dedsubdomainname
1340: 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f  withoutdashesino
1350: 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72  rdertotestwordwr
1360: 61 70 70 69 6e 67 2e 62 61 64 73 73 6c 2e 63 6f  apping.badssl.co
1370: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
1380: 64 53 53 4c 2d 31 2e 33 31 20 7b 6d 69 74 6d 20  dSSL-1.31 {mitm 
1390: 73 6f 66 74 77 61 72 65 7d 20 2d 62 6f 64 79 20  software} -body 
13a0: 7b 0a 09 62 61 64 73 73 6c 20 6d 69 74 6d 2d 73  {..badssl mitm-s
13b0: 6f 66 74 77 61 72 65 2e 62 61 64 73 73 6c 2e 63  oftware.badssl.c
13c0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
13d0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
13e0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
13f0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
1400: 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20  e to "unable to 
1410: 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72  get local issuer
1420: 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d   certificate"} -
1430: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
1440: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33  .test BadSSL-1.3
1450: 32 20 7b 6e 6f 20 63 6f 6d 6d 6f 6e 20 6e 61 6d  2 {no common nam
1460: 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  e} -body {..bads
1470: 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d  sl no-common-nam
1480: 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  e.badssl.com.   
1490: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
14a0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
14b0: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
14c0: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22   failed due to "
14d0: 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20  certificate has 
14e0: 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72  expired"} -retur
14f0: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
1500: 20 42 61 64 53 53 4c 2d 31 2e 33 33 20 7b 6e 6f   BadSSL-1.33 {no
1510: 20 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62   sct} -body {..b
1520: 61 64 73 73 6c 20 6e 6f 2d 73 63 74 2e 62 61 64  adssl no-sct.bad
1530: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74  ssl.com.    }..t
1540: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 34 20  est BadSSL-1.34 
1550: 7b 6e 6f 20 73 75 62 6a 65 63 74 7d 20 2d 62 6f  {no subject} -bo
1560: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d  dy {..badssl no-
1570: 73 75 62 6a 65 63 74 2e 62 61 64 73 73 6c 2e 63  subject.badssl.c
1580: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
1590: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
15a0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
15b0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
15c0: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74  e to "certificat
15d0: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20  e has expired"} 
15e0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
15f0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1600: 33 35 20 7b 6e 75 6c 6c 7d 20 2d 62 6f 64 79 20  35 {null} -body 
1610: 7b 0a 09 62 61 64 73 73 6c 20 6e 75 6c 6c 2e 62  {..badssl null.b
1620: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
1630: 2d 6d 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72  -match {glob} -r
1640: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
1650: 20 66 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74   failed: * alert
1660: 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75   handshake failu
1670: 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  re} -returnCodes
1680: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1690: 4c 2d 31 2e 33 36 20 7b 70 69 6e 6e 69 6e 67 20  L-1.36 {pinning 
16a0: 74 65 73 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  test} -body {..b
16b0: 61 64 73 73 6c 20 70 69 6e 6e 69 6e 67 2d 74 65  adssl pinning-te
16c0: 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  st.badssl.com.  
16d0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
16e0: 2d 31 2e 33 37 20 7b 70 72 65 61 63 74 20 63 6c  -1.37 {preact cl
16f0: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  i} -body {..bads
1700: 73 6c 20 70 72 65 61 63 74 2d 63 6c 69 2e 62 61  sl preact-cli.ba
1710: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
1720: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
1730: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1740: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1750: 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62  led due to "unab
1760: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20  le to get local 
1770: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61  issuer certifica
1780: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  te"} -returnCode
1790: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
17a0: 53 4c 2d 31 2e 33 38 20 7b 70 72 65 6c 6f 61 64  SL-1.38 {preload
17b0: 65 64 20 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b  ed hsts} -body {
17c0: 0a 09 62 61 64 73 73 6c 20 70 72 65 6c 6f 61 64  ..badssl preload
17d0: 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e 63  ed-hsts.badssl.c
17e0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
17f0: 61 64 53 53 4c 2d 31 2e 33 39 20 7b 72 63 34 20  adSSL-1.39 {rc4 
1800: 6d 64 35 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  md5} -body {..ba
1810: 64 73 73 6c 20 72 63 34 2d 6d 64 35 2e 62 61 64  dssl rc4-md5.bad
1820: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d  ssl.com.    } -m
1830: 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73  atch {glob} -res
1840: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
1850: 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 68  ailed: * alert h
1860: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65  andshake failure
1870: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
1880: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
1890: 31 2e 34 30 20 7b 72 63 34 7d 20 2d 62 6f 64 79  1.40 {rc4} -body
18a0: 20 7b 0a 09 62 61 64 73 73 6c 20 72 63 34 2e 62   {..badssl rc4.b
18b0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
18c0: 2d 6d 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72  -match {glob} -r
18d0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
18e0: 20 66 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74   failed: * alert
18f0: 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75   handshake failu
1900: 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  re} -returnCodes
1910: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1920: 4c 2d 31 2e 34 31 20 7b 72 65 76 6f 6b 65 64 7d  L-1.41 {revoked}
1930: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
1940: 20 72 65 76 6f 6b 65 64 2e 62 61 64 73 73 6c 2e   revoked.badssl.
1950: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20  com.    }..test 
1960: 42 61 64 53 53 4c 2d 31 2e 34 32 20 7b 72 73 61  BadSSL-1.42 {rsa
1970: 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  2048} -body {..b
1980: 61 64 73 73 6c 20 72 73 61 32 30 34 38 2e 62 61  adssl rsa2048.ba
1990: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
19a0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 33  test BadSSL-1.43
19b0: 20 7b 72 73 61 34 30 39 36 7d 20 2d 62 6f 64 79   {rsa4096} -body
19c0: 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 61 34 30   {..badssl rsa40
19d0: 39 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  96.badssl.com.  
19e0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
19f0: 2d 31 2e 34 34 20 7b 72 73 61 38 31 39 32 7d 20  -1.44 {rsa8192} 
1a00: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1a10: 72 73 61 38 31 39 32 2e 62 61 64 73 73 6c 2e 63  rsa8192.badssl.c
1a20: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
1a30: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
1a40: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
1a50: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
1a60: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74  e to "certificat
1a70: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20  e has expired"} 
1a80: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
1a90: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1aa0: 34 35 20 7b 73 65 6c 66 20 73 69 67 6e 65 64 7d  45 {self signed}
1ab0: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f   -constraints {o
1ac0: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a  ld_api} -body {.
1ad0: 09 62 61 64 73 73 6c 20 73 65 6c 66 2d 73 69 67  .badssl self-sig
1ae0: 6e 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  ned.badssl.com. 
1af0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
1b00: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
1b10: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
1b20: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
1b30: 20 22 73 65 6c 66 20 73 69 67 6e 65 64 20 63 65   "self signed ce
1b40: 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74  rtificate"} -ret
1b50: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
1b60: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 36 20 7b  st BadSSL-1.46 {
1b70: 73 65 6c 66 20 73 69 67 6e 65 64 7d 20 2d 63 6f  self signed} -co
1b80: 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61  nstraints {new_a
1b90: 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  pi} -body {..bad
1ba0: 73 73 6c 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e  ssl self-signed.
1bb0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
1bc0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
1bd0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
1be0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
1bf0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65  ailed due to "se
1c00: 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66  lf-signed certif
1c10: 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43  icate"} -returnC
1c20: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
1c30: 61 64 53 53 4c 2d 31 2e 34 37 20 7b 73 68 61 31  adSSL-1.47 {sha1
1c40: 20 32 30 31 36 7d 20 2d 62 6f 64 79 20 7b 0a 09   2016} -body {..
1c50: 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 36  badssl sha1-2016
1c60: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
1c70: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
1c80: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72  hake failed: cer
1c90: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20  tificate verify 
1ca0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75  failed due to "u
1cb0: 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63  nable to get loc
1cc0: 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66  al issuer certif
1cd0: 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43  icate"} -returnC
1ce0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
1cf0: 61 64 53 53 4c 2d 31 2e 34 38 20 7b 73 68 61 31  adSSL-1.48 {sha1
1d00: 20 32 30 31 37 7d 20 2d 63 6f 6e 73 74 72 61 69   2017} -constrai
1d10: 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62  nts {old_api} -b
1d20: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68  ody {..badssl sh
1d30: 61 31 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e 63  a1-2017.badssl.c
1d40: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
1d50: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
1d60: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
1d70: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
1d80: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74  e to "certificat
1d90: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20  e has expired"} 
1da0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
1db0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1dc0: 34 39 20 7b 73 68 61 31 20 32 30 31 37 7d 20 2d  49 {sha1 2017} -
1dd0: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77  constraints {new
1de0: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  _api} -body {..b
1df0: 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 37 2e  adssl sha1-2017.
1e00: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
1e10: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
1e20: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
1e30: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
1e40: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 43 41  ailed due to "CA
1e50: 20 73 69 67 6e 61 74 75 72 65 20 64 69 67 65 73   signature diges
1e60: 74 20 61 6c 67 6f 72 69 74 68 6d 20 74 6f 6f 20  t algorithm too 
1e70: 77 65 61 6b 22 7d 20 2d 72 65 74 75 72 6e 43 6f  weak"} -returnCo
1e80: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1e90: 64 53 53 4c 2d 31 2e 35 30 20 7b 73 68 61 31 20  dSSL-1.50 {sha1 
1ea0: 69 6e 74 65 72 6d 65 64 69 61 74 65 7d 20 2d 62  intermediate} -b
1eb0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68  ody {..badssl sh
1ec0: 61 31 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 2e  a1-intermediate.
1ed0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
1ee0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
1ef0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
1f00: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
1f10: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e  ailed due to "un
1f20: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61  able to get loca
1f30: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69  l issuer certifi
1f40: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f  cate"} -returnCo
1f50: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1f60: 64 53 53 4c 2d 31 2e 35 31 20 7b 73 68 61 32 35  dSSL-1.51 {sha25
1f70: 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  6} -body {..bads
1f80: 73 6c 20 73 68 61 32 35 36 2e 62 61 64 73 73 6c  sl sha256.badssl
1f90: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
1fa0: 20 42 61 64 53 53 4c 2d 31 2e 35 32 20 7b 73 68   BadSSL-1.52 {sh
1fb0: 61 33 38 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  a384} -body {..b
1fc0: 61 64 73 73 6c 20 73 68 61 33 38 34 2e 62 61 64  adssl sha384.bad
1fd0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
1fe0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
1ff0: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
2000: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
2010: 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69  ed due to "certi
2020: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72  ficate has expir
2030: 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  ed"} -returnCode
2040: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
2050: 53 4c 2d 31 2e 35 33 20 7b 73 68 61 35 31 32 7d  SL-1.53 {sha512}
2060: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
2070: 20 73 68 61 35 31 32 2e 62 61 64 73 73 6c 2e 63   sha512.badssl.c
2080: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
2090: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
20a0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
20b0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
20c0: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74  e to "certificat
20d0: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20  e has expired"} 
20e0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
20f0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
2100: 35 34 20 7b 73 74 61 74 69 63 20 72 73 61 7d 20  54 {static rsa} 
2110: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
2120: 73 74 61 74 69 63 2d 72 73 61 2e 62 61 64 73 73  static-rsa.badss
2130: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73  l.com.    }..tes
2140: 74 20 42 61 64 53 53 4c 2d 31 2e 35 35 20 7b 73  t BadSSL-1.55 {s
2150: 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64  ubdomain.preload
2160: 65 64 20 68 73 74 73 7d 20 2d 63 6f 6e 73 74 72  ed hsts} -constr
2170: 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20  aints {old_api} 
2180: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
2190: 73 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61  subdomain.preloa
21a0: 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e  ded-hsts.badssl.
21b0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
21c0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
21d0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
21e0: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
21f0: 75 65 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20  ue to "Hostname 
2200: 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75  mismatch"} -retu
2210: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
2220: 74 20 42 61 64 53 53 4c 2d 31 2e 35 36 20 7b 73  t BadSSL-1.56 {s
2230: 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64  ubdomain.preload
2240: 65 64 20 68 73 74 73 7d 20 2d 63 6f 6e 73 74 72  ed hsts} -constr
2250: 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20  aints {new_api} 
2260: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
2270: 73 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61  subdomain.preloa
2280: 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e  ded-hsts.badssl.
2290: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
22a0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
22b0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
22c0: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
22d0: 75 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20  ue to "hostname 
22e0: 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75  mismatch"} -retu
22f0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
2300: 74 20 42 61 64 53 53 4c 2d 31 2e 35 37 20 7b 73  t BadSSL-1.57 {s
2310: 75 70 65 72 66 69 73 68 7d 20 2d 62 6f 64 79 20  uperfish} -body 
2320: 7b 0a 09 62 61 64 73 73 6c 20 73 75 70 65 72 66  {..badssl superf
2330: 69 73 68 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  ish.badssl.com. 
2340: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
2350: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
2360: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
2370: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
2380: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20   "unable to get 
2390: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72  local issuer cer
23a0: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75  tificate"} -retu
23b0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
23c0: 74 20 42 61 64 53 53 4c 2d 31 2e 35 38 20 7b 74  t BadSSL-1.58 {t
23d0: 6c 73 20 76 31 20 30 3a 31 30 31 30 7d 20 2d 63  ls v1 0:1010} -c
23e0: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c 73 31  onstraints {tls1
23f0: 20 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20   old_api} -body 
2400: 7b 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31  {..badssl tls-v1
2410: 2d 30 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30  -0.badssl.com:10
2420: 31 30 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  10.    }..test B
2430: 61 64 53 53 4c 2d 31 2e 35 39 20 7b 74 6c 73 20  adSSL-1.59 {tls 
2440: 76 31 20 30 3a 31 30 31 30 7d 20 2d 63 6f 6e 73  v1 0:1010} -cons
2450: 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 20 6e 65  traints {tls1 ne
2460: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09  w_api} -body {..
2470: 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30 2e  badssl tls-v1-0.
2480: 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 0a  badssl.com:1010.
2490: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
24a0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
24b0: 20 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f   unsupported pro
24c0: 74 6f 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 6f  tocol} -returnCo
24d0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
24e0: 64 53 53 4c 2d 31 2e 36 30 20 7b 74 6c 73 20 76  dSSL-1.60 {tls v
24f0: 31 20 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74  1 1:1011} -const
2500: 72 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6f  raints {tls1.1 o
2510: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a  ld_api} -body {.
2520: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31  .badssl tls-v1-1
2530: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31  .badssl.com:1011
2540: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
2550: 53 53 4c 2d 31 2e 36 31 20 7b 74 6c 73 20 76 31  SSL-1.61 {tls v1
2560: 20 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72   1:1011} -constr
2570: 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6e 65  aints {tls1.1 ne
2580: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09  w_api} -body {..
2590: 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 2e  badssl tls-v1-1.
25a0: 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a  badssl.com:1011.
25b0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
25c0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
25d0: 20 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f   unsupported pro
25e0: 74 6f 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 6f  tocol} -returnCo
25f0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
2600: 64 53 53 4c 2d 31 2e 36 32 20 7b 74 6c 73 20 76  dSSL-1.62 {tls v
2610: 31 20 32 3a 31 30 31 32 7d 20 2d 63 6f 6e 73 74  1 2:1012} -const
2620: 72 61 69 6e 74 73 20 7b 74 6c 73 31 2e 32 7d 20  raints {tls1.2} 
2630: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
2640: 74 6c 73 2d 76 31 2d 32 2e 62 61 64 73 73 6c 2e  tls-v1-2.badssl.
2650: 63 6f 6d 3a 31 30 31 32 0a 20 20 20 20 7d 0a 0a  com:1012.    }..
2660: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 33  test BadSSL-1.63
2670: 20 7b 75 6e 74 72 75 73 74 65 64 20 72 6f 6f 74   {untrusted root
2680: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b  } -constraints {
2690: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b  old_api} -body {
26a0: 0a 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74  ..badssl untrust
26b0: 65 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63  ed-root.badssl.c
26c0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74  om.    } -result
26d0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c   {handshake fail
26e0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20  ed: certificate 
26f0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75  verify failed du
2700: 65 20 74 6f 20 22 73 65 6c 66 20 73 69 67 6e 65  e to "self signe
2710: 64 20 63 65 72 74 69 66 69 63 61 74 65 20 69 6e  d certificate in
2720: 20 63 65 72 74 69 66 69 63 61 74 65 20 63 68 61   certificate cha
2730: 69 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  in"} -returnCode
2740: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
2750: 53 4c 2d 31 2e 36 34 20 7b 75 6e 74 72 75 73 74  SL-1.64 {untrust
2760: 65 64 20 72 6f 6f 74 7d 20 2d 63 6f 6e 73 74 72  ed root} -constr
2770: 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20  aints {new_api} 
2780: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
2790: 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 2e 62  untrusted-root.b
27a0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
27b0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
27c0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
27d0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
27e0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c  iled due to "sel
27f0: 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 69  f-signed certifi
2800: 63 61 74 65 20 69 6e 20 63 65 72 74 69 66 69 63  cate in certific
2810: 61 74 65 20 63 68 61 69 6e 22 7d 20 2d 72 65 74  ate chain"} -ret
2820: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
2830: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 35 20 7b  st BadSSL-1.65 {
2840: 75 70 67 72 61 64 65 7d 20 2d 62 6f 64 79 20 7b  upgrade} -body {
2850: 0a 09 62 61 64 73 73 6c 20 75 70 67 72 61 64 65  ..badssl upgrade
2860: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
2870: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
2880: 2e 36 36 20 7b 77 65 62 70 61 63 6b 20 64 65 76  .66 {webpack dev
2890: 20 73 65 72 76 65 72 7d 20 2d 62 6f 64 79 20 7b   server} -body {
28a0: 0a 09 62 61 64 73 73 6c 20 77 65 62 70 61 63 6b  ..badssl webpack
28b0: 2d 64 65 76 2d 73 65 72 76 65 72 2e 62 61 64 73  -dev-server.bads
28c0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
28d0: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
28e0: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63  failed: certific
28f0: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65  ate verify faile
2900: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65  d due to "unable
2910: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73   to get local is
2920: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65  suer certificate
2930: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
2940: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
2950: 2d 31 2e 36 37 20 7b 77 72 6f 6e 67 2e 68 6f 73  -1.67 {wrong.hos
2960: 74 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20  t} -constraints 
2970: 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20  {old_api} -body 
2980: 7b 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e 67 2e  {..badssl wrong.
2990: 68 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  host.badssl.com.
29a0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
29b0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
29c0: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
29d0: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
29e0: 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d  o "Hostname mism
29f0: 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f  atch"} -returnCo
2a00: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
2a10: 64 53 53 4c 2d 31 2e 36 38 20 7b 77 72 6f 6e 67  dSSL-1.68 {wrong
2a20: 2e 68 6f 73 74 7d 20 2d 63 6f 6e 73 74 72 61 69  .host} -constrai
2a30: 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62  nts {new_api} -b
2a40: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 77 72  ody {..badssl wr
2a50: 6f 6e 67 2e 68 6f 73 74 2e 62 61 64 73 73 6c 2e  ong.host.badssl.
2a60: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
2a70: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
2a80: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
2a90: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
2aa0: 75 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20  ue to "hostname 
2ab0: 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75  mismatch"} -retu
2ac0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
2ad0: 74 20 42 61 64 53 53 4c 2d 31 2e 36 39 20 7b 6d  t BadSSL-1.69 {m
2ae0: 6f 7a 69 6c 6c 61 20 6d 6f 64 65 72 6e 7d 20 2d  ozilla modern} -
2af0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d  body {..badssl m
2b00: 6f 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 2e 62 61  ozilla-modern.ba
2b10: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
2b20: 23 20 43 6c 65 61 6e 75 70 0a 3a 3a 74 63 6c 74  # Cleanup.::tclt
2b30: 65 73 74 3a 3a 63 6c 65 61 6e 75 70 54 65 73 74  est::cleanupTest
2b40: 73 0a 72 65 74 75 72 6e 0a                       s.return.