Artifact
e09b8a9787be07d7d4750698d8bb76aa63dfd609e338309cfcbd6cd66b28ae81:
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64 # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20 test cases for
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68 age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61 == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61 *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74 th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61 fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61 uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a ge require tls..
0120: 23 20 43 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f # Constraints.so
0130: 75 72 63 65 20 5b 66 69 6c 65 20 6a 6f 69 6e 20 urce [file join
0140: 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 [file dirname [i
0150: 6e 66 6f 20 73 63 72 69 70 74 5d 5d 20 63 6f 6d nfo script]] com
0160: 6d 6f 6e 2e 74 63 6c 5d 0a 0a 23 20 48 65 6c 70 mon.tcl]..# Help
0170: 65 72 20 66 75 6e 63 74 69 6f 6e 73 0a 70 72 6f er functions.pro
0180: 63 20 62 61 64 73 73 6c 20 7b 75 72 6c 7d 20 7b c badssl {url} {
0190: 0a 20 20 20 20 73 65 74 20 70 6f 72 74 20 34 34 . set port 44
01a0: 33 0a 20 20 20 20 6c 61 73 73 69 67 6e 20 5b 73 3. lassign [s
01b0: 70 6c 69 74 20 24 75 72 6c 20 22 3a 22 5d 20 75 plit $url ":"] u
01c0: 72 6c 20 70 6f 72 74 0a 20 20 20 20 69 66 20 7b rl port. if {
01d0: 24 70 6f 72 74 20 65 71 20 22 22 7d 20 7b 0a 20 $port eq ""} {.
01e0: 20 20 20 20 20 20 20 73 65 74 20 70 6f 72 74 20 set port
01f0: 34 34 33 0a 20 20 20 20 7d 0a 20 20 20 20 73 65 443. }. se
0200: 74 20 63 6d 64 20 5b 6c 69 73 74 20 74 6c 73 3a t cmd [list tls:
0210: 3a 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73 65 72 :socket -autoser
0220: 76 65 72 6e 61 6d 65 20 31 20 2d 72 65 71 75 69 vername 1 -requi
0230: 72 65 20 31 5d 0a 20 20 20 20 69 66 20 7b 5b 69 re 1]. if {[i
0240: 6e 66 6f 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 nfo exists ::env
0250: 28 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d (SSL_CERT_FILE)]
0260: 7d 20 7b 0a 20 20 20 20 20 20 20 20 6c 61 70 70 } {. lapp
0270: 65 6e 64 20 63 6d 64 20 2d 63 61 66 69 6c 65 20 end cmd -cafile
0280: 24 3a 3a 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f $::env(SSL_CERT_
0290: 46 49 4c 45 29 0a 20 20 20 20 7d 0a 20 20 20 20 FILE). }.
02a0: 6c 61 70 70 65 6e 64 20 63 6d 64 20 24 75 72 6c lappend cmd $url
02b0: 20 24 70 6f 72 74 0a 20 20 20 20 73 65 74 20 63 $port. set c
02c0: 68 20 5b 65 76 61 6c 20 24 63 6d 64 5d 0a 20 20 h [eval $cmd].
02d0: 20 20 69 66 20 7b 5b 63 61 74 63 68 20 7b 74 6c if {[catch {tl
02e0: 73 3a 3a 68 61 6e 64 73 68 61 6b 65 20 24 63 68 s::handshake $ch
02f0: 7d 20 65 72 72 5d 7d 20 7b 0a 20 20 20 20 20 20 } err]} {.
0300: 20 20 63 6c 6f 73 65 20 24 63 68 0a 09 72 65 74 close $ch..ret
0310: 75 72 6e 20 2d 63 6f 64 65 20 65 72 72 6f 72 20 urn -code error
0320: 24 65 72 72 0a 20 20 20 20 7d 20 65 6c 73 65 20 $err. } else
0330: 7b 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 20 {. close
0340: 24 63 68 0a 20 20 20 20 7d 0a 7d 0a 0a 0a 23 20 $ch. }.}...#
0350: 42 61 64 53 53 4c 2e 63 6f 6d 20 54 65 73 74 73 BadSSL.com Tests
0360: 0a 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 ...test BadSSL-1
0370: 2e 31 20 7b 31 30 30 30 2d 73 61 6e 73 7d 20 2d .1 {1000-sans} -
0380: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 31 body {..badssl 1
0390: 30 30 30 2d 73 61 6e 73 2e 62 61 64 73 73 6c 2e 000-sans.badssl.
03a0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
03b0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
03c0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
03d0: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
03e0: 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 ue to "certifica
03f0: 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d te has expired"}
0400: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
0410: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0420: 2e 32 20 7b 31 30 30 30 30 2d 73 61 6e 73 7d 20 .2 {10000-sans}
0430: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0440: 31 30 30 30 30 2d 73 61 6e 73 2e 62 61 64 73 73 10000-sans.badss
0450: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
0460: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
0470: 61 69 6c 65 64 3a 20 65 78 63 65 73 73 69 76 65 ailed: excessive
0480: 20 6d 65 73 73 61 67 65 20 73 69 7a 65 7d 20 2d message size} -
0490: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
04a0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 .test BadSSL-1.3
04b0: 20 7b 33 64 65 73 7d 20 2d 62 6f 64 79 20 7b 0a {3des} -body {.
04c0: 09 62 61 64 73 73 6c 20 33 64 65 73 2e 62 61 64 .badssl 3des.bad
04d0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d ssl.com. } -m
04e0: 61 74 63 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 atch {glob} -res
04f0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
0500: 61 69 6c 65 64 3a 20 2a 20 61 6c 65 72 74 20 68 ailed: * alert h
0510: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65 andshake failure
0520: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
0530: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
0540: 31 2e 34 20 7b 63 61 70 74 69 76 65 2d 70 6f 72 1.4 {captive-por
0550: 74 61 6c 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 tal} -constraint
0560: 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 s {old_api} -bod
0570: 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 61 70 74 y {..badssl capt
0580: 69 76 65 2d 70 6f 72 74 61 6c 2e 62 61 64 73 73 ive-portal.badss
0590: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
05a0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
05b0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
05c0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
05d0: 20 64 75 65 20 74 6f 20 22 48 6f 73 74 6e 61 6d due to "Hostnam
05e0: 65 20 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 e mismatch"} -re
05f0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
0600: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 20 7b est BadSSL-1.5 {
0610: 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 7d 20 captive-portal}
0620: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 -constraints {ne
0630: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 w_api} -body {..
0640: 62 61 64 73 73 6c 20 63 61 70 74 69 76 65 2d 70 badssl captive-p
0650: 6f 72 74 61 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d ortal.badssl.com
0660: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0670: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0680: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
0690: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
06a0: 74 6f 20 22 68 6f 73 74 6e 61 6d 65 20 6d 69 73 to "hostname mis
06b0: 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 match"} -returnC
06c0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
06d0: 61 64 53 53 4c 2d 31 2e 36 20 7b 63 62 63 7d 20 adSSL-1.6 {cbc}
06e0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
06f0: 63 62 63 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 cbc.badssl.com.
0700: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0710: 4c 2d 31 2e 37 20 7b 63 6c 69 65 6e 74 2d 63 65 L-1.7 {client-ce
0720: 72 74 2d 6d 69 73 73 69 6e 67 7d 20 2d 62 6f 64 rt-missing} -bod
0730: 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 6c 69 65 y {..badssl clie
0740: 6e 74 2d 63 65 72 74 2d 6d 69 73 73 69 6e 67 2e nt-cert-missing.
0750: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0760: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
0770: 38 20 7b 63 6c 69 65 6e 74 7d 20 2d 62 6f 64 79 8 {client} -body
0780: 20 7b 0a 09 62 61 64 73 73 6c 20 63 6c 69 65 6e {..badssl clien
0790: 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 t.badssl.com.
07a0: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
07b0: 31 2e 39 20 7b 64 68 2d 63 6f 6d 70 6f 73 69 74 1.9 {dh-composit
07c0: 65 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 e} -constraints
07d0: 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 {old_api} -body
07e0: 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 6f 6d {..badssl dh-com
07f0: 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e 63 6f posite.badssl.co
0800: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
0810: 64 53 53 4c 2d 31 2e 31 30 20 7b 64 68 2d 63 6f dSSL-1.10 {dh-co
0820: 6d 70 6f 73 69 74 65 7d 20 2d 63 6f 6e 73 74 72 mposite} -constr
0830: 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 aints {new_api}
0840: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0850: 64 68 2d 63 6f 6d 70 6f 73 69 74 65 2e 62 61 64 dh-composite.bad
0860: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0870: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0880: 20 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 failed: dh key
0890: 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 too small} -retu
08a0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
08b0: 74 20 42 61 64 53 53 4c 2d 31 2e 31 31 20 7b 64 t BadSSL-1.11 {d
08c0: 68 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 h-small-subgroup
08d0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
08e0: 6c 20 64 68 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 l dh-small-subgr
08f0: 6f 75 70 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 oup.badssl.com.
0900: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0910: 4c 2d 31 2e 31 32 20 7b 64 68 34 38 30 7d 20 2d L-1.12 {dh480} -
0920: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 constraints {old
0930: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
0940: 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61 64 73 adssl dh480.bads
0950: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
0960: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
0970: 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 failed: dh key t
0980: 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 oo small} -retur
0990: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 nCodes {1}..test
09a0: 20 42 61 64 53 53 4c 2d 31 2e 31 33 20 7b 64 68 BadSSL-1.13 {dh
09b0: 34 38 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 480} -constraint
09c0: 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 s {new_api} -bod
09d0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 34 38 y {..badssl dh48
09e0: 30 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 0.badssl.com.
09f0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
0a00: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 6d 6f shake failed: mo
0a10: 64 75 6c 75 73 20 74 6f 6f 20 73 6d 61 6c 6c 7d dulus too small}
0a20: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
0a30: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0a40: 2e 31 34 20 7b 64 68 35 31 32 7d 20 2d 63 6f 6e .14 {dh512} -con
0a50: 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 straints {old_ap
0a60: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
0a70: 73 6c 20 64 68 35 31 32 2e 62 61 64 73 73 6c 2e sl dh512.badssl.
0a80: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
0a90: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
0aa0: 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 led: dh key too
0ab0: 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f small} -returnCo
0ac0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
0ad0: 64 53 53 4c 2d 31 2e 31 35 20 7b 64 68 35 31 32 dSSL-1.15 {dh512
0ae0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
0af0: 6d 61 63 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 mac} -body {..ba
0b00: 64 73 73 6c 20 64 68 35 31 32 2e 62 61 64 73 73 dssl dh512.badss
0b10: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
0b20: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
0b30: 61 69 6c 65 64 3a 20 75 6e 6b 6e 6f 77 6e 20 73 ailed: unknown s
0b40: 65 63 75 72 69 74 79 20 62 69 74 73 7d 20 2d 72 ecurity bits} -r
0b50: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
0b60: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 36 test BadSSL-1.16
0b70: 20 7b 64 68 31 30 32 34 7d 20 2d 63 6f 6e 73 74 {dh1024} -const
0b80: 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d raints {old_api}
0b90: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
0ba0: 20 64 68 31 30 32 34 2e 62 61 64 73 73 6c 2e 63 dh1024.badssl.c
0bb0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 om. }..test B
0bc0: 61 64 53 53 4c 2d 31 2e 31 37 20 7b 64 68 31 30 adSSL-1.17 {dh10
0bd0: 32 34 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 24} -constraints
0be0: 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 {new_api} -body
0bf0: 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 31 30 32 {..badssl dh102
0c00: 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 4.badssl.com.
0c10: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
0c20: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 shake failed: dh
0c30: 20 6b 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 key too small}
0c40: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
0c50: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
0c60: 31 38 20 7b 64 68 32 30 34 38 7d 20 2d 62 6f 64 18 {dh2048} -bod
0c70: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 32 30 y {..badssl dh20
0c80: 34 38 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 48.badssl.com.
0c90: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
0ca0: 2d 31 2e 31 39 20 7b 64 73 64 74 65 73 74 70 72 -1.19 {dsdtestpr
0cb0: 6f 76 69 64 65 72 7d 20 2d 62 6f 64 79 20 7b 0a ovider} -body {.
0cc0: 09 62 61 64 73 73 6c 20 64 73 64 74 65 73 74 70 .badssl dsdtestp
0cd0: 72 6f 76 69 64 65 72 2e 62 61 64 73 73 6c 2e 63 rovider.badssl.c
0ce0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
0cf0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
0d00: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
0d10: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
0d20: 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 e to "unable to
0d30: 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 get local issuer
0d40: 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d certificate"} -
0d50: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
0d60: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 .test BadSSL-1.2
0d70: 30 20 7b 65 63 63 32 35 36 7d 20 2d 62 6f 64 79 0 {ecc256} -body
0d80: 20 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 32 35 {..badssl ecc25
0d90: 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 6.badssl.com.
0da0: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
0db0: 31 2e 32 31 20 7b 65 63 63 33 38 34 7d 20 2d 62 1.21 {ecc384} -b
0dc0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 63 ody {..badssl ec
0dd0: 63 33 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a c384.badssl.com.
0de0: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
0df0: 53 4c 2d 31 2e 32 32 20 7b 65 64 65 6c 6c 72 6f SL-1.22 {edellro
0e00: 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ot} -body {..bad
0e10: 73 73 6c 20 65 64 65 6c 6c 72 6f 6f 74 2e 62 61 ssl edellroot.ba
0e20: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
0e30: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
0e40: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
0e50: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
0e60: 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 led due to "unab
0e70: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 le to get local
0e80: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 issuer certifica
0e90: 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 te"} -returnCode
0ea0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
0eb0: 53 4c 2d 31 2e 32 33 20 7b 65 78 70 69 72 65 64 SL-1.23 {expired
0ec0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0ed0: 6c 20 65 78 70 69 72 65 64 2e 62 61 64 73 73 6c l expired.badssl
0ee0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
0ef0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
0f00: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
0f10: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
0f20: 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 due to "certific
0f30: 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 ate has expired"
0f40: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
0f50: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
0f60: 31 2e 32 34 20 7b 65 78 74 65 6e 64 65 64 2d 76 1.24 {extended-v
0f70: 61 6c 69 64 61 74 69 6f 6e 7d 20 2d 62 6f 64 79 alidation} -body
0f80: 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 74 65 6e {..badssl exten
0f90: 64 65 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2e 62 ded-validation.b
0fa0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
0fb0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
0fc0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
0fd0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
0fe0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 iled due to "cer
0ff0: 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 tificate has exp
1000: 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f ired"} -returnCo
1010: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1020: 64 53 53 4c 2d 31 2e 32 35 20 7b 68 73 74 73 7d dSSL-1.25 {hsts}
1030: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1040: 20 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d hsts.badssl.com
1050: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
1060: 53 53 4c 2d 31 2e 32 36 20 7b 68 74 74 70 73 2d SSL-1.26 {https-
1070: 65 76 65 72 79 77 68 65 72 65 7d 20 2d 62 6f 64 everywhere} -bod
1080: 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 74 74 70 y {..badssl http
1090: 73 2d 65 76 65 72 79 77 68 65 72 65 2e 62 61 64 s-everywhere.bad
10a0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 ssl.com. }..t
10b0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 37 20 est BadSSL-1.27
10c0: 7b 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 {incomplete-chai
10d0: 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 n} -body {..bads
10e0: 73 6c 20 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 sl incomplete-ch
10f0: 61 69 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ain.badssl.com.
1100: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
1110: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
1120: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
1130: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
1140: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 "unable to get
1150: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 local issuer cer
1160: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 tificate"} -retu
1170: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
1180: 74 20 42 61 64 53 53 4c 2d 31 2e 32 38 20 7b 69 t BadSSL-1.28 {i
1190: 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65 64 2d nvalid-expected-
11a0: 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 sct} -body {..ba
11b0: 64 73 73 6c 20 69 6e 76 61 6c 69 64 2d 65 78 70 dssl invalid-exp
11c0: 65 63 74 65 64 2d 73 63 74 2e 62 61 64 73 73 6c ected-sct.badssl
11d0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
11e0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
11f0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
1200: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
1210: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 due to "unable t
1220: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
1230: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d er certificate"}
1240: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1250: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1260: 2e 32 39 20 7b 6c 6f 6e 67 2d 65 78 74 65 6e 64 .29 {long-extend
1270: 65 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d ed-subdomain-nam
1280: 65 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e e-containing-man
1290: 79 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 y-letters-and-da
12a0: 73 68 65 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 shes} -body {..b
12b0: 61 64 73 73 6c 20 6c 6f 6e 67 2d 65 78 74 65 6e adssl long-exten
12c0: 64 65 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 ded-subdomain-na
12d0: 6d 65 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 me-containing-ma
12e0: 6e 79 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 ny-letters-and-d
12f0: 61 73 68 65 73 2e 62 61 64 73 73 6c 2e 63 6f 6d ashes.badssl.com
1300: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
1310: 53 53 4c 2d 31 2e 33 30 20 7b 6c 6f 6e 67 65 78 SSL-1.30 {longex
1320: 74 65 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e tendedsubdomainn
1330: 61 6d 65 77 69 74 68 6f 75 74 64 61 73 68 65 73 amewithoutdashes
1340: 69 6e 6f 72 64 65 72 74 6f 74 65 73 74 77 6f 72 inordertotestwor
1350: 64 77 72 61 70 70 69 6e 67 7d 20 2d 62 6f 64 79 dwrapping} -body
1360: 20 7b 0a 09 62 61 64 73 73 6c 20 6c 6f 6e 67 65 {..badssl longe
1370: 78 74 65 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e xtendedsubdomain
1380: 6e 61 6d 65 77 69 74 68 6f 75 74 64 61 73 68 65 namewithoutdashe
1390: 73 69 6e 6f 72 64 65 72 74 6f 74 65 73 74 77 6f sinordertotestwo
13a0: 72 64 77 72 61 70 70 69 6e 67 2e 62 61 64 73 73 rdwrapping.badss
13b0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 l.com. }..tes
13c0: 74 20 42 61 64 53 53 4c 2d 31 2e 33 31 20 7b 6d t BadSSL-1.31 {m
13d0: 69 74 6d 2d 73 6f 66 74 77 61 72 65 7d 20 2d 62 itm-software} -b
13e0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d 69 ody {..badssl mi
13f0: 74 6d 2d 73 6f 66 74 77 61 72 65 2e 62 61 64 73 tm-software.bads
1400: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
1410: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
1420: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 failed: certific
1430: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 ate verify faile
1440: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 d due to "unable
1450: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 to get local is
1460: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 suer certificate
1470: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
1480: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
1490: 2d 31 2e 33 32 20 7b 6e 6f 2d 63 6f 6d 6d 6f 6e -1.32 {no-common
14a0: 2d 6e 61 6d 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 -name} -body {..
14b0: 62 61 64 73 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f 6e badssl no-common
14c0: 2d 6e 61 6d 65 2e 62 61 64 73 73 6c 2e 63 6f 6d -name.badssl.com
14d0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
14e0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
14f0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
1500: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
1510: 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 to "certificate
1520: 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 has expired"} -r
1530: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
1540: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 33 test BadSSL-1.33
1550: 20 7b 6e 6f 2d 73 63 74 7d 20 2d 62 6f 64 79 20 {no-sct} -body
1560: 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 73 63 74 {..badssl no-sct
1570: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1580: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1590: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
15a0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
15b0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 failed due to "u
15c0: 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 nable to get loc
15d0: 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 al issuer certif
15e0: 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 icate"} -returnC
15f0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
1600: 61 64 53 53 4c 2d 31 2e 33 34 20 7b 6e 6f 2d 73 adSSL-1.34 {no-s
1610: 75 62 6a 65 63 74 7d 20 2d 62 6f 64 79 20 7b 0a ubject} -body {.
1620: 09 62 61 64 73 73 6c 20 6e 6f 2d 73 75 62 6a 65 .badssl no-subje
1630: 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ct.badssl.com.
1640: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
1650: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
1660: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
1670: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
1680: 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 "certificate has
1690: 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 expired"} -retu
16a0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
16b0: 74 20 42 61 64 53 53 4c 2d 31 2e 33 35 20 7b 6e t BadSSL-1.35 {n
16c0: 75 6c 6c 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 ull} -body {..ba
16d0: 64 73 73 6c 20 6e 75 6c 6c 2e 62 61 64 73 73 6c dssl null.badssl
16e0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 .com. } -matc
16f0: 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 h {glob} -result
1700: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
1710: 65 64 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 ed: * alert hand
1720: 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d shake failure} -
1730: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1740: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 .test BadSSL-1.3
1750: 36 20 7b 70 69 6e 6e 69 6e 67 2d 74 65 73 74 7d 6 {pinning-test}
1760: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1770: 20 70 69 6e 6e 69 6e 67 2d 74 65 73 74 2e 62 61 pinning-test.ba
1780: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
1790: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 37 test BadSSL-1.37
17a0: 20 7b 70 72 65 61 63 74 2d 63 6c 69 7d 20 2d 62 {preact-cli} -b
17b0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 70 72 ody {..badssl pr
17c0: 65 61 63 74 2d 63 6c 69 2e 62 61 64 73 73 6c 2e eact-cli.badssl.
17d0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
17e0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
17f0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1800: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1810: 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f ue to "unable to
1820: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 get local issue
1830: 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 r certificate"}
1840: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
1850: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
1860: 33 38 20 7b 70 72 65 6c 6f 61 64 65 64 2d 68 73 38 {preloaded-hs
1870: 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ts} -body {..bad
1880: 73 73 6c 20 70 72 65 6c 6f 61 64 65 64 2d 68 73 ssl preloaded-hs
1890: 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ts.badssl.com.
18a0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
18b0: 2d 31 2e 33 39 20 7b 72 63 34 2d 6d 64 35 7d 20 -1.39 {rc4-md5}
18c0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
18d0: 72 63 34 2d 6d 64 35 2e 62 61 64 73 73 6c 2e 63 rc4-md5.badssl.c
18e0: 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 68 20 om. } -match
18f0: 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 20 7b {glob} -result {
1900: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
1910: 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 73 68 : * alert handsh
1920: 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 ake failure} -re
1930: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
1940: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 30 20 est BadSSL-1.40
1950: 7b 72 63 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 {rc4} -body {..b
1960: 61 64 73 73 6c 20 72 63 34 2e 62 61 64 73 73 6c adssl rc4.badssl
1970: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 6d 61 74 63 .com. } -matc
1980: 68 20 7b 67 6c 6f 62 7d 20 2d 72 65 73 75 6c 74 h {glob} -result
1990: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
19a0: 65 64 3a 20 2a 20 61 6c 65 72 74 20 68 61 6e 64 ed: * alert hand
19b0: 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d shake failure} -
19c0: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
19d0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 .test BadSSL-1.4
19e0: 31 20 7b 72 65 76 6f 6b 65 64 7d 20 2d 62 6f 64 1 {revoked} -bod
19f0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 65 76 6f y {..badssl revo
1a00: 6b 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ked.badssl.com.
1a10: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
1a20: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
1a30: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
1a40: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
1a50: 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 "certificate ha
1a60: 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 s expired"} -ret
1a70: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
1a80: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 32 20 7b st BadSSL-1.42 {
1a90: 72 73 61 32 30 34 38 7d 20 2d 62 6f 64 79 20 7b rsa2048} -body {
1aa0: 0a 09 62 61 64 73 73 6c 20 72 73 61 32 30 34 38 ..badssl rsa2048
1ab0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1ac0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1ad0: 2e 34 33 20 7b 72 73 61 34 30 39 36 7d 20 2d 62 .43 {rsa4096} -b
1ae0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 ody {..badssl rs
1af0: 61 34 30 39 36 2e 62 61 64 73 73 6c 2e 63 6f 6d a4096.badssl.com
1b00: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
1b10: 53 53 4c 2d 31 2e 34 34 20 7b 72 73 61 38 31 39 SSL-1.44 {rsa819
1b20: 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 2} -body {..bads
1b30: 73 6c 20 72 73 61 38 31 39 32 2e 62 61 64 73 73 sl rsa8192.badss
1b40: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 l.com. }..tes
1b50: 74 20 42 61 64 53 53 4c 2d 31 2e 34 35 20 7b 73 t BadSSL-1.45 {s
1b60: 65 6c 66 2d 73 69 67 6e 65 64 7d 20 2d 63 6f 6e elf-signed} -con
1b70: 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 straints {old_ap
1b80: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
1b90: 73 6c 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e 62 sl self-signed.b
1ba0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
1bb0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
1bc0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
1bd0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
1be0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 6c iled due to "sel
1bf0: 66 20 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 f signed certifi
1c00: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f cate"} -returnCo
1c10: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
1c20: 64 53 53 4c 2d 31 2e 34 36 20 7b 73 65 6c 66 2d dSSL-1.46 {self-
1c30: 73 69 67 6e 65 64 7d 20 2d 63 6f 6e 73 74 72 61 signed} -constra
1c40: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
1c50: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1c60: 65 6c 66 2d 73 69 67 6e 65 64 2e 62 61 64 73 73 elf-signed.badss
1c70: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
1c80: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
1c90: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
1ca0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
1cb0: 20 64 75 65 20 74 6f 20 22 73 65 6c 66 2d 73 69 due to "self-si
1cc0: 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 gned certificate
1cd0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
1ce0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
1cf0: 2d 31 2e 34 37 20 7b 73 68 61 31 2d 32 30 31 36 -1.47 {sha1-2016
1d00: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
1d10: 6c 20 73 68 61 31 2d 32 30 31 36 2e 62 61 64 73 l sha1-2016.bads
1d20: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
1d30: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
1d40: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 failed: certific
1d50: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 ate verify faile
1d60: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 d due to "unable
1d70: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 to get local is
1d80: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 suer certificate
1d90: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
1da0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
1db0: 2d 31 2e 34 38 20 7b 73 68 61 31 2d 32 30 31 37 -1.48 {sha1-2017
1dc0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
1dd0: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
1de0: 0a 09 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 ..badssl sha1-20
1df0: 31 37 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 17.badssl.com.
1e00: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
1e10: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
1e20: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
1e30: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
1e40: 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 "certificate has
1e50: 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 expired"} -retu
1e60: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
1e70: 74 20 42 61 64 53 53 4c 2d 31 2e 34 39 20 7b 73 t BadSSL-1.49 {s
1e80: 68 61 31 2d 32 30 31 37 7d 20 2d 63 6f 6e 73 74 ha1-2017} -const
1e90: 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d raints {new_api}
1ea0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
1eb0: 20 73 68 61 31 2d 32 30 31 37 2e 62 61 64 73 73 sha1-2017.badss
1ec0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
1ed0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
1ee0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
1ef0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
1f00: 20 64 75 65 20 74 6f 20 22 43 41 20 73 69 67 6e due to "CA sign
1f10: 61 74 75 72 65 20 64 69 67 65 73 74 20 61 6c 67 ature digest alg
1f20: 6f 72 69 74 68 6d 20 74 6f 6f 20 77 65 61 6b 22 orithm too weak"
1f30: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
1f40: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
1f50: 31 2e 35 30 20 7b 73 68 61 31 2d 69 6e 74 65 72 1.50 {sha1-inter
1f60: 6d 65 64 69 61 74 65 7d 20 2d 62 6f 64 79 20 7b mediate} -body {
1f70: 0a 09 62 61 64 73 73 6c 20 73 68 61 31 2d 69 6e ..badssl sha1-in
1f80: 74 65 72 6d 65 64 69 61 74 65 2e 62 61 64 73 73 termediate.badss
1f90: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 l.com. } -res
1fa0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 ult {handshake f
1fb0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 ailed: certifica
1fc0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 te verify failed
1fd0: 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 due to "unable
1fe0: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 to get local iss
1ff0: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 uer certificate"
2000: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
2010: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
2020: 31 2e 35 31 20 7b 73 68 61 32 35 36 7d 20 2d 62 1.51 {sha256} -b
2030: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 ody {..badssl sh
2040: 61 32 35 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a a256.badssl.com.
2050: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 }..test BadS
2060: 53 4c 2d 31 2e 35 32 20 7b 73 68 61 33 38 34 7d SL-1.52 {sha384}
2070: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
2080: 20 73 68 61 33 38 34 2e 62 61 64 73 73 6c 2e 63 sha384.badssl.c
2090: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
20a0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
20b0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
20c0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
20d0: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 e to "certificat
20e0: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 e has expired"}
20f0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
2100: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
2110: 35 33 20 7b 73 68 61 35 31 32 7d 20 2d 62 6f 64 53 {sha512} -bod
2120: 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 35 y {..badssl sha5
2130: 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 12.badssl.com.
2140: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
2150: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
2160: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
2170: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
2180: 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 73 "certificate has
2190: 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 expired"} -retu
21a0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
21b0: 74 20 42 61 64 53 53 4c 2d 31 2e 35 34 20 7b 73 t BadSSL-1.54 {s
21c0: 74 61 74 69 63 2d 72 73 61 7d 20 2d 62 6f 64 79 tatic-rsa} -body
21d0: 20 7b 0a 09 62 61 64 73 73 6c 20 73 74 61 74 69 {..badssl stati
21e0: 63 2d 72 73 61 2e 62 61 64 73 73 6c 2e 63 6f 6d c-rsa.badssl.com
21f0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
2200: 53 53 4c 2d 31 2e 35 35 20 7b 73 75 62 64 6f 6d SSL-1.55 {subdom
2210: 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 ain.preloaded-hs
2220: 74 73 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 ts} -constraints
2230: 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 {old_api} -body
2240: 20 7b 0a 09 62 61 64 73 73 6c 20 73 75 62 64 6f {..badssl subdo
2250: 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 main.preloaded-h
2260: 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 sts.badssl.com.
2270: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2280: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2290: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
22a0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
22b0: 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 "Hostname misma
22c0: 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 tch"} -returnCod
22d0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
22e0: 53 53 4c 2d 31 2e 35 36 20 7b 73 75 62 64 6f 6d SSL-1.56 {subdom
22f0: 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73 ain.preloaded-hs
2300: 74 73 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 ts} -constraints
2310: 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 {new_api} -body
2320: 20 7b 0a 09 62 61 64 73 73 6c 20 73 75 62 64 6f {..badssl subdo
2330: 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 main.preloaded-h
2340: 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 sts.badssl.com.
2350: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2360: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2370: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
2380: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
2390: 20 22 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 "hostname misma
23a0: 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 tch"} -returnCod
23b0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
23c0: 53 53 4c 2d 31 2e 35 37 20 7b 73 75 70 65 72 66 SSL-1.57 {superf
23d0: 69 73 68 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 ish} -body {..ba
23e0: 64 73 73 6c 20 73 75 70 65 72 66 69 73 68 2e 62 dssl superfish.b
23f0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
2400: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
2410: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
2420: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
2430: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 iled due to "una
2440: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c ble to get local
2450: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 issuer certific
2460: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ate"} -returnCod
2470: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
2480: 53 53 4c 2d 31 2e 35 38 20 7b 74 6c 73 2d 76 31 SSL-1.58 {tls-v1
2490: 2d 30 3a 31 30 31 30 7d 20 2d 63 6f 6e 73 74 72 -0:1010} -constr
24a0: 61 69 6e 74 73 20 7b 74 6c 73 31 20 6f 6c 64 5f aints {tls1 old_
24b0: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 api} -body {..ba
24c0: 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 61 dssl tls-v1-0.ba
24d0: 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 20 dssl.com:1010.
24e0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
24f0: 2d 31 2e 35 39 20 7b 74 6c 73 2d 76 31 2d 30 3a -1.59 {tls-v1-0:
2500: 31 30 31 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 1010} -constrain
2510: 74 73 20 7b 74 6c 73 31 20 6e 65 77 5f 61 70 69 ts {tls1 new_api
2520: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2530: 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 61 64 73 73 l tls-v1-0.badss
2540: 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 20 20 20 7d l.com:1010. }
2550: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
2560: 61 6b 65 20 66 61 69 6c 65 64 3a 20 75 6e 73 75 ake failed: unsu
2570: 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c pported protocol
2580: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
2590: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
25a0: 31 2e 36 30 20 7b 74 6c 73 2d 76 31 2d 31 3a 31 1.60 {tls-v1-1:1
25b0: 30 31 31 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 011} -constraint
25c0: 73 20 7b 74 6c 73 31 2e 31 20 6f 6c 64 5f 61 70 s {tls1.1 old_ap
25d0: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
25e0: 73 6c 20 74 6c 73 2d 76 31 2d 31 2e 62 61 64 73 sl tls-v1-1.bads
25f0: 73 6c 2e 63 6f 6d 3a 31 30 31 31 0a 20 20 20 20 sl.com:1011.
2600: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
2610: 2e 36 31 20 7b 74 6c 73 2d 76 31 2d 31 3a 31 30 .61 {tls-v1-1:10
2620: 31 31 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 11} -constraints
2630: 20 7b 74 6c 73 31 2e 31 20 6e 65 77 5f 61 70 69 {tls1.1 new_api
2640: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2650: 6c 20 74 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 l tls-v1-1.badss
2660: 6c 2e 63 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d l.com:1011. }
2670: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
2680: 61 6b 65 20 66 61 69 6c 65 64 3a 20 75 6e 73 75 ake failed: unsu
2690: 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c pported protocol
26a0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
26b0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
26c0: 31 2e 36 32 20 7b 74 6c 73 2d 76 31 2d 32 3a 31 1.62 {tls-v1-2:1
26d0: 30 31 32 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 012} -constraint
26e0: 73 20 7b 74 6c 73 31 2e 32 7d 20 2d 62 6f 64 79 s {tls1.2} -body
26f0: 20 7b 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 {..badssl tls-v
2700: 31 2d 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 1-2.badssl.com:1
2710: 30 31 32 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 012. }..test
2720: 42 61 64 53 53 4c 2d 31 2e 36 33 20 7b 75 6e 74 BadSSL-1.63 {unt
2730: 72 75 73 74 65 64 2d 72 6f 6f 74 7d 20 2d 63 6f rusted-root} -co
2740: 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 nstraints {old_a
2750: 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 pi} -body {..bad
2760: 73 73 6c 20 75 6e 74 72 75 73 74 65 64 2d 72 6f ssl untrusted-ro
2770: 6f 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 ot.badssl.com.
2780: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e } -result {han
2790: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 dshake failed: c
27a0: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 ertificate verif
27b0: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 y failed due to
27c0: 22 73 65 6c 66 20 73 69 67 6e 65 64 20 63 65 72 "self signed cer
27d0: 74 69 66 69 63 61 74 65 20 69 6e 20 63 65 72 74 tificate in cert
27e0: 69 66 69 63 61 74 65 20 63 68 61 69 6e 22 7d 20 ificate chain"}
27f0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
2800: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
2810: 36 34 20 7b 75 6e 74 72 75 73 74 65 64 2d 72 6f 64 {untrusted-ro
2820: 6f 74 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 ot} -constraints
2830: 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 {new_api} -body
2840: 20 7b 0a 09 62 61 64 73 73 6c 20 75 6e 74 72 75 {..badssl untru
2850: 73 74 65 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c sted-root.badssl
2860: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
2870: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
2880: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
2890: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
28a0: 64 75 65 20 74 6f 20 22 73 65 6c 66 2d 73 69 67 due to "self-sig
28b0: 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 20 ned certificate
28c0: 69 6e 20 63 65 72 74 69 66 69 63 61 74 65 20 63 in certificate c
28d0: 68 61 69 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f hain"} -returnCo
28e0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
28f0: 64 53 53 4c 2d 31 2e 36 35 20 7b 75 70 67 72 61 dSSL-1.65 {upgra
2900: 64 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 de} -body {..bad
2910: 73 73 6c 20 75 70 67 72 61 64 65 2e 62 61 64 73 ssl upgrade.bads
2920: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
2930: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 36 20 7b st BadSSL-1.66 {
2940: 77 65 62 70 61 63 6b 2d 64 65 76 2d 73 65 72 76 webpack-dev-serv
2950: 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 er} -body {..bad
2960: 73 73 6c 20 77 65 62 70 61 63 6b 2d 64 65 76 2d ssl webpack-dev-
2970: 73 65 72 76 65 72 2e 62 61 64 73 73 6c 2e 63 6f server.badssl.co
2980: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
2990: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
29a0: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
29b0: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
29c0: 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 to "unable to g
29d0: 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 et local issuer
29e0: 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 certificate"} -r
29f0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
2a00: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 37 test BadSSL-1.67
2a10: 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 7d 20 2d 63 {wrong.host} -c
2a20: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f onstraints {old_
2a30: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 api} -body {..ba
2a40: 64 73 73 6c 20 77 72 6f 6e 67 2e 68 6f 73 74 2e dssl wrong.host.
2a50: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
2a60: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
2a70: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
2a80: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
2a90: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 48 6f ailed due to "Ho
2aa0: 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 stname mismatch"
2ab0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
2ac0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
2ad0: 31 2e 36 38 20 7b 77 72 6f 6e 67 2e 68 6f 73 74 1.68 {wrong.host
2ae0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
2af0: 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b new_api} -body {
2b00: 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e 67 2e 68 ..badssl wrong.h
2b10: 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ost.badssl.com.
2b20: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
2b30: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
2b40: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
2b50: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
2b60: 20 22 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 "hostname misma
2b70: 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 tch"} -returnCod
2b80: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
2b90: 53 53 4c 2d 31 2e 36 39 20 7b 6d 6f 7a 69 6c 6c SSL-1.69 {mozill
2ba0: 61 2d 6d 6f 64 65 72 6e 7d 20 2d 62 6f 64 79 20 a-modern} -body
2bb0: 7b 0a 09 62 61 64 73 73 6c 20 6d 6f 7a 69 6c 6c {..badssl mozill
2bc0: 61 2d 6d 6f 64 65 72 6e 2e 62 61 64 73 73 6c 2e a-modern.badssl.
2bd0: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 23 20 43 6c 65 com. }..# Cle
2be0: 61 6e 75 70 0a 3a 3a 74 63 6c 74 65 73 74 3a 3a anup.::tcltest::
2bf0: 63 6c 65 61 6e 75 70 54 65 73 74 73 0a 72 65 74 cleanupTests.ret
2c00: 75 72 6e 0a urn.