TclTLS: Hex Artifact Content

Artifact ef286e344c2086f0b8635beb13725e8027ae4c072f7ca8cc653088bf1602dfee:

File tests/badssl.test — part of check-in [3a6a1f7d03] at 2023-11-21 23:00:47 on branch crypto — Added write to channel for digest transform test cases (user: bohagan, size: 8703) [annotate] [blame] [check-ins using]
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64  # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20   test cases for 
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f  badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b  ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68  age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c   [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d  dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61   == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65  ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d  st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a  port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61  *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74  th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b   [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e  file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61  fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61  uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a  ge require tls..
0120: 23 20 46 69 6e 64 20 64 65 66 61 75 6c 74 20 43  # Find default C
0130: 41 20 63 65 72 74 69 66 69 63 61 74 65 73 20 64  A certificates d
0140: 69 72 65 63 74 6f 72 79 0a 69 66 20 7b 5b 69 6e  irectory.if {[in
0150: 66 6f 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28  fo exists ::env(
0160: 53 53 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d  SSL_CERT_FILE)]}
0170: 20 7b 73 65 74 20 3a 3a 63 61 66 69 6c 65 20 24   {set ::cafile $
0180: 3a 3a 65 6e 76 28 53 53 4c 5f 43 45 52 54 5f 46  ::env(SSL_CERT_F
0190: 49 4c 45 29 7d 20 65 6c 73 65 20 7b 73 65 74 20  ILE)} else {set 
01a0: 3a 3a 63 61 66 69 6c 65 20 5b 66 69 6c 65 20 6e  ::cafile [file n
01b0: 6f 72 6d 61 6c 69 7a 65 20 7b 43 3a 5c 55 73 65  ormalize {C:\Use
01c0: 72 73 5c 42 72 69 61 6e 5c 44 6f 63 75 6d 65 6e  rs\Brian\Documen
01d0: 74 73 5c 53 6f 75 72 63 65 5c 42 75 69 6c 64 5c  ts\Source\Build\
01e0: 53 53 4c 2d 31 2e 31 5c 63 65 72 74 73 5c 63 61  SSL-1.1\certs\ca
01f0: 63 65 72 74 2e 70 65 6d 7d 5d 7d 0a 0a 23 20 43  cert.pem}]}..# C
0200: 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f 75 72 63  onstraints.sourc
0210: 65 20 63 6f 6d 6d 6f 6e 2e 74 63 6c 0a 0a 23 20  e common.tcl..# 
0220: 48 65 6c 70 65 72 20 66 75 6e 63 74 69 6f 6e 73  Helper functions
0230: 0a 70 72 6f 63 20 62 61 64 73 73 6c 20 7b 75 72  .proc badssl {ur
0240: 6c 7d 20 7b 73 65 74 20 70 6f 72 74 20 34 34 33  l} {set port 443
0250: 0a 09 6c 61 73 73 69 67 6e 20 5b 73 70 6c 69 74  ..lassign [split
0260: 20 24 75 72 6c 20 22 3a 22 5d 20 75 72 6c 20 70   $url ":"] url p
0270: 6f 72 74 0a 09 69 66 20 7b 24 70 6f 72 74 20 65  ort..if {$port e
0280: 71 20 22 22 7d 20 7b 73 65 74 20 70 6f 72 74 20  q ""} {set port 
0290: 34 34 33 7d 0a 09 73 65 74 20 63 68 20 5b 74 6c  443}..set ch [tl
02a0: 73 3a 3a 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73  s::socket -autos
02b0: 65 72 76 65 72 6e 61 6d 65 20 31 20 2d 72 65 71  ervername 1 -req
02c0: 75 69 72 65 20 31 20 2d 63 61 66 69 6c 65 20 24  uire 1 -cafile $
02d0: 3a 3a 63 61 66 69 6c 65 20 24 75 72 6c 20 24 70  ::cafile $url $p
02e0: 6f 72 74 5d 0a 09 69 66 20 7b 5b 63 61 74 63 68  ort]..if {[catch
02f0: 20 7b 74 6c 73 3a 3a 68 61 6e 64 73 68 61 6b 65   {tls::handshake
0300: 20 24 63 68 7d 20 65 72 72 5d 7d 20 7b 63 6c 6f   $ch} err]} {clo
0310: 73 65 20 24 63 68 0a 09 72 65 74 75 72 6e 20 2d  se $ch..return -
0320: 63 6f 64 65 20 65 72 72 6f 72 20 24 65 72 72 7d  code error $err}
0330: 20 65 6c 73 65 20 7b 63 6c 6f 73 65 20 24 63 68   else {close $ch
0340: 7d 7d 0a 0a 23 20 42 61 64 53 53 4c 2e 63 6f 6d  }}..# BadSSL.com
0350: 20 54 65 73 74 73 0a 0a 0a 74 65 73 74 20 42 61   Tests...test Ba
0360: 64 53 53 4c 2d 31 2e 31 20 7b 31 30 30 30 2d 73  dSSL-1.1 {1000-s
0370: 61 6e 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ans} -body {..ba
0380: 64 73 73 6c 20 31 30 30 30 2d 73 61 6e 73 2e 62  dssl 1000-sans.b
0390: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
03a0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
03b0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
03c0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
03d0: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72  iled due to: cer
03e0: 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70  tificate has exp
03f0: 69 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64  ired} -returnCod
0400: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
0410: 53 53 4c 2d 31 2e 32 20 7b 31 30 30 30 30 2d 73  SSL-1.2 {10000-s
0420: 61 6e 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ans} -body {..ba
0430: 64 73 73 6c 20 31 30 30 30 30 2d 73 61 6e 73 2e  dssl 10000-sans.
0440: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0450: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
0460: 61 6b 65 20 66 61 69 6c 65 64 3a 20 65 78 63 65  ake failed: exce
0470: 73 73 69 76 65 20 6d 65 73 73 61 67 65 20 73 69  ssive message si
0480: 7a 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  ze} -returnCodes
0490: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
04a0: 4c 2d 31 2e 33 20 7b 33 64 65 73 7d 20 2d 62 6f  L-1.3 {3des} -bo
04b0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 33 64 65  dy {..badssl 3de
04c0: 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  s.badssl.com.   
04d0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
04e0: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73  shake failed: ss
04f0: 6c 76 33 20 61 6c 65 72 74 20 68 61 6e 64 73 68  lv3 alert handsh
0500: 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65  ake failure} -re
0510: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
0520: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20 7b  est BadSSL-1.4 {
0530: 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 7d 20  captive-portal} 
0540: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
0550: 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 2e 62  captive-portal.b
0560: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
0570: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
0580: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
0590: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
05a0: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 48 6f 73  iled due to: Hos
05b0: 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 7d 20  tname mismatch} 
05c0: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
05d0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
05e0: 35 20 7b 63 62 63 7d 20 2d 62 6f 64 79 20 7b 0a  5 {cbc} -body {.
05f0: 09 62 61 64 73 73 6c 20 63 62 63 2e 62 61 64 73  .badssl cbc.bads
0600: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0610: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 20 7b 63  st BadSSL-1.6 {c
0620: 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 69 73 73 69  lient-cert-missi
0630: 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ng} -body {..bad
0640: 73 73 6c 20 63 6c 69 65 6e 74 2d 63 65 72 74 2d  ssl client-cert-
0650: 6d 69 73 73 69 6e 67 2e 62 61 64 73 73 6c 2e 63  missing.badssl.c
0660: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
0670: 61 64 53 53 4c 2d 31 2e 37 20 7b 63 6c 69 65 6e  adSSL-1.7 {clien
0680: 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  t} -body {..bads
0690: 73 6c 20 63 6c 69 65 6e 74 2e 62 61 64 73 73 6c  sl client.badssl
06a0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
06b0: 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 64 68 2d   BadSSL-1.8 {dh-
06c0: 63 6f 6d 70 6f 73 69 74 65 7d 20 2d 62 6f 64 79  composite} -body
06d0: 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 6f   {..badssl dh-co
06e0: 6d 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e 63  mposite.badssl.c
06f0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
0700: 61 64 53 53 4c 2d 31 2e 39 20 7b 64 68 2d 73 6d  adSSL-1.9 {dh-sm
0710: 61 6c 6c 2d 73 75 62 67 72 6f 75 70 7d 20 2d 62  all-subgroup} -b
0720: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68  ody {..badssl dh
0730: 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e  -small-subgroup.
0740: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0750: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
0760: 31 30 20 7b 64 68 34 38 30 7d 20 2d 62 6f 64 79  10 {dh480} -body
0770: 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 34 38 30   {..badssl dh480
0780: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0790: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
07a0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20  hake failed: dh 
07b0: 6b 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d  key too small} -
07c0: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
07d0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31  .test BadSSL-1.1
07e0: 31 20 7b 64 68 35 31 32 7d 20 2d 62 6f 64 79 20  1 {dh512} -body 
07f0: 7b 0a 09 62 61 64 73 73 6c 20 64 68 35 31 32 2e  {..badssl dh512.
0800: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0810: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
0820: 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b  ake failed: dh k
0830: 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72  ey too small} -r
0840: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
0850: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 32  test BadSSL-1.12
0860: 20 7b 64 68 31 30 32 34 7d 20 2d 62 6f 64 79 20   {dh1024} -body 
0870: 7b 0a 09 62 61 64 73 73 6c 20 64 68 31 30 32 34  {..badssl dh1024
0880: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0890: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
08a0: 2e 31 33 20 7b 64 68 32 30 34 38 7d 20 2d 62 6f  .13 {dh2048} -bo
08b0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 32  dy {..badssl dh2
08c0: 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  048.badssl.com. 
08d0: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
08e0: 4c 2d 31 2e 31 34 20 7b 64 73 64 74 65 73 74 70  L-1.14 {dsdtestp
08f0: 72 6f 76 69 64 65 72 7d 20 2d 62 6f 64 79 20 7b  rovider} -body {
0900: 0a 09 62 61 64 73 73 6c 20 64 73 64 74 65 73 74  ..badssl dsdtest
0910: 70 72 6f 76 69 64 65 72 2e 62 61 64 73 73 6c 2e  provider.badssl.
0920: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
0930: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
0940: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
0950: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
0960: 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f  ue to: unable to
0970: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65   get local issue
0980: 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20 2d  r certificate} -
0990: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
09a0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31  .test BadSSL-1.1
09b0: 35 20 7b 65 63 63 32 35 36 7d 20 2d 62 6f 64 79  5 {ecc256} -body
09c0: 20 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 32 35   {..badssl ecc25
09d0: 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  6.badssl.com.   
09e0: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
09f0: 31 2e 31 36 20 7b 65 63 63 33 38 34 7d 20 2d 62  1.16 {ecc384} -b
0a00: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 63  ody {..badssl ec
0a10: 63 33 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  c384.badssl.com.
0a20: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53      }..test BadS
0a30: 53 4c 2d 31 2e 31 37 20 7b 65 64 65 6c 6c 72 6f  SL-1.17 {edellro
0a40: 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ot} -body {..bad
0a50: 73 73 6c 20 65 64 65 6c 6c 72 6f 6f 74 2e 62 61  ssl edellroot.ba
0a60: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
0a70: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
0a80: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
0a90: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
0aa0: 6c 65 64 20 64 75 65 20 74 6f 3a 20 75 6e 61 62  led due to: unab
0ab0: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20  le to get local 
0ac0: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61  issuer certifica
0ad0: 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  te} -returnCodes
0ae0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
0af0: 4c 2d 31 2e 31 38 20 7b 65 78 70 69 72 65 64 7d  L-1.18 {expired}
0b00: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
0b10: 20 65 78 70 69 72 65 64 2e 62 61 64 73 73 6c 2e   expired.badssl.
0b20: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
0b30: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
0b40: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
0b50: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
0b60: 75 65 20 74 6f 3a 20 63 65 72 74 69 66 69 63 61  ue to: certifica
0b70: 74 65 20 68 61 73 20 65 78 70 69 72 65 64 7d 20  te has expired} 
0b80: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
0b90: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
0ba0: 31 39 20 7b 65 78 74 65 6e 64 65 64 2d 76 61 6c  19 {extended-val
0bb0: 69 64 61 74 69 6f 6e 7d 20 2d 62 6f 64 79 20 7b  idation} -body {
0bc0: 0a 09 62 61 64 73 73 6c 20 65 78 74 65 6e 64 65  ..badssl extende
0bd0: 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2e 62 61 64  d-validation.bad
0be0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
0bf0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
0c00: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
0c10: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
0c20: 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72 74 69  ed due to: certi
0c30: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72  ficate has expir
0c40: 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  ed} -returnCodes
0c50: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
0c60: 4c 2d 31 2e 32 30 20 7b 68 73 74 73 7d 20 2d 62  L-1.20 {hsts} -b
0c70: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 73  ody {..badssl hs
0c80: 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  ts.badssl.com.  
0c90: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
0ca0: 2d 31 2e 32 31 20 7b 68 74 74 70 73 2d 65 76 65  -1.21 {https-eve
0cb0: 72 79 77 68 65 72 65 7d 20 2d 62 6f 64 79 20 7b  rywhere} -body {
0cc0: 0a 09 62 61 64 73 73 6c 20 68 74 74 70 73 2d 65  ..badssl https-e
0cd0: 76 65 72 79 77 68 65 72 65 2e 62 61 64 73 73 6c  verywhere.badssl
0ce0: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
0cf0: 20 42 61 64 53 53 4c 2d 31 2e 32 32 20 7b 69 6e   BadSSL-1.22 {in
0d00: 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 7d 20  complete-chain} 
0d10: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
0d20: 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e  incomplete-chain
0d30: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0d40: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
0d50: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72  hake failed: cer
0d60: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20  tificate verify 
0d70: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 75  failed due to: u
0d80: 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63  nable to get loc
0d90: 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66  al issuer certif
0da0: 69 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f  icate} -returnCo
0db0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
0dc0: 64 53 53 4c 2d 31 2e 32 33 20 7b 69 6e 76 61 6c  dSSL-1.23 {inval
0dd0: 69 64 2d 65 78 70 65 63 74 65 64 2d 73 63 74 7d  id-expected-sct}
0de0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
0df0: 20 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65   invalid-expecte
0e00: 64 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  d-sct.badssl.com
0e10: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
0e20: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
0e30: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
0e40: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
0e50: 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67 65  to: unable to ge
0e60: 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63  t local issuer c
0e70: 65 72 74 69 66 69 63 61 74 65 7d 20 2d 72 65 74  ertificate} -ret
0e80: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
0e90: 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 34 20 7b  st BadSSL-1.24 {
0ea0: 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d 73 75  long-extended-su
0eb0: 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63 6f 6e  bdomain-name-con
0ec0: 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c 65 74  taining-many-let
0ed0: 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 65 73 7d  ters-and-dashes}
0ee0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
0ef0: 20 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 2d 73   long-extended-s
0f00: 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 63 6f  ubdomain-name-co
0f10: 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d 6c 65  ntaining-many-le
0f20: 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 65 73  tters-and-dashes
0f30: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0f40: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0f50: 2e 32 35 20 7b 6c 6f 6e 67 65 78 74 65 6e 64 65  .25 {longextende
0f60: 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 77 69  dsubdomainnamewi
0f70: 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f 72 64  thoutdashesinord
0f80: 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 61 70  ertotestwordwrap
0f90: 70 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  ping} -body {..b
0fa0: 61 64 73 73 6c 20 6c 6f 6e 67 65 78 74 65 6e 64  adssl longextend
0fb0: 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d 65 77  edsubdomainnamew
0fc0: 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e 6f 72  ithoutdashesinor
0fd0: 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 72 61  dertotestwordwra
0fe0: 70 70 69 6e 67 2e 62 61 64 73 73 6c 2e 63 6f 6d  pping.badssl.com
0ff0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
1000: 53 53 4c 2d 31 2e 32 36 20 7b 6d 69 74 6d 2d 73  SSL-1.26 {mitm-s
1010: 6f 66 74 77 61 72 65 7d 20 2d 62 6f 64 79 20 7b  oftware} -body {
1020: 0a 09 62 61 64 73 73 6c 20 6d 69 74 6d 2d 73 6f  ..badssl mitm-so
1030: 66 74 77 61 72 65 2e 62 61 64 73 73 6c 2e 63 6f  ftware.badssl.co
1040: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
1050: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
1060: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
1070: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
1080: 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67   to: unable to g
1090: 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20  et local issuer 
10a0: 63 65 72 74 69 66 69 63 61 74 65 7d 20 2d 72 65  certificate} -re
10b0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
10c0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 37 20  est BadSSL-1.27 
10d0: 7b 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d 65 7d  {no-common-name}
10e0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
10f0: 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e 61 6d 65 2e   no-common-name.
1100: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
1110: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
1120: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
1130: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
1140: 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65  ailed due to: ce
1150: 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78  rtificate has ex
1160: 70 69 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f  pired} -returnCo
1170: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1180: 64 53 53 4c 2d 31 2e 32 38 20 7b 6e 6f 2d 73 63  dSSL-1.28 {no-sc
1190: 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  t} -body {..bads
11a0: 73 6c 20 6e 6f 2d 73 63 74 2e 62 61 64 73 73 6c  sl no-sct.badssl
11b0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
11c0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
11d0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
11e0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
11f0: 64 75 65 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74  due to: unable t
1200: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75  o get local issu
1210: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 7d 20  er certificate} 
1220: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
1230: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1240: 32 39 20 7b 6e 6f 2d 73 75 62 6a 65 63 74 7d 20  29 {no-subject} 
1250: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1260: 6e 6f 2d 73 75 62 6a 65 63 74 2e 62 61 64 73 73  no-subject.badss
1270: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
1280: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
1290: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
12a0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
12b0: 20 64 75 65 20 74 6f 3a 20 63 65 72 74 69 66 69   due to: certifi
12c0: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64  cate has expired
12d0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
12e0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
12f0: 31 2e 33 30 20 7b 6e 75 6c 6c 7d 20 2d 62 6f 64  1.30 {null} -bod
1300: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6e 75 6c 6c  y {..badssl null
1310: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
1320: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
1330: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c  hake failed: ssl
1340: 76 33 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61  v3 alert handsha
1350: 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74  ke failure} -ret
1360: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
1370: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 31 20 7b  st BadSSL-1.31 {
1380: 70 69 6e 6e 69 6e 67 2d 74 65 73 74 7d 20 2d 62  pinning-test} -b
1390: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 70 69  ody {..badssl pi
13a0: 6e 6e 69 6e 67 2d 74 65 73 74 2e 62 61 64 73 73  nning-test.badss
13b0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73  l.com.    }..tes
13c0: 74 20 42 61 64 53 53 4c 2d 31 2e 33 32 20 7b 70  t BadSSL-1.32 {p
13d0: 72 65 61 63 74 2d 63 6c 69 7d 20 2d 62 6f 64 79  react-cli} -body
13e0: 20 7b 0a 09 62 61 64 73 73 6c 20 70 72 65 61 63   {..badssl preac
13f0: 74 2d 63 6c 69 2e 62 61 64 73 73 6c 2e 63 6f 6d  t-cli.badssl.com
1400: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
1410: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
1420: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
1430: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
1440: 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67 65  to: unable to ge
1450: 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63  t local issuer c
1460: 65 72 74 69 66 69 63 61 74 65 7d 20 2d 72 65 74  ertificate} -ret
1470: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
1480: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 33 20 7b  st BadSSL-1.33 {
1490: 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 7d 20  preloaded-hsts} 
14a0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
14b0: 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 2e 62  preloaded-hsts.b
14c0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a  adssl.com.    }.
14d0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33  .test BadSSL-1.3
14e0: 34 20 7b 72 63 34 2d 6d 64 35 7d 20 2d 62 6f 64  4 {rc4-md5} -bod
14f0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 63 34 2d  y {..badssl rc4-
1500: 6d 64 35 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  md5.badssl.com. 
1510: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
1520: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
1530: 73 73 6c 76 33 20 61 6c 65 72 74 20 68 61 6e 64  sslv3 alert hand
1540: 73 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d  shake failure} -
1550: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
1560: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33  .test BadSSL-1.3
1570: 35 20 7b 72 63 34 7d 20 2d 62 6f 64 79 20 7b 0a  5 {rc4} -body {.
1580: 09 62 61 64 73 73 6c 20 72 63 34 2e 62 61 64 73  .badssl rc4.bads
1590: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
15a0: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
15b0: 66 61 69 6c 65 64 3a 20 73 73 6c 76 33 20 61 6c  failed: sslv3 al
15c0: 65 72 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61  ert handshake fa
15d0: 69 6c 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f  ilure} -returnCo
15e0: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
15f0: 64 53 53 4c 2d 31 2e 33 36 20 7b 72 65 76 6f 6b  dSSL-1.36 {revok
1600: 65 64 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ed} -body {..bad
1610: 73 73 6c 20 72 65 76 6f 6b 65 64 2e 62 61 64 73  ssl revoked.bads
1620: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
1630: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
1640: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63  failed: certific
1650: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65  ate verify faile
1660: 64 20 64 75 65 20 74 6f 3a 20 63 65 72 74 69 66  d due to: certif
1670: 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65  icate has expire
1680: 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  d} -returnCodes 
1690: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
16a0: 2d 31 2e 33 37 20 7b 72 73 61 32 30 34 38 7d 20  -1.37 {rsa2048} 
16b0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
16c0: 72 73 61 32 30 34 38 2e 62 61 64 73 73 6c 2e 63  rsa2048.badssl.c
16d0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
16e0: 61 64 53 53 4c 2d 31 2e 33 38 20 7b 72 73 61 34  adSSL-1.38 {rsa4
16f0: 30 39 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  096} -body {..ba
1700: 64 73 73 6c 20 72 73 61 34 30 39 36 2e 62 61 64  dssl rsa4096.bad
1710: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74  ssl.com.    }..t
1720: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 39 20  est BadSSL-1.39 
1730: 7b 72 73 61 38 31 39 32 7d 20 2d 62 6f 64 79 20  {rsa8192} -body 
1740: 7b 0a 09 62 61 64 73 73 6c 20 72 73 61 38 31 39  {..badssl rsa819
1750: 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  2.badssl.com.   
1760: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
1770: 31 2e 34 30 20 7b 73 65 6c 66 2d 73 69 67 6e 65  1.40 {self-signe
1780: 64 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  d} -body {..bads
1790: 73 6c 20 73 65 6c 66 2d 73 69 67 6e 65 64 2e 62  sl self-signed.b
17a0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
17b0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
17c0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
17d0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
17e0: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 73 65 6c  iled due to: sel
17f0: 66 20 73 69 67 6e 65 64 20 63 65 72 74 69 66 69  f signed certifi
1800: 63 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64  cate} -returnCod
1810: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
1820: 53 53 4c 2d 31 2e 34 31 20 7b 73 68 61 31 2d 32  SSL-1.41 {sha1-2
1830: 30 31 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  016} -body {..ba
1840: 64 73 73 6c 20 73 68 61 31 2d 32 30 31 36 2e 62  dssl sha1-2016.b
1850: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
1860: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
1870: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
1880: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
1890: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 75 6e 61  iled due to: una
18a0: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c  ble to get local
18b0: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63   issuer certific
18c0: 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  ate} -returnCode
18d0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
18e0: 53 4c 2d 31 2e 34 32 20 7b 73 68 61 31 2d 32 30  SL-1.42 {sha1-20
18f0: 31 37 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  17} -body {..bad
1900: 73 73 6c 20 73 68 61 31 2d 32 30 31 37 2e 62 61  ssl sha1-2017.ba
1910: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
1920: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
1930: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1940: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1950: 6c 65 64 20 64 75 65 20 74 6f 3a 20 63 65 72 74  led due to: cert
1960: 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69  ificate has expi
1970: 72 65 64 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  red} -returnCode
1980: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
1990: 53 4c 2d 31 2e 34 33 20 7b 73 68 61 31 2d 69 6e  SL-1.43 {sha1-in
19a0: 74 65 72 6d 65 64 69 61 74 65 7d 20 2d 62 6f 64  termediate} -bod
19b0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 31  y {..badssl sha1
19c0: 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 62 61  -intermediate.ba
19d0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
19e0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
19f0: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
1a00: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
1a10: 6c 65 64 20 64 75 65 20 74 6f 3a 20 75 6e 61 62  led due to: unab
1a20: 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20  le to get local 
1a30: 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61  issuer certifica
1a40: 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  te} -returnCodes
1a50: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1a60: 4c 2d 31 2e 34 34 20 7b 73 68 61 32 35 36 7d 20  L-1.44 {sha256} 
1a70: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1a80: 73 68 61 32 35 36 2e 62 61 64 73 73 6c 2e 63 6f  sha256.badssl.co
1a90: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
1aa0: 64 53 53 4c 2d 31 2e 34 35 20 7b 73 68 61 33 38  dSSL-1.45 {sha38
1ab0: 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  4} -body {..bads
1ac0: 73 6c 20 73 68 61 33 38 34 2e 62 61 64 73 73 6c  sl sha384.badssl
1ad0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
1ae0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
1af0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
1b00: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
1b10: 64 75 65 20 74 6f 3a 20 63 65 72 74 69 66 69 63  due to: certific
1b20: 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 7d  ate has expired}
1b30: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
1b40: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
1b50: 2e 34 36 20 7b 73 68 61 35 31 32 7d 20 2d 62 6f  .46 {sha512} -bo
1b60: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61  dy {..badssl sha
1b70: 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  512.badssl.com. 
1b80: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
1b90: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
1ba0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
1bb0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
1bc0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 68 61  : certificate ha
1bd0: 73 20 65 78 70 69 72 65 64 7d 20 2d 72 65 74 75  s expired} -retu
1be0: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
1bf0: 74 20 42 61 64 53 53 4c 2d 31 2e 34 37 20 7b 73  t BadSSL-1.47 {s
1c00: 74 61 74 69 63 2d 72 73 61 7d 20 2d 62 6f 64 79  tatic-rsa} -body
1c10: 20 7b 0a 09 62 61 64 73 73 6c 20 73 74 61 74 69   {..badssl stati
1c20: 63 2d 72 73 61 2e 62 61 64 73 73 6c 2e 63 6f 6d  c-rsa.badssl.com
1c30: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
1c40: 53 53 4c 2d 31 2e 34 38 20 7b 73 75 62 64 6f 6d  SSL-1.48 {subdom
1c50: 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d 68 73  ain.preloaded-hs
1c60: 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ts} -body {..bad
1c70: 73 73 6c 20 73 75 62 64 6f 6d 61 69 6e 2e 70 72  ssl subdomain.pr
1c80: 65 6c 6f 61 64 65 64 2d 68 73 74 73 2e 62 61 64  eloaded-hsts.bad
1c90: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
1ca0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
1cb0: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
1cc0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
1cd0: 65 64 20 64 75 65 20 74 6f 3a 20 48 6f 73 74 6e  ed due to: Hostn
1ce0: 61 6d 65 20 6d 69 73 6d 61 74 63 68 7d 20 2d 72  ame mismatch} -r
1cf0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
1d00: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 39  test BadSSL-1.49
1d10: 20 7b 73 75 70 65 72 66 69 73 68 7d 20 2d 62 6f   {superfish} -bo
1d20: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 75 70  dy {..badssl sup
1d30: 65 72 66 69 73 68 2e 62 61 64 73 73 6c 2e 63 6f  erfish.badssl.co
1d40: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
1d50: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
1d60: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
1d70: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
1d80: 20 74 6f 3a 20 75 6e 61 62 6c 65 20 74 6f 20 67   to: unable to g
1d90: 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20  et local issuer 
1da0: 63 65 72 74 69 66 69 63 61 74 65 7d 20 2d 72 65  certificate} -re
1db0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
1dc0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 30 20  est BadSSL-1.50 
1dd0: 7b 74 6c 73 2d 76 31 2d 30 3a 31 30 31 30 7d 20  {tls-v1-0:1010} 
1de0: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c  -constraints {tl
1df0: 73 31 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  s1} -body {..bad
1e00: 73 73 6c 20 74 6c 73 2d 76 31 2d 30 2e 62 61 64  ssl tls-v1-0.bad
1e10: 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 0a 20 20 20  ssl.com:1010.   
1e20: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d   }..test BadSSL-
1e30: 31 2e 35 31 20 7b 74 6c 73 2d 76 31 2d 31 3a 31  1.51 {tls-v1-1:1
1e40: 30 31 31 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74  011} -constraint
1e50: 73 20 7b 74 6c 73 31 2e 31 7d 20 2d 62 6f 64 79  s {tls1.1} -body
1e60: 20 7b 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76   {..badssl tls-v
1e70: 31 2d 31 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31  1-1.badssl.com:1
1e80: 30 31 31 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20  011.    }..test 
1e90: 42 61 64 53 53 4c 2d 31 2e 35 32 20 7b 74 6c 73  BadSSL-1.52 {tls
1ea0: 2d 76 31 2d 32 3a 31 30 31 32 7d 20 2d 63 6f 6e  -v1-2:1012} -con
1eb0: 73 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 2e 32  straints {tls1.2
1ec0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
1ed0: 6c 20 74 6c 73 2d 76 31 2d 32 2e 62 61 64 73 73  l tls-v1-2.badss
1ee0: 6c 2e 63 6f 6d 3a 31 30 31 32 0a 20 20 20 20 7d  l.com:1012.    }
1ef0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
1f00: 35 33 20 7b 75 6e 74 72 75 73 74 65 64 2d 72 6f  53 {untrusted-ro
1f10: 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ot} -body {..bad
1f20: 73 73 6c 20 75 6e 74 72 75 73 74 65 64 2d 72 6f  ssl untrusted-ro
1f30: 6f 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  ot.badssl.com.  
1f40: 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e    } -result {han
1f50: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63  dshake failed: c
1f60: 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66  ertificate verif
1f70: 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 3a  y failed due to:
1f80: 20 73 65 6c 66 20 73 69 67 6e 65 64 20 63 65 72   self signed cer
1f90: 74 69 66 69 63 61 74 65 20 69 6e 20 63 65 72 74  tificate in cert
1fa0: 69 66 69 63 61 74 65 20 63 68 61 69 6e 7d 20 2d  ificate chain} -
1fb0: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
1fc0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35  .test BadSSL-1.5
1fd0: 34 20 7b 75 70 67 72 61 64 65 7d 20 2d 62 6f 64  4 {upgrade} -bod
1fe0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 75 70 67 72  y {..badssl upgr
1ff0: 61 64 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  ade.badssl.com. 
2000: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
2010: 4c 2d 31 2e 35 35 20 7b 77 65 62 70 61 63 6b 2d  L-1.55 {webpack-
2020: 64 65 76 2d 73 65 72 76 65 72 7d 20 2d 62 6f 64  dev-server} -bod
2030: 79 20 7b 0a 09 62 61 64 73 73 6c 20 77 65 62 70  y {..badssl webp
2040: 61 63 6b 2d 64 65 76 2d 73 65 72 76 65 72 2e 62  ack-dev-server.b
2050: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
2060: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
2070: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
2080: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
2090: 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 75 6e 61  iled due to: una
20a0: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c  ble to get local
20b0: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63   issuer certific
20c0: 61 74 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  ate} -returnCode
20d0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
20e0: 53 4c 2d 31 2e 35 36 20 7b 77 72 6f 6e 67 2e 68  SL-1.56 {wrong.h
20f0: 6f 73 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ost} -body {..ba
2100: 64 73 73 6c 20 77 72 6f 6e 67 2e 68 6f 73 74 2e  dssl wrong.host.
2110: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
2120: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
2130: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
2140: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
2150: 61 69 6c 65 64 20 64 75 65 20 74 6f 3a 20 48 6f  ailed due to: Ho
2160: 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 7d  stname mismatch}
2170: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
2180: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
2190: 2e 35 37 20 7b 6d 6f 7a 69 6c 6c 61 2d 6d 6f 64  .57 {mozilla-mod
21a0: 65 72 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  ern} -body {..ba
21b0: 64 73 73 6c 20 6d 6f 7a 69 6c 6c 61 2d 6d 6f 64  dssl mozilla-mod
21c0: 65 72 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  ern.badssl.com. 
21d0: 20 20 20 7d 0a 0a 23 20 43 6c 65 61 6e 75 70 0a     }..# Cleanup.
21e0: 3a 3a 74 63 6c 74 65 73 74 3a 3a 63 6c 65 61 6e  ::tcltest::clean
21f0: 75 70 54 65 73 74 73 0a 72 65 74 75 72 6e 0a     upTests.return.