Artifact
f607619273735fb8a683381d51372af2894d775b50db1971759ad882487006f0:
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64 # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20 test cases for
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68 age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61 == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65 ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61 *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74 th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61 fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61 uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a ge require tls..
0120: 23 20 43 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f # Constraints.so
0130: 75 72 63 65 20 5b 66 69 6c 65 20 6a 6f 69 6e 20 urce [file join
0140: 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 [file dirname [i
0150: 6e 66 6f 20 73 63 72 69 70 74 5d 5d 20 63 6f 6d nfo script]] com
0160: 6d 6f 6e 2e 74 63 6c 5d 0a 0a 23 20 48 65 6c 70 mon.tcl]..# Help
0170: 65 72 20 66 75 6e 63 74 69 6f 6e 73 0a 70 72 6f er functions.pro
0180: 63 20 62 61 64 73 73 6c 20 7b 75 72 6c 7d 20 7b c badssl {url} {
0190: 73 65 74 20 70 6f 72 74 20 34 34 33 3b 6c 61 73 set port 443;las
01a0: 73 69 67 6e 20 5b 73 70 6c 69 74 20 24 75 72 6c sign [split $url
01b0: 20 22 3a 22 5d 20 75 72 6c 20 70 6f 72 74 3b 69 ":"] url port;i
01c0: 66 20 7b 24 70 6f 72 74 20 65 71 20 22 22 7d 20 f {$port eq ""}
01d0: 7b 73 65 74 20 70 6f 72 74 20 34 34 33 7d 3b 73 {set port 443};s
01e0: 65 74 20 63 6d 64 20 5b 6c 69 73 74 20 74 6c 73 et cmd [list tls
01f0: 3a 3a 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73 65 ::socket -autose
0200: 72 76 65 72 6e 61 6d 65 20 31 20 2d 72 65 71 75 rvername 1 -requ
0210: 69 72 65 20 31 5d 3b 69 66 20 7b 5b 69 6e 66 6f ire 1];if {[info
0220: 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28 53 53 exists ::env(SS
0230: 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d 20 7b L_CERT_FILE)]} {
0240: 6c 61 70 70 65 6e 64 20 63 6d 64 20 2d 63 61 66 lappend cmd -caf
0250: 69 6c 65 20 24 3a 3a 65 6e 76 28 53 53 4c 5f 43 ile $::env(SSL_C
0260: 45 52 54 5f 46 49 4c 45 29 7d 3b 6c 61 70 70 65 ERT_FILE)};lappe
0270: 6e 64 20 63 6d 64 20 24 75 72 6c 20 24 70 6f 72 nd cmd $url $por
0280: 74 3b 73 65 74 20 63 68 20 5b 65 76 61 6c 20 24 t;set ch [eval $
0290: 63 6d 64 5d 3b 69 66 20 7b 5b 63 61 74 63 68 20 cmd];if {[catch
02a0: 7b 74 6c 73 3a 3a 68 61 6e 64 73 68 61 6b 65 20 {tls::handshake
02b0: 24 63 68 7d 20 65 72 72 5d 7d 20 7b 63 6c 6f 73 $ch} err]} {clos
02c0: 65 20 24 63 68 3b 72 65 74 75 72 6e 20 2d 63 6f e $ch;return -co
02d0: 64 65 20 65 72 72 6f 72 20 24 65 72 72 7d 20 65 de error $err} e
02e0: 6c 73 65 20 7b 63 6c 6f 73 65 20 24 63 68 7d 7d lse {close $ch}}
02f0: 0a 0a 23 20 42 61 64 53 53 4c 2e 63 6f 6d 20 54 ..# BadSSL.com T
0300: 65 73 74 73 0a 0a 0a 74 65 73 74 20 42 61 64 53 ests...test BadS
0310: 53 4c 2d 31 2e 31 20 7b 31 30 30 30 2d 73 61 6e SL-1.1 {1000-san
0320: 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 s} -body {..bads
0330: 73 6c 20 31 30 30 30 2d 73 61 6e 73 2e 62 61 64 sl 1000-sans.bad
0340: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0350: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0360: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
0370: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
0380: 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 ed due to "certi
0390: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 ficate has expir
03a0: 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ed"} -returnCode
03b0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
03c0: 53 4c 2d 31 2e 32 20 7b 31 30 30 30 30 2d 73 61 SL-1.2 {10000-sa
03d0: 6e 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 ns} -body {..bad
03e0: 73 73 6c 20 31 30 30 30 30 2d 73 61 6e 73 2e 62 ssl 10000-sans.b
03f0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
0400: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
0410: 6b 65 20 66 61 69 6c 65 64 3a 20 65 78 63 65 73 ke failed: exces
0420: 73 69 76 65 20 6d 65 73 73 61 67 65 20 73 69 7a sive message siz
0430: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 e} -returnCodes
0440: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0450: 2d 31 2e 33 20 7b 33 64 65 73 7d 20 2d 62 6f 64 -1.3 {3des} -bod
0460: 79 20 7b 0a 09 62 61 64 73 73 6c 20 33 64 65 73 y {..badssl 3des
0470: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0480: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
0490: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c hake failed: ssl
04a0: 2f 74 6c 73 20 61 6c 65 72 74 20 68 61 6e 64 73 /tls alert hands
04b0: 68 61 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 hake failure} -r
04c0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
04d0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20 test BadSSL-1.4
04e0: 7b 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 7d {captive-portal}
04f0: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f -constraints {o
0500: 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ld_api} -body {.
0510: 09 62 61 64 73 73 6c 20 63 61 70 74 69 76 65 2d .badssl captive-
0520: 70 6f 72 74 61 6c 2e 62 61 64 73 73 6c 2e 63 6f portal.badssl.co
0530: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 m. } -result
0540: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 {handshake faile
0550: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 d: certificate v
0560: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 erify failed due
0570: 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 to "Hostname mi
0580: 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e smatch"} -return
0590: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
05a0: 42 61 64 53 53 4c 2d 31 2e 35 20 7b 63 61 70 74 BadSSL-1.5 {capt
05b0: 69 76 65 2d 70 6f 72 74 61 6c 7d 20 2d 63 6f 6e ive-portal} -con
05c0: 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 straints {new_ap
05d0: 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 i} -body {..bads
05e0: 73 6c 20 63 61 70 74 69 76 65 2d 70 6f 72 74 61 sl captive-porta
05f0: 6c 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 l.badssl.com.
0600: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
0610: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
0620: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
0630: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
0640: 68 6f 73 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 hostname mismatc
0650: 68 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 h"} -returnCodes
0660: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
0670: 4c 2d 31 2e 36 20 7b 63 62 63 7d 20 2d 62 6f 64 L-1.6 {cbc} -bod
0680: 79 20 7b 0a 09 62 61 64 73 73 6c 20 63 62 63 2e y {..badssl cbc.
0690: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
06a0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
06b0: 37 20 7b 63 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 7 {client-cert-m
06c0: 69 73 73 69 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a issing} -body {.
06d0: 09 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2d 63 .badssl client-c
06e0: 65 72 74 2d 6d 69 73 73 69 6e 67 2e 62 61 64 73 ert-missing.bads
06f0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
0700: 73 74 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 63 st BadSSL-1.8 {c
0710: 6c 69 65 6e 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 lient} -body {..
0720: 62 61 64 73 73 6c 20 63 6c 69 65 6e 74 2e 62 61 badssl client.ba
0730: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a dssl.com. }..
0740: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 39 20 test BadSSL-1.9
0750: 7b 64 68 2d 63 6f 6d 70 6f 73 69 74 65 7d 20 2d {dh-composite} -
0760: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6f 6c 64 constraints {old
0770: 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 _api} -body {..b
0780: 61 64 73 73 6c 20 64 68 2d 63 6f 6d 70 6f 73 69 adssl dh-composi
0790: 74 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 te.badssl.com.
07a0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
07b0: 2d 31 2e 31 30 20 7b 64 68 2d 63 6f 6d 70 6f 73 -1.10 {dh-compos
07c0: 69 74 65 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 ite} -constraint
07d0: 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 s {new_api} -bod
07e0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 y {..badssl dh-c
07f0: 6f 6d 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e omposite.badssl.
0800: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
0810: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
0820: 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 led: dh key too
0830: 73 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f small} -returnCo
0840: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 des {1}..test Ba
0850: 64 53 53 4c 2d 31 2e 31 31 20 7b 64 68 2d 73 6d dSSL-1.11 {dh-sm
0860: 61 6c 6c 2d 73 75 62 67 72 6f 75 70 7d 20 2d 62 all-subgroup} -b
0870: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 ody {..badssl dh
0880: 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e -small-subgroup.
0890: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
08a0: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
08b0: 31 32 20 7b 64 68 34 38 30 7d 20 2d 63 6f 6e 73 12 {dh480} -cons
08c0: 74 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 traints {old_api
08d0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
08e0: 6c 20 64 68 34 38 30 2e 62 61 64 73 73 6c 2e 63 l dh480.badssl.c
08f0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
0900: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
0910: 65 64 3a 20 64 68 20 6b 65 79 20 74 6f 6f 20 73 ed: dh key too s
0920: 6d 61 6c 6c 7d 20 2d 72 65 74 75 72 6e 43 6f 64 mall} -returnCod
0930: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
0940: 53 53 4c 2d 31 2e 31 33 20 7b 64 68 34 38 30 7d SSL-1.13 {dh480}
0950: 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e -constraints {n
0960: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ew_api} -body {.
0970: 09 62 61 64 73 73 6c 20 64 68 34 38 30 2e 62 61 .badssl dh480.ba
0980: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
0990: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
09a0: 65 20 66 61 69 6c 65 64 3a 20 6d 6f 64 75 6c 75 e failed: modulu
09b0: 73 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 s too small} -re
09c0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
09d0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 34 20 est BadSSL-1.14
09e0: 7b 64 68 35 31 32 7d 20 2d 62 6f 64 79 20 7b 0a {dh512} -body {.
09f0: 09 62 61 64 73 73 6c 20 64 68 35 31 32 2e 62 61 .badssl dh512.ba
0a00: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
0a10: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
0a20: 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 e failed: dh key
0a30: 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 65 74 too small} -ret
0a40: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
0a50: 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 35 20 7b st BadSSL-1.15 {
0a60: 64 68 31 30 32 34 7d 20 2d 63 6f 6e 73 74 72 61 dh1024} -constra
0a70: 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d ints {old_api} -
0a80: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 body {..badssl d
0a90: 68 31 30 32 34 2e 62 61 64 73 73 6c 2e 63 6f 6d h1024.badssl.com
0aa0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 . }..test Bad
0ab0: 53 53 4c 2d 31 2e 31 36 20 7b 64 68 31 30 32 34 SSL-1.16 {dh1024
0ac0: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
0ad0: 6e 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b new_api} -body {
0ae0: 0a 09 62 61 64 73 73 6c 20 64 68 31 30 32 34 2e ..badssl dh1024.
0af0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0b00: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
0b10: 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b ake failed: dh k
0b20: 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72 ey too small} -r
0b30: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a eturnCodes {1}..
0b40: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 37 test BadSSL-1.17
0b50: 20 7b 64 68 32 30 34 38 7d 20 2d 62 6f 64 79 20 {dh2048} -body
0b60: 7b 0a 09 62 61 64 73 73 6c 20 64 68 32 30 34 38 {..badssl dh2048
0b70: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
0b80: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
0b90: 2e 31 38 20 7b 64 73 64 74 65 73 74 70 72 6f 76 .18 {dsdtestprov
0ba0: 69 64 65 72 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 ider} -body {..b
0bb0: 61 64 73 73 6c 20 64 73 64 74 65 73 74 70 72 6f adssl dsdtestpro
0bc0: 76 69 64 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d vider.badssl.com
0bd0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
0be0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0bf0: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
0c00: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
0c10: 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 to "unable to ge
0c20: 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 t local issuer c
0c30: 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 ertificate"} -re
0c40: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
0c50: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 39 20 est BadSSL-1.19
0c60: 7b 65 63 63 32 35 36 7d 20 2d 62 6f 64 79 20 7b {ecc256} -body {
0c70: 0a 09 62 61 64 73 73 6c 20 65 63 63 32 35 36 2e ..badssl ecc256.
0c80: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
0c90: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
0ca0: 32 30 20 7b 65 63 63 33 38 34 7d 20 2d 62 6f 64 20 {ecc384} -bod
0cb0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 33 y {..badssl ecc3
0cc0: 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 84.badssl.com.
0cd0: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c }..test BadSSL
0ce0: 2d 31 2e 32 31 20 7b 65 64 65 6c 6c 72 6f 6f 74 -1.21 {edellroot
0cf0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
0d00: 6c 20 65 64 65 6c 6c 72 6f 6f 74 2e 62 61 64 73 l edellroot.bads
0d10: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 sl.com. } -re
0d20: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 sult {handshake
0d30: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 failed: certific
0d40: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 ate verify faile
0d50: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 d due to "unable
0d60: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 to get local is
0d70: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 suer certificate
0d80: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 "} -returnCodes
0d90: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c {1}..test BadSSL
0da0: 2d 31 2e 32 32 20 7b 65 78 70 69 72 65 64 7d 20 -1.22 {expired}
0db0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
0dc0: 65 78 70 69 72 65 64 2e 62 61 64 73 73 6c 2e 63 expired.badssl.c
0dd0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
0de0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
0df0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
0e00: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
0e10: 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 e to "certificat
0e20: 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 e has expired"}
0e30: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d -returnCodes {1}
0e40: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e ..test BadSSL-1.
0e50: 32 33 20 7b 65 78 74 65 6e 64 65 64 2d 76 61 6c 23 {extended-val
0e60: 69 64 61 74 69 6f 6e 7d 20 2d 62 6f 64 79 20 7b idation} -body {
0e70: 0a 09 62 61 64 73 73 6c 20 65 78 74 65 6e 64 65 ..badssl extende
0e80: 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2e 62 61 64 d-validation.bad
0e90: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
0ea0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
0eb0: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
0ec0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
0ed0: 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 ed due to "certi
0ee0: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 ficate has expir
0ef0: 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ed"} -returnCode
0f00: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
0f10: 53 4c 2d 31 2e 32 34 20 7b 68 73 74 73 7d 20 2d SL-1.24 {hsts} -
0f20: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 body {..badssl h
0f30: 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 sts.badssl.com.
0f40: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
0f50: 4c 2d 31 2e 32 35 20 7b 68 74 74 70 73 2d 65 76 L-1.25 {https-ev
0f60: 65 72 79 77 68 65 72 65 7d 20 2d 62 6f 64 79 20 erywhere} -body
0f70: 7b 0a 09 62 61 64 73 73 6c 20 68 74 74 70 73 2d {..badssl https-
0f80: 65 76 65 72 79 77 68 65 72 65 2e 62 61 64 73 73 everywhere.badss
0f90: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 l.com. }..tes
0fa0: 74 20 42 61 64 53 53 4c 2d 31 2e 32 36 20 7b 69 t BadSSL-1.26 {i
0fb0: 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 6e 7d ncomplete-chain}
0fc0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
0fd0: 20 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61 69 incomplete-chai
0fe0: 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 n.badssl.com.
0ff0: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
1000: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
1010: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
1020: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
1030: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f unable to get lo
1040: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 cal issuer certi
1050: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e ficate"} -return
1060: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1070: 42 61 64 53 53 4c 2d 31 2e 32 37 20 7b 69 6e 76 BadSSL-1.27 {inv
1080: 61 6c 69 64 2d 65 78 70 65 63 74 65 64 2d 73 63 alid-expected-sc
1090: 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 t} -body {..bads
10a0: 73 6c 20 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 sl invalid-expec
10b0: 74 65 64 2d 73 63 74 2e 62 61 64 73 73 6c 2e 63 ted-sct.badssl.c
10c0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
10d0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
10e0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
10f0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
1100: 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 e to "unable to
1110: 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 get local issuer
1120: 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d certificate"} -
1130: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a returnCodes {1}.
1140: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 .test BadSSL-1.2
1150: 38 20 7b 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 64 8 {long-extended
1160: 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d -subdomain-name-
1170: 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 2d containing-many-
1180: 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 68 letters-and-dash
1190: 65 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 es} -body {..bad
11a0: 73 73 6c 20 6c 6f 6e 67 2d 65 78 74 65 6e 64 65 ssl long-extende
11b0: 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61 6d 65 d-subdomain-name
11c0: 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61 6e 79 -containing-many
11d0: 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64 61 73 -letters-and-das
11e0: 68 65 73 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 hes.badssl.com.
11f0: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
1200: 4c 2d 31 2e 32 39 20 7b 6c 6f 6e 67 65 78 74 65 L-1.29 {longexte
1210: 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 6d ndedsubdomainnam
1220: 65 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 6e ewithoutdashesin
1230: 6f 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 77 ordertotestwordw
1240: 72 61 70 70 69 6e 67 7d 20 2d 62 6f 64 79 20 7b rapping} -body {
1250: 0a 09 62 61 64 73 73 6c 20 6c 6f 6e 67 65 78 74 ..badssl longext
1260: 65 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e 6e 61 endedsubdomainna
1270: 6d 65 77 69 74 68 6f 75 74 64 61 73 68 65 73 69 mewithoutdashesi
1280: 6e 6f 72 64 65 72 74 6f 74 65 73 74 77 6f 72 64 nordertotestword
1290: 77 72 61 70 70 69 6e 67 2e 62 61 64 73 73 6c 2e wrapping.badssl.
12a0: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
12b0: 42 61 64 53 53 4c 2d 31 2e 33 30 20 7b 6d 69 74 BadSSL-1.30 {mit
12c0: 6d 2d 73 6f 66 74 77 61 72 65 7d 20 2d 62 6f 64 m-software} -bod
12d0: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d 69 74 6d y {..badssl mitm
12e0: 2d 73 6f 66 74 77 61 72 65 2e 62 61 64 73 73 6c -software.badssl
12f0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
1300: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
1310: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
1320: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
1330: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 due to "unable t
1340: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
1350: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d er certificate"}
1360: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1370: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1380: 2e 33 31 20 7b 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e .31 {no-common-n
1390: 61 6d 65 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 ame} -body {..ba
13a0: 64 73 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f 6e 2d 6e dssl no-common-n
13b0: 61 6d 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 ame.badssl.com.
13c0: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 } -result {ha
13d0: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 ndshake failed:
13e0: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69 certificate veri
13f0: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f fy failed due to
1400: 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61 "certificate ha
1410: 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74 s expired"} -ret
1420: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
1430: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 32 20 7b st BadSSL-1.32 {
1440: 6e 6f 2d 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a no-sct} -body {.
1450: 09 62 61 64 73 73 6c 20 6e 6f 2d 73 63 74 2e 62 .badssl no-sct.b
1460: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
1470: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
1480: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
1490: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
14a0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 iled due to "una
14b0: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c ble to get local
14c0: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 issuer certific
14d0: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ate"} -returnCod
14e0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
14f0: 53 53 4c 2d 31 2e 33 33 20 7b 6e 6f 2d 73 75 62 SSL-1.33 {no-sub
1500: 6a 65 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 ject} -body {..b
1510: 61 64 73 73 6c 20 6e 6f 2d 73 75 62 6a 65 63 74 adssl no-subject
1520: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1530: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1540: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1550: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1560: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 failed due to "c
1570: 65 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 ertificate has e
1580: 78 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e xpired"} -return
1590: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
15a0: 42 61 64 53 53 4c 2d 31 2e 33 34 20 7b 6e 75 6c BadSSL-1.34 {nul
15b0: 6c 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 l} -body {..bads
15c0: 73 6c 20 6e 75 6c 6c 2e 62 61 64 73 73 6c 2e 63 sl null.badssl.c
15d0: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
15e0: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
15f0: 65 64 3a 20 73 73 6c 2f 74 6c 73 20 61 6c 65 72 ed: ssl/tls aler
1600: 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c t handshake fail
1610: 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ure} -returnCode
1620: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
1630: 53 4c 2d 31 2e 33 35 20 7b 70 69 6e 6e 69 6e 67 SL-1.35 {pinning
1640: 2d 74 65 73 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 -test} -body {..
1650: 62 61 64 73 73 6c 20 70 69 6e 6e 69 6e 67 2d 74 badssl pinning-t
1660: 65 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 est.badssl.com.
1670: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 }..test BadSS
1680: 4c 2d 31 2e 33 36 20 7b 70 72 65 61 63 74 2d 63 L-1.36 {preact-c
1690: 6c 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 li} -body {..bad
16a0: 73 73 6c 20 70 72 65 61 63 74 2d 63 6c 69 2e 62 ssl preact-cli.b
16b0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 adssl.com. }
16c0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 -result {handsha
16d0: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 ke failed: certi
16e0: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 ficate verify fa
16f0: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 iled due to "una
1700: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c ble to get local
1710: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63 issuer certific
1720: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ate"} -returnCod
1730: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
1740: 53 53 4c 2d 31 2e 33 37 20 7b 70 72 65 6c 6f 61 SSL-1.37 {preloa
1750: 64 65 64 2d 68 73 74 73 7d 20 2d 62 6f 64 79 20 ded-hsts} -body
1760: 7b 0a 09 62 61 64 73 73 6c 20 70 72 65 6c 6f 61 {..badssl preloa
1770: 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c 2e ded-hsts.badssl.
1780: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 com. }..test
1790: 42 61 64 53 53 4c 2d 31 2e 33 38 20 7b 72 63 34 BadSSL-1.38 {rc4
17a0: 2d 6d 64 35 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 -md5} -body {..b
17b0: 61 64 73 73 6c 20 72 63 34 2d 6d 64 35 2e 62 61 adssl rc4-md5.ba
17c0: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
17d0: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
17e0: 65 20 66 61 69 6c 65 64 3a 20 73 73 6c 2f 74 6c e failed: ssl/tl
17f0: 73 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61 6b s alert handshak
1800: 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74 75 e failure} -retu
1810: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 rnCodes {1}..tes
1820: 74 20 42 61 64 53 53 4c 2d 31 2e 33 39 20 7b 72 t BadSSL-1.39 {r
1830: 63 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 c4} -body {..bad
1840: 73 73 6c 20 72 63 34 2e 62 61 64 73 73 6c 2e 63 ssl rc4.badssl.c
1850: 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 om. } -result
1860: 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c {handshake fail
1870: 65 64 3a 20 73 73 6c 2f 74 6c 73 20 61 6c 65 72 ed: ssl/tls aler
1880: 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c t handshake fail
1890: 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 ure} -returnCode
18a0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 s {1}..test BadS
18b0: 53 4c 2d 31 2e 34 30 20 7b 72 65 76 6f 6b 65 64 SL-1.40 {revoked
18c0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
18d0: 6c 20 72 65 76 6f 6b 65 64 2e 62 61 64 73 73 6c l revoked.badssl
18e0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
18f0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
1900: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
1910: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
1920: 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 due to "certific
1930: 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 ate has expired"
1940: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b } -returnCodes {
1950: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 1}..test BadSSL-
1960: 31 2e 34 31 20 7b 72 73 61 32 30 34 38 7d 20 2d 1.41 {rsa2048} -
1970: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 body {..badssl r
1980: 73 61 32 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f sa2048.badssl.co
1990: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 m. }..test Ba
19a0: 64 53 53 4c 2d 31 2e 34 32 20 7b 72 73 61 34 30 dSSL-1.42 {rsa40
19b0: 39 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 96} -body {..bad
19c0: 73 73 6c 20 72 73 61 34 30 39 36 2e 62 61 64 73 ssl rsa4096.bads
19d0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
19e0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 33 20 7b st BadSSL-1.43 {
19f0: 72 73 61 38 31 39 32 7d 20 2d 62 6f 64 79 20 7b rsa8192} -body {
1a00: 0a 09 62 61 64 73 73 6c 20 72 73 61 38 31 39 32 ..badssl rsa8192
1a10: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1a20: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1a30: 2e 34 34 20 7b 73 65 6c 66 2d 73 69 67 6e 65 64 .44 {self-signed
1a40: 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b } -constraints {
1a50: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
1a60: 0a 09 62 61 64 73 73 6c 20 73 65 6c 66 2d 73 69 ..badssl self-si
1a70: 67 6e 65 64 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a gned.badssl.com.
1a80: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
1a90: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
1aa0: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
1ab0: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
1ac0: 6f 20 22 73 65 6c 66 20 73 69 67 6e 65 64 20 63 o "self signed c
1ad0: 65 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 ertificate"} -re
1ae0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
1af0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 35 20 est BadSSL-1.45
1b00: 7b 73 65 6c 66 2d 73 69 67 6e 65 64 7d 20 2d 63 {self-signed} -c
1b10: 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 77 5f onstraints {new_
1b20: 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 api} -body {..ba
1b30: 64 73 73 6c 20 73 65 6c 66 2d 73 69 67 6e 65 64 dssl self-signed
1b40: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1b50: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1b60: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1b70: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1b80: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 failed due to "s
1b90: 65 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 elf-signed certi
1ba0: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e ficate"} -return
1bb0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1bc0: 42 61 64 53 53 4c 2d 31 2e 34 36 20 7b 73 68 61 BadSSL-1.46 {sha
1bd0: 31 2d 32 30 31 36 7d 20 2d 62 6f 64 79 20 7b 0a 1-2016} -body {.
1be0: 09 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 .badssl sha1-201
1bf0: 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 6.badssl.com.
1c00: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 } -result {hand
1c10: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
1c20: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
1c30: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
1c40: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f unable to get lo
1c50: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 cal issuer certi
1c60: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e ficate"} -return
1c70: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 Codes {1}..test
1c80: 42 61 64 53 53 4c 2d 31 2e 34 37 20 7b 73 68 61 BadSSL-1.47 {sha
1c90: 31 2d 32 30 31 37 7d 20 2d 63 6f 6e 73 74 72 61 1-2017} -constra
1ca0: 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d ints {old_api} -
1cb0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1cc0: 68 61 31 2d 32 30 31 37 2e 62 61 64 73 73 6c 2e ha1-2017.badssl.
1cd0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
1ce0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
1cf0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
1d00: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
1d10: 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 ue to "certifica
1d20: 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d te has expired"}
1d30: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
1d40: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
1d50: 2e 34 38 20 7b 73 68 61 31 2d 32 30 31 37 7d 20 .48 {sha1-2017}
1d60: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 6e 65 -constraints {ne
1d70: 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 w_api} -body {..
1d80: 62 61 64 73 73 6c 20 73 68 61 31 2d 32 30 31 37 badssl sha1-2017
1d90: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1da0: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1db0: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1dc0: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1dd0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 43 failed due to "C
1de0: 41 20 73 69 67 6e 61 74 75 72 65 20 64 69 67 65 A signature dige
1df0: 73 74 20 61 6c 67 6f 72 69 74 68 6d 20 74 6f 6f st algorithm too
1e00: 20 77 65 61 6b 22 7d 20 2d 72 65 74 75 72 6e 43 weak"} -returnC
1e10: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
1e20: 61 64 53 53 4c 2d 31 2e 34 39 20 7b 73 68 61 31 adSSL-1.49 {sha1
1e30: 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 7d 20 2d -intermediate} -
1e40: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 body {..badssl s
1e50: 68 61 31 2d 69 6e 74 65 72 6d 65 64 69 61 74 65 ha1-intermediate
1e60: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 .badssl.com.
1e70: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 } -result {hands
1e80: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
1e90: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
1ea0: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 failed due to "u
1eb0: 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 nable to get loc
1ec0: 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 al issuer certif
1ed0: 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 icate"} -returnC
1ee0: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
1ef0: 61 64 53 53 4c 2d 31 2e 35 30 20 7b 73 68 61 32 adSSL-1.50 {sha2
1f00: 35 36 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 56} -body {..bad
1f10: 73 73 6c 20 73 68 61 32 35 36 2e 62 61 64 73 73 ssl sha256.badss
1f20: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 l.com. }..tes
1f30: 74 20 42 61 64 53 53 4c 2d 31 2e 35 31 20 7b 73 t BadSSL-1.51 {s
1f40: 68 61 33 38 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 ha384} -body {..
1f50: 62 61 64 73 73 6c 20 73 68 61 33 38 34 2e 62 61 badssl sha384.ba
1f60: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d dssl.com. } -
1f70: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b result {handshak
1f80: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 e failed: certif
1f90: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 icate verify fai
1fa0: 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 led due to "cert
1fb0: 69 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 ificate has expi
1fc0: 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 red"} -returnCod
1fd0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
1fe0: 53 53 4c 2d 31 2e 35 32 20 7b 73 68 61 35 31 32 SSL-1.52 {sha512
1ff0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 } -body {..badss
2000: 6c 20 73 68 61 35 31 32 2e 62 61 64 73 73 6c 2e l sha512.badssl.
2010: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
2020: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
2030: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
2040: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
2050: 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 ue to "certifica
2060: 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22 7d te has expired"}
2070: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 -returnCodes {1
2080: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 }..test BadSSL-1
2090: 2e 35 33 20 7b 73 74 61 74 69 63 2d 72 73 61 7d .53 {static-rsa}
20a0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
20b0: 20 73 74 61 74 69 63 2d 72 73 61 2e 62 61 64 73 static-rsa.bads
20c0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 sl.com. }..te
20d0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 34 20 7b st BadSSL-1.54 {
20e0: 73 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 subdomain.preloa
20f0: 64 65 64 2d 68 73 74 73 7d 20 2d 63 6f 6e 73 74 ded-hsts} -const
2100: 72 61 69 6e 74 73 20 7b 6f 6c 64 5f 61 70 69 7d raints {old_api}
2110: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
2120: 20 73 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f subdomain.prelo
2130: 61 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c aded-hsts.badssl
2140: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
2150: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
2160: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
2170: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
2180: 64 75 65 20 74 6f 20 22 48 6f 73 74 6e 61 6d 65 due to "Hostname
2190: 20 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 mismatch"} -ret
21a0: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
21b0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 35 20 7b st BadSSL-1.55 {
21c0: 73 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 subdomain.preloa
21d0: 64 65 64 2d 68 73 74 73 7d 20 2d 63 6f 6e 73 74 ded-hsts} -const
21e0: 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d raints {new_api}
21f0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
2200: 20 73 75 62 64 6f 6d 61 69 6e 2e 70 72 65 6c 6f subdomain.prelo
2210: 61 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c aded-hsts.badssl
2220: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
2230: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
2240: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
2250: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
2260: 64 75 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 due to "hostname
2270: 20 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 mismatch"} -ret
2280: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
2290: 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 36 20 7b st BadSSL-1.56 {
22a0: 73 75 70 65 72 66 69 73 68 7d 20 2d 62 6f 64 79 superfish} -body
22b0: 20 7b 0a 09 62 61 64 73 73 6c 20 73 75 70 65 72 {..badssl super
22c0: 66 69 73 68 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a fish.badssl.com.
22d0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 } -result {h
22e0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
22f0: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
2300: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
2310: 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 o "unable to get
2320: 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 local issuer ce
2330: 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 rtificate"} -ret
2340: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
2350: 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 37 20 7b st BadSSL-1.57 {
2360: 74 6c 73 2d 76 31 2d 30 3a 31 30 31 30 7d 20 2d tls-v1-0:1010} -
2370: 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c 73 constraints {tls
2380: 31 20 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 1 old_api} -body
2390: 20 7b 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 {..badssl tls-v
23a0: 31 2d 30 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 1-0.badssl.com:1
23b0: 30 31 30 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 010. }..test
23c0: 42 61 64 53 53 4c 2d 31 2e 35 38 20 7b 74 6c 73 BadSSL-1.58 {tls
23d0: 2d 76 31 2d 30 3a 31 30 31 30 7d 20 2d 63 6f 6e -v1-0:1010} -con
23e0: 73 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 20 6e straints {tls1 n
23f0: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ew_api} -body {.
2400: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30 .badssl tls-v1-0
2410: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30 .badssl.com:1010
2420: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
2430: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
2440: 3a 20 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 : unsupported pr
2450: 6f 74 6f 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 otocol} -returnC
2460: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
2470: 61 64 53 53 4c 2d 31 2e 35 39 20 7b 74 6c 73 2d adSSL-1.59 {tls-
2480: 76 31 2d 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 v1-1:1011} -cons
2490: 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 traints {tls1.1
24a0: 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b old_api} -body {
24b0: 0a 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d ..badssl tls-v1-
24c0: 31 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 1.badssl.com:101
24d0: 31 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 1. }..test Ba
24e0: 64 53 53 4c 2d 31 2e 36 30 20 7b 74 6c 73 2d 76 dSSL-1.60 {tls-v
24f0: 31 2d 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 1-1:1011} -const
2500: 72 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 20 6e raints {tls1.1 n
2510: 65 77 5f 61 70 69 7d 20 2d 62 6f 64 79 20 7b 0a ew_api} -body {.
2520: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 31 .badssl tls-v1-1
2530: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 31 .badssl.com:1011
2540: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
2550: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
2560: 3a 20 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 : unsupported pr
2570: 6f 74 6f 63 6f 6c 7d 20 2d 72 65 74 75 72 6e 43 otocol} -returnC
2580: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
2590: 61 64 53 53 4c 2d 31 2e 36 31 20 7b 74 6c 73 2d adSSL-1.61 {tls-
25a0: 76 31 2d 32 3a 31 30 31 32 7d 20 2d 63 6f 6e 73 v1-2:1012} -cons
25b0: 74 72 61 69 6e 74 73 20 7b 74 6c 73 31 2e 32 7d traints {tls1.2}
25c0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
25d0: 20 74 6c 73 2d 76 31 2d 32 2e 62 61 64 73 73 6c tls-v1-2.badssl
25e0: 2e 63 6f 6d 3a 31 30 31 32 0a 20 20 20 20 7d 0a .com:1012. }.
25f0: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 .test BadSSL-1.6
2600: 32 20 7b 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 2 {untrusted-roo
2610: 74 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 t} -constraints
2620: 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 20 {old_api} -body
2630: 7b 0a 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 {..badssl untrus
2640: 74 65 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e ted-root.badssl.
2650: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c com. } -resul
2660: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 t {handshake fai
2670: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 led: certificate
2680: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 verify failed d
2690: 75 65 20 74 6f 20 22 73 65 6c 66 20 73 69 67 6e ue to "self sign
26a0: 65 64 20 63 65 72 74 69 66 69 63 61 74 65 20 69 ed certificate i
26b0: 6e 20 63 65 72 74 69 66 69 63 61 74 65 20 63 68 n certificate ch
26c0: 61 69 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 ain"} -returnCod
26d0: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 es {1}..test Bad
26e0: 53 53 4c 2d 31 2e 36 33 20 7b 75 6e 74 72 75 73 SSL-1.63 {untrus
26f0: 74 65 64 2d 72 6f 6f 74 7d 20 2d 63 6f 6e 73 74 ted-root} -const
2700: 72 61 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d raints {new_api}
2710: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c -body {..badssl
2720: 20 75 6e 74 72 75 73 74 65 64 2d 72 6f 6f 74 2e untrusted-root.
2730: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d badssl.com. }
2740: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 -result {handsh
2750: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 ake failed: cert
2760: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 ificate verify f
2770: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 73 65 ailed due to "se
2780: 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 lf-signed certif
2790: 69 63 61 74 65 20 69 6e 20 63 65 72 74 69 66 69 icate in certifi
27a0: 63 61 74 65 20 63 68 61 69 6e 22 7d 20 2d 72 65 cate chain"} -re
27b0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 turnCodes {1}..t
27c0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 34 20 est BadSSL-1.64
27d0: 7b 75 70 67 72 61 64 65 7d 20 2d 62 6f 64 79 20 {upgrade} -body
27e0: 7b 0a 09 62 61 64 73 73 6c 20 75 70 67 72 61 64 {..badssl upgrad
27f0: 65 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 e.badssl.com.
2800: 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d }..test BadSSL-
2810: 31 2e 36 35 20 7b 77 65 62 70 61 63 6b 2d 64 65 1.65 {webpack-de
2820: 76 2d 73 65 72 76 65 72 7d 20 2d 62 6f 64 79 20 v-server} -body
2830: 7b 0a 09 62 61 64 73 73 6c 20 77 65 62 70 61 63 {..badssl webpac
2840: 6b 2d 64 65 76 2d 73 65 72 76 65 72 2e 62 61 64 k-dev-server.bad
2850: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 ssl.com. } -r
2860: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 esult {handshake
2870: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 failed: certifi
2880: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c cate verify fail
2890: 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c ed due to "unabl
28a0: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 e to get local i
28b0: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 ssuer certificat
28c0: 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 e"} -returnCodes
28d0: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 {1}..test BadSS
28e0: 4c 2d 31 2e 36 36 20 7b 77 72 6f 6e 67 2e 68 6f L-1.66 {wrong.ho
28f0: 73 74 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73 st} -constraints
2900: 20 7b 6f 6c 64 5f 61 70 69 7d 20 2d 62 6f 64 79 {old_api} -body
2910: 20 7b 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e 67 {..badssl wrong
2920: 2e 68 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d .host.badssl.com
2930: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b . } -result {
2940: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
2950: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 : certificate ve
2960: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 rify failed due
2970: 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73 to "Hostname mis
2980: 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43 match"} -returnC
2990: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 odes {1}..test B
29a0: 61 64 53 53 4c 2d 31 2e 36 37 20 7b 77 72 6f 6e adSSL-1.67 {wron
29b0: 67 2e 68 6f 73 74 7d 20 2d 63 6f 6e 73 74 72 61 g.host} -constra
29c0: 69 6e 74 73 20 7b 6e 65 77 5f 61 70 69 7d 20 2d ints {new_api} -
29d0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 77 body {..badssl w
29e0: 72 6f 6e 67 2e 68 6f 73 74 2e 62 61 64 73 73 6c rong.host.badssl
29f0: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 .com. } -resu
2a00: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 lt {handshake fa
2a10: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
2a20: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
2a30: 64 75 65 20 74 6f 20 22 68 6f 73 74 6e 61 6d 65 due to "hostname
2a40: 20 6d 69 73 6d 61 74 63 68 22 7d 20 2d 72 65 74 mismatch"} -ret
2a50: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 urnCodes {1}..te
2a60: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 38 20 7b st BadSSL-1.68 {
2a70: 6d 6f 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 7d 20 mozilla-modern}
2a80: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 -body {..badssl
2a90: 6d 6f 7a 69 6c 6c 61 2d 6d 6f 64 65 72 6e 2e 62 mozilla-modern.b
2aa0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a adssl.com. }.
2ab0: 0a 23 20 43 6c 65 61 6e 75 70 0a 3a 3a 74 63 6c .# Cleanup.::tcl
2ac0: 74 65 73 74 3a 3a 63 6c 65 61 6e 75 70 54 65 73 test::cleanupTes
2ad0: 74 73 0a 72 65 74 75 72 6e 0a ts.return.