Check-in [1266832b43]
Overview
Comment:More badssl test case updates for OpenSSL 3 message changes
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 1266832b43e6f2d50a63d7905e4ad52ce8ef97b1525fdd064f254e0a76735896
User & Date: bohagan on 2024-02-28 02:40:26
Other Links: manifest | tags
Context
2024-02-28
02:55
More README file updates to remove old options and add more path info check-in: a72acac266 user: bohagan tags: trunk
02:40
More badssl test case updates for OpenSSL 3 message changes check-in: 1266832b43 user: bohagan tags: trunk
2024-02-27
05:05
Removed unneeded initialize dstrings. check-in: 6ffc298e51 user: bohagan tags: trunk
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13

14
15
16
17
18
19
20
21
22
23
24


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

45
46
47
48
49


50
51
52
53
54
55
56
1
2
3
4
5
6
7
8
9
10
11
12

13
14
15
16
17
18
19
20
21
22
23

24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

45
46
47
48


49
50
51
52
53
54
55
56
57












-
+










-
+
+



















-
+



-
-
+
+







# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
,,,,,,,,,,
command,# Constraints,,,,,,,,,
command,source [file join [file dirname [info script]] common.tcl],,,,,,,,,
,,,,,,,,,,
command,# Helper functions,,,,,,,,,
command,"proc badssl {url} {set port 443;lassign [split $url "":""] url port;if {$port eq """"} {set port 443};set cmd [list tls::socket -autoservername 1 -require 1];if {[info exists ::env(SSL_CERT_FILE)]} {lappend cmd -cafile $::env(SSL_CERT_FILE)};lappend cmd $url $port;set ch [eval $cmd];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}",,,,,,,,,
,,,,,,,,,,
command,# BadSSL.com Tests,,,,,,,,,
BadSSL,1000-sans,,,badssl 1000-sans.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1
BadSSL,10000-sans,,,badssl 10000-sans.badssl.com,,,handshake failed: excessive message size,,,1
BadSSL,3des,,,badssl 3des.badssl.com,,,handshake failed: sslv3 alert handshake failure,,,1
BadSSL,3des,,,badssl 3des.badssl.com,,glob,handshake failed: * alert handshake failure,,,1
BadSSL,captive-portal,old_api,,badssl captive-portal.badssl.com,,,"handshake failed: certificate verify failed due to ""Hostname mismatch""",,,1
BadSSL,captive-portal,new_api,,badssl captive-portal.badssl.com,,,"handshake failed: certificate verify failed due to ""hostname mismatch""",,,1
BadSSL,cbc,,,badssl cbc.badssl.com,,,,,,
BadSSL,client-cert-missing,,,badssl client-cert-missing.badssl.com,,,,,,
BadSSL,client,,,badssl client.badssl.com,,,,,,
BadSSL,dh-composite,old_api,,badssl dh-composite.badssl.com,,,,,,
BadSSL,dh-composite,new_api,,badssl dh-composite.badssl.com,,,handshake failed: dh key too small,,,1
BadSSL,dh-small-subgroup,,,badssl dh-small-subgroup.badssl.com,,,,,,
BadSSL,dh480,old_api,,badssl dh480.badssl.com,,,handshake failed: dh key too small,,,1
BadSSL,dh480,new_api,,badssl dh480.badssl.com,,,handshake failed: modulus too small,,,1
BadSSL,dh512,,,badssl dh512.badssl.com,,,handshake failed: dh key too small,,,1
BadSSL,dh512,old_api,,badssl dh512.badssl.com,,,handshake failed: dh key too small,,,1
BadSSL,dh512,mac,,badssl dh512.badssl.com,,,handshake failed: unknown security bits,,,1
BadSSL,dh1024,old_api,,badssl dh1024.badssl.com,,,,,,
BadSSL,dh1024,new_api,,badssl dh1024.badssl.com,,,handshake failed: dh key too small,,,1
BadSSL,dh2048,,,badssl dh2048.badssl.com,,,,,,
BadSSL,dsdtestprovider,,,badssl dsdtestprovider.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,ecc256,,,badssl ecc256.badssl.com,,,,,,
BadSSL,ecc384,,,badssl ecc384.badssl.com,,,,,,
BadSSL,edellroot,,,badssl edellroot.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,expired,,,badssl expired.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1
BadSSL,extended-validation,,,badssl extended-validation.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1
BadSSL,hsts,,,badssl hsts.badssl.com,,,,,,
BadSSL,https-everywhere,,,badssl https-everywhere.badssl.com,,,,,,
BadSSL,incomplete-chain,,,badssl incomplete-chain.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,invalid-expected-sct,,,badssl invalid-expected-sct.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,long-extended-subdomain-name-containing-many-letters-and-dashes,,,badssl long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com,,,,,,
BadSSL,longextendedsubdomainnamewithoutdashesinordertotestwordwrapping,,,badssl longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com,,,,,,
BadSSL,mitm-software,,,badssl mitm-software.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,no-common-name,,,badssl no-common-name.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1
BadSSL,no-sct,,,badssl no-sct.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,no-subject,,,badssl no-subject.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1
BadSSL,null,,,badssl null.badssl.com,,,handshake failed: sslv3 alert handshake failure,,,1
BadSSL,null,,,badssl null.badssl.com,,glob,handshake failed: * alert handshake failure,,,1
BadSSL,pinning-test,,,badssl pinning-test.badssl.com,,,,,,
BadSSL,preact-cli,,,badssl preact-cli.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
BadSSL,preloaded-hsts,,,badssl preloaded-hsts.badssl.com,,,,,,
BadSSL,rc4-md5,,,badssl rc4-md5.badssl.com,,,handshake failed: sslv3 alert handshake failure,,,1
BadSSL,rc4,,,badssl rc4.badssl.com,,,handshake failed: sslv3 alert handshake failure,,,1
BadSSL,rc4-md5,,,badssl rc4-md5.badssl.com,,glob,handshake failed: * alert handshake failure,,,1
BadSSL,rc4,,,badssl rc4.badssl.com,,glob,handshake failed: * alert handshake failure,,,1
BadSSL,revoked,,,badssl revoked.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1
BadSSL,rsa2048,,,badssl rsa2048.badssl.com,,,,,,
BadSSL,rsa4096,,,badssl rsa4096.badssl.com,,,,,,
BadSSL,rsa8192,,,badssl rsa8192.badssl.com,,,,,,
BadSSL,self-signed,old_api,,badssl self-signed.badssl.com,,,"handshake failed: certificate verify failed due to ""self signed certificate""",,,1
BadSSL,self-signed,new_api,,badssl self-signed.badssl.com,,,"handshake failed: certificate verify failed due to ""self-signed certificate""",,,1
BadSSL,sha1-2016,,,badssl sha1-2016.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

33
34
35
36
37
38
39
1
2
3
4
5
6
7
8
9
10
11

12
13

14
15

16
17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33
34
35
36











-


-


-













-
+







# Auto generated test cases for badssl.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}

set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]

package require tls

# Constraints
source [file join [file dirname [info script]] common.tcl]

# Helper functions
proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set cmd [list tls::socket -autoservername 1 -require 1];if {[info exists ::env(SSL_CERT_FILE)]} {lappend cmd -cafile $::env(SSL_CERT_FILE)};lappend cmd $url $port;set ch [eval $cmd];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}

# BadSSL.com Tests


test BadSSL-1.1 {1000-sans} -body {
	badssl 1000-sans.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.2 {10000-sans} -body {
	badssl 10000-sans.badssl.com
    } -result {handshake failed: excessive message size} -returnCodes {1}

test BadSSL-1.3 {3des} -body {
	badssl 3des.badssl.com
    } -result {handshake failed: sslv3 alert handshake failure} -returnCodes {1}
    } -match {glob} -result {handshake failed: * alert handshake failure} -returnCodes {1}

test BadSSL-1.4 {captive-portal} -constraints {old_api} -body {
	badssl captive-portal.badssl.com
    } -result {handshake failed: certificate verify failed due to "Hostname mismatch"} -returnCodes {1}

test BadSSL-1.5 {captive-portal} -constraints {new_api} -body {
	badssl captive-portal.badssl.com
67
68
69
70
71
72
73
74

75
76
77




78

79
80
81
82

83
84
85
86

87
88
89
90

91
92
93
94

95
96
97
98

99
100
101
102

103
104
105
106

107
108
109
110

111
112
113
114

115
116
117
118

119
120
121
122

123
124
125
126

127
128
129
130

131
132
133
134

135
136
137
138

139
140
141
142

143
144
145
146

147
148
149
150

151
152
153
154

155
156

157
158

159
160
161
162

163
164
165
166

167
168
169
170

171
172

173
174

175
176

177
178

179
180
181
182

183
184
185
186

187
188
189
190

191
192
193
194

195
196
197
198

199
200
201
202

203
204
205
206

207
208
209
210

211
212
213
214

215
216
217
218

219
220
221
222

223
224
225
226

227
228
229
230

231
232
233
234

235
236
237
238

239
240
241
242

243
244
245
246

247
248
249
250

251
252
253
254

255
256
257
258

259
260
261
262

263
264
265
266

267
268
269
270

271
272
273
274

275
276
277
278

279
280
281
282

283
284
285
286

287
288
289
290

291
292
293
294
295
296
64
65
66
67
68
69
70

71
72
73
74
75
76
77
78

79
80
81
82

83
84
85
86

87
88
89
90

91
92
93
94

95
96
97
98

99
100
101
102

103
104
105
106

107
108
109
110

111
112
113
114

115
116
117
118

119
120
121
122

123
124
125
126

127
128
129
130

131
132
133
134

135
136
137
138

139
140
141
142

143
144
145
146

147
148
149
150

151
152
153
154

155
156

157
158

159
160
161
162

163
164
165
166

167
168
169
170

171
172

173
174

175
176

177
178

179
180
181
182

183
184
185
186

187
188
189
190

191
192
193
194

195
196
197
198

199
200
201
202

203
204
205
206

207
208
209
210

211
212
213
214

215
216
217
218

219
220
221
222

223
224
225
226

227
228
229
230

231
232
233
234

235
236
237
238

239
240
241
242

243
244
245
246

247
248
249
250

251
252
253
254

255
256
257
258

259
260
261
262

263
264
265
266

267
268
269
270

271
272
273
274

275
276
277
278

279
280
281
282

283
284
285
286

287
288
289
290

291
292
293
294
295
296
297







-
+



+
+
+
+
-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+

-
+

-
+



-
+



-
+



-
+

-
+

-
+

-
+

-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+



-
+






	badssl dh480.badssl.com
    } -result {handshake failed: dh key too small} -returnCodes {1}

test BadSSL-1.13 {dh480} -constraints {new_api} -body {
	badssl dh480.badssl.com
    } -result {handshake failed: modulus too small} -returnCodes {1}

test BadSSL-1.14 {dh512} -body {
test BadSSL-1.14 {dh512} -constraints {old_api} -body {
	badssl dh512.badssl.com
    } -result {handshake failed: dh key too small} -returnCodes {1}

test BadSSL-1.15 {dh512} -constraints {mac} -body {
	badssl dh512.badssl.com
    } -result {handshake failed: unknown security bits} -returnCodes {1}

test BadSSL-1.15 {dh1024} -constraints {old_api} -body {
test BadSSL-1.16 {dh1024} -constraints {old_api} -body {
	badssl dh1024.badssl.com
    }

test BadSSL-1.16 {dh1024} -constraints {new_api} -body {
test BadSSL-1.17 {dh1024} -constraints {new_api} -body {
	badssl dh1024.badssl.com
    } -result {handshake failed: dh key too small} -returnCodes {1}

test BadSSL-1.17 {dh2048} -body {
test BadSSL-1.18 {dh2048} -body {
	badssl dh2048.badssl.com
    }

test BadSSL-1.18 {dsdtestprovider} -body {
test BadSSL-1.19 {dsdtestprovider} -body {
	badssl dsdtestprovider.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.19 {ecc256} -body {
test BadSSL-1.20 {ecc256} -body {
	badssl ecc256.badssl.com
    }

test BadSSL-1.20 {ecc384} -body {
test BadSSL-1.21 {ecc384} -body {
	badssl ecc384.badssl.com
    }

test BadSSL-1.21 {edellroot} -body {
test BadSSL-1.22 {edellroot} -body {
	badssl edellroot.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.22 {expired} -body {
test BadSSL-1.23 {expired} -body {
	badssl expired.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.23 {extended-validation} -body {
test BadSSL-1.24 {extended-validation} -body {
	badssl extended-validation.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.24 {hsts} -body {
test BadSSL-1.25 {hsts} -body {
	badssl hsts.badssl.com
    }

test BadSSL-1.25 {https-everywhere} -body {
test BadSSL-1.26 {https-everywhere} -body {
	badssl https-everywhere.badssl.com
    }

test BadSSL-1.26 {incomplete-chain} -body {
test BadSSL-1.27 {incomplete-chain} -body {
	badssl incomplete-chain.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.27 {invalid-expected-sct} -body {
test BadSSL-1.28 {invalid-expected-sct} -body {
	badssl invalid-expected-sct.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.28 {long-extended-subdomain-name-containing-many-letters-and-dashes} -body {
test BadSSL-1.29 {long-extended-subdomain-name-containing-many-letters-and-dashes} -body {
	badssl long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com
    }

test BadSSL-1.29 {longextendedsubdomainnamewithoutdashesinordertotestwordwrapping} -body {
test BadSSL-1.30 {longextendedsubdomainnamewithoutdashesinordertotestwordwrapping} -body {
	badssl longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com
    }

test BadSSL-1.30 {mitm-software} -body {
test BadSSL-1.31 {mitm-software} -body {
	badssl mitm-software.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.31 {no-common-name} -body {
test BadSSL-1.32 {no-common-name} -body {
	badssl no-common-name.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.32 {no-sct} -body {
test BadSSL-1.33 {no-sct} -body {
	badssl no-sct.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.33 {no-subject} -body {
test BadSSL-1.34 {no-subject} -body {
	badssl no-subject.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.34 {null} -body {
test BadSSL-1.35 {null} -body {
	badssl null.badssl.com
    } -result {handshake failed: sslv3 alert handshake failure} -returnCodes {1}
    } -match {glob} -result {handshake failed: * alert handshake failure} -returnCodes {1}

test BadSSL-1.35 {pinning-test} -body {
test BadSSL-1.36 {pinning-test} -body {
	badssl pinning-test.badssl.com
    }

test BadSSL-1.36 {preact-cli} -body {
test BadSSL-1.37 {preact-cli} -body {
	badssl preact-cli.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.37 {preloaded-hsts} -body {
test BadSSL-1.38 {preloaded-hsts} -body {
	badssl preloaded-hsts.badssl.com
    }

test BadSSL-1.38 {rc4-md5} -body {
test BadSSL-1.39 {rc4-md5} -body {
	badssl rc4-md5.badssl.com
    } -result {handshake failed: sslv3 alert handshake failure} -returnCodes {1}
    } -match {glob} -result {handshake failed: * alert handshake failure} -returnCodes {1}

test BadSSL-1.39 {rc4} -body {
test BadSSL-1.40 {rc4} -body {
	badssl rc4.badssl.com
    } -result {handshake failed: sslv3 alert handshake failure} -returnCodes {1}
    } -match {glob} -result {handshake failed: * alert handshake failure} -returnCodes {1}

test BadSSL-1.40 {revoked} -body {
test BadSSL-1.41 {revoked} -body {
	badssl revoked.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.41 {rsa2048} -body {
test BadSSL-1.42 {rsa2048} -body {
	badssl rsa2048.badssl.com
    }

test BadSSL-1.42 {rsa4096} -body {
test BadSSL-1.43 {rsa4096} -body {
	badssl rsa4096.badssl.com
    }

test BadSSL-1.43 {rsa8192} -body {
test BadSSL-1.44 {rsa8192} -body {
	badssl rsa8192.badssl.com
    }

test BadSSL-1.44 {self-signed} -constraints {old_api} -body {
test BadSSL-1.45 {self-signed} -constraints {old_api} -body {
	badssl self-signed.badssl.com
    } -result {handshake failed: certificate verify failed due to "self signed certificate"} -returnCodes {1}

test BadSSL-1.45 {self-signed} -constraints {new_api} -body {
test BadSSL-1.46 {self-signed} -constraints {new_api} -body {
	badssl self-signed.badssl.com
    } -result {handshake failed: certificate verify failed due to "self-signed certificate"} -returnCodes {1}

test BadSSL-1.46 {sha1-2016} -body {
test BadSSL-1.47 {sha1-2016} -body {
	badssl sha1-2016.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.47 {sha1-2017} -constraints {old_api} -body {
test BadSSL-1.48 {sha1-2017} -constraints {old_api} -body {
	badssl sha1-2017.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.48 {sha1-2017} -constraints {new_api} -body {
test BadSSL-1.49 {sha1-2017} -constraints {new_api} -body {
	badssl sha1-2017.badssl.com
    } -result {handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"} -returnCodes {1}

test BadSSL-1.49 {sha1-intermediate} -body {
test BadSSL-1.50 {sha1-intermediate} -body {
	badssl sha1-intermediate.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.50 {sha256} -body {
test BadSSL-1.51 {sha256} -body {
	badssl sha256.badssl.com
    }

test BadSSL-1.51 {sha384} -body {
test BadSSL-1.52 {sha384} -body {
	badssl sha384.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.52 {sha512} -body {
test BadSSL-1.53 {sha512} -body {
	badssl sha512.badssl.com
    } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}

test BadSSL-1.53 {static-rsa} -body {
test BadSSL-1.54 {static-rsa} -body {
	badssl static-rsa.badssl.com
    }

test BadSSL-1.54 {subdomain.preloaded-hsts} -constraints {old_api} -body {
test BadSSL-1.55 {subdomain.preloaded-hsts} -constraints {old_api} -body {
	badssl subdomain.preloaded-hsts.badssl.com
    } -result {handshake failed: certificate verify failed due to "Hostname mismatch"} -returnCodes {1}

test BadSSL-1.55 {subdomain.preloaded-hsts} -constraints {new_api} -body {
test BadSSL-1.56 {subdomain.preloaded-hsts} -constraints {new_api} -body {
	badssl subdomain.preloaded-hsts.badssl.com
    } -result {handshake failed: certificate verify failed due to "hostname mismatch"} -returnCodes {1}

test BadSSL-1.56 {superfish} -body {
test BadSSL-1.57 {superfish} -body {
	badssl superfish.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.57 {tls-v1-0:1010} -constraints {tls1 old_api} -body {
test BadSSL-1.58 {tls-v1-0:1010} -constraints {tls1 old_api} -body {
	badssl tls-v1-0.badssl.com:1010
    }

test BadSSL-1.58 {tls-v1-0:1010} -constraints {tls1 new_api} -body {
test BadSSL-1.59 {tls-v1-0:1010} -constraints {tls1 new_api} -body {
	badssl tls-v1-0.badssl.com:1010
    } -result {handshake failed: unsupported protocol} -returnCodes {1}

test BadSSL-1.59 {tls-v1-1:1011} -constraints {tls1.1 old_api} -body {
test BadSSL-1.60 {tls-v1-1:1011} -constraints {tls1.1 old_api} -body {
	badssl tls-v1-1.badssl.com:1011
    }

test BadSSL-1.60 {tls-v1-1:1011} -constraints {tls1.1 new_api} -body {
test BadSSL-1.61 {tls-v1-1:1011} -constraints {tls1.1 new_api} -body {
	badssl tls-v1-1.badssl.com:1011
    } -result {handshake failed: unsupported protocol} -returnCodes {1}

test BadSSL-1.61 {tls-v1-2:1012} -constraints {tls1.2} -body {
test BadSSL-1.62 {tls-v1-2:1012} -constraints {tls1.2} -body {
	badssl tls-v1-2.badssl.com:1012
    }

test BadSSL-1.62 {untrusted-root} -constraints {old_api} -body {
test BadSSL-1.63 {untrusted-root} -constraints {old_api} -body {
	badssl untrusted-root.badssl.com
    } -result {handshake failed: certificate verify failed due to "self signed certificate in certificate chain"} -returnCodes {1}

test BadSSL-1.63 {untrusted-root} -constraints {new_api} -body {
test BadSSL-1.64 {untrusted-root} -constraints {new_api} -body {
	badssl untrusted-root.badssl.com
    } -result {handshake failed: certificate verify failed due to "self-signed certificate in certificate chain"} -returnCodes {1}

test BadSSL-1.64 {upgrade} -body {
test BadSSL-1.65 {upgrade} -body {
	badssl upgrade.badssl.com
    }

test BadSSL-1.65 {webpack-dev-server} -body {
test BadSSL-1.66 {webpack-dev-server} -body {
	badssl webpack-dev-server.badssl.com
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test BadSSL-1.66 {wrong.host} -constraints {old_api} -body {
test BadSSL-1.67 {wrong.host} -constraints {old_api} -body {
	badssl wrong.host.badssl.com
    } -result {handshake failed: certificate verify failed due to "Hostname mismatch"} -returnCodes {1}

test BadSSL-1.67 {wrong.host} -constraints {new_api} -body {
test BadSSL-1.68 {wrong.host} -constraints {new_api} -body {
	badssl wrong.host.badssl.com
    } -result {handshake failed: certificate verify failed due to "hostname mismatch"} -returnCodes {1}

test BadSSL-1.68 {mozilla-modern} -body {
test BadSSL-1.69 {mozilla-modern} -body {
	badssl mozilla-modern.badssl.com
    }

# Cleanup
::tcltest::cleanupTests
return
1

2
3
4
5
6
7
8

1
2
3
4
5
6
7
8
-
+







# Auto generated test cases for ciphers_and_protocols.csv
# Auto generated test cases for ciphers.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}