summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorPatrick McDermott <patrick.mcdermott@libiquity.com>2019-07-29 21:08:37 (EDT)
committer Patrick McDermott <patrick.mcdermott@libiquity.com>2019-07-29 21:08:37 (EDT)
commit24529105db4a1b81796412067f138252fd48fb26 (patch)
treebbf2c9ee395f621f14a2869b6d04913693add81f /tests
parent9149f124b44918159541ed268bc1a0c58e52c236 (diff)
tests/badssl.sh: New test script
Diffstat (limited to 'tests')
-rwxr-xr-xtests/badssl.sh106
-rw-r--r--tests/local.mk3
2 files changed, 108 insertions, 1 deletions
diff --git a/tests/badssl.sh b/tests/badssl.sh
new file mode 100755
index 0000000..213f876
--- /dev/null
+++ b/tests/badssl.sh
@@ -0,0 +1,106 @@
+# Tests using Google's badssl.com Web service
+#
+# Copyright (C) 2019 Patrick McDermott
+#
+# This file is part of wolfssl-util.
+#
+# wolfssl-util is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfssl-util is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfssl-util. If not, see <http://www.gnu.org/licenses/>.
+
+set -eu
+
+. "${TOP_SRCDIR}/tests/aux/tap-functions.sh"
+
+do_test()
+{
+ local ok="${1}"
+ local host="${2}"
+ local port="${3}"
+ shift 3
+
+ command_ok_ "${host}" -- ${ok} "${TOP_BUILDDIR}/wolfssl-util" s_client \
+ -connect "${host}.badssl.com:${port}" \
+ -servername "${host}.badssl.com" \
+ <<-EOF
+ GET / HTTP/1.0
+
+ EOF
+}
+
+plan_ 41
+
+# Certificate
+
+do_test 'not' 'expired' 443
+do_test 'not' 'wrong.host' 443
+do_test 'not' 'self-signed' 443
+do_test 'not' 'untrusted-root' 443
+do_test 'not' 'revoked' 443
+do_test 'not' 'pinning-test' 443
+
+do_test 'not' 'no-common-name' 443 # TODO: Should this pass?
+do_test 'not' 'no-subject' 443 # TODO: Should this pass?
+do_test 'not' 'incomplete-chain' 443
+
+do_test 'not' 'sha1-intermediate' 443
+do_test '' 'sha256' 443
+do_test '' 'sha384' 443
+do_test '' 'sha512' 443
+
+do_test '' '1000-sans' 443
+do_test '' '10000-sans' 443
+
+do_test '' 'ecc256' 443
+do_test '' 'ecc384' 443
+
+do_test '' 'rsa2048' 443
+do_test '' 'rsa4096' 443
+do_test '' 'rsa8192' 443
+
+do_test '' 'extended-validation' 443
+
+# HTTP
+
+do_test 'not' 'http' 80
+
+# Cipher Suite
+
+do_test '' 'cbc' 443
+do_test 'not' 'rc4-md5' 443
+do_test 'not' 'rc4' 443
+do_test 'not' '3des' 443
+do_test 'not' 'null' 443
+
+do_test 'not' 'mozilla-old' 443
+do_test 'not' 'mozilla-intermediate' 443
+do_test 'not' 'mozilla-modern' 443
+
+# Key Exchange
+
+do_test 'not' 'dh480' 443
+do_test 'not' 'dh512' 443
+do_test '' 'dh1024' 443
+do_test '' 'dh2048' 443
+
+do_test 'not' 'dh-small-subgroup' 443
+do_test 'not' 'dh-compsite' 443
+
+do_test 'not' 'static-rsa' 443
+
+do_test 'not' 'invalid-expected-sct' 443
+
+# Protocol
+
+do_test '' 'tls-v1-0' 1010
+do_test '' 'tls-v1-1' 1011
+do_test '' 'tls-v1-2' 1012
diff --git a/tests/local.mk b/tests/local.mk
index 2895de2..6d7980c 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -1,4 +1,5 @@
-TESTS =
+TESTS = \
+ %reldir%/badssl.sh
TEST_EXTENSIONS = .sh
SH_LOG_DRIVER = \
AM_TAP_AWK='$(AWK)' \