blob: 90e1795d08b3133072ae175252b48b82a6a93b6f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# Tests using Google's badssl.com Web service
#
# Copyright (C) 2019 Libiquity LLC
#
# This file is part of wolfutil.
#
# wolfutil is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# wolfutil is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with wolfutil. If not, see <http://www.gnu.org/licenses/>.
set -eu
. "${TOP_SRCDIR}/tests/aux/tap-functions.sh"
do_test()
{
local directive="${1}"
local ok="${2}"
local host="${3}"
local port="${4}"
shift 4
local out=
local result=
if out="$(${ok} "${TOP_BUILDDIR}/wolfutil" s_client \
-connect "${host}.badssl.com:${port}" \
-servername "${host}.badssl.com" 2>&1 \
<<-EOF
GET / HTTP/1.1
Host: ${host}.badssl.com:${port}
Connection: close
EOF
)"
then
result='ok'
else
result='not ok'
fi
printf '%s\n' "${out}" | sed 's/^/ | /'
result_ "${result}" -D "${directive}" -- "${ok} ${host}"
}
plan_ 38
# Certificate
do_test '' 'not' 'expired' 443
do_test '' 'not' 'wrong.host' 443
do_test '' 'not' 'self-signed' 443
do_test '' 'not' 'untrusted-root' 443
do_test '' 'not' 'revoked' 443
do_test 'TODO' ' ' 'no-common-name' 443
diag_ 'no-common-name fails since 2020-06-23 due to an expired certificate:'
diag_ 'https://github.com/chromium/badssl.com/issues/447'
do_test 'TODO' ' ' 'no-subject' 443
diag_ 'no-subject fails since 2020-06-23 due to an expired certificate:'
diag_ 'https://github.com/chromium/badssl.com/issues/447'
do_test '' 'not' 'incomplete-chain' 443
do_test '' ' ' 'sha256' 443
do_test '' ' ' 'sha384' 443
do_test '' ' ' 'sha512' 443
do_test '' 'not' '1000-sans' 443
do_test '' 'not' '10000-sans' 443
do_test '' ' ' 'ecc256' 443
do_test '' ' ' 'ecc384' 443
do_test '' ' ' 'rsa2048' 443
do_test '' ' ' 'rsa4096' 443
do_test '' 'not' 'rsa8192' 443
do_test '' ' ' 'extended-validation' 443
# HTTP
do_test '' 'not' 'http' 80
# Cipher Suite
do_test '' 'not' 'cbc' 443
do_test '' 'not' 'rc4-md5' 443
do_test '' 'not' 'rc4' 443
do_test '' 'not' '3des' 443
do_test '' 'not' 'null' 443
do_test 'TODO' 'not' 'mozilla-old' 443
do_test '' ' ' 'mozilla-intermediate' 443
do_test '' ' ' 'mozilla-modern' 443
# Key Exchange
do_test '' 'not' 'dh480' 443
do_test '' 'not' 'dh512' 443
do_test '' 'not' 'dh1024' 443
do_test '' ' ' 'dh2048' 443
do_test 'TODO' 'not' 'dh-small-subgroup' 443
do_test '' 'not' 'dh-compsite' 443
do_test '' 'not' 'static-rsa' 443
# Protocol
do_test '' 'not' 'tls-v1-0' 1010
do_test '' 'not' 'tls-v1-1' 1011
do_test '' ' ' 'tls-v1-2' 1012
|
