From 24529105db4a1b81796412067f138252fd48fb26 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Mon, 29 Jul 2019 21:08:37 -0400 Subject: tests/badssl.sh: New test script --- (limited to 'tests') diff --git a/tests/badssl.sh b/tests/badssl.sh new file mode 100755 index 0000000..213f876 --- /dev/null +++ b/tests/badssl.sh @@ -0,0 +1,106 @@ +# Tests using Google's badssl.com Web service +# +# Copyright (C) 2019 Patrick McDermott +# +# This file is part of wolfssl-util. +# +# wolfssl-util is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# wolfssl-util is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with wolfssl-util. If not, see . + +set -eu + +. "${TOP_SRCDIR}/tests/aux/tap-functions.sh" + +do_test() +{ + local ok="${1}" + local host="${2}" + local port="${3}" + shift 3 + + command_ok_ "${host}" -- ${ok} "${TOP_BUILDDIR}/wolfssl-util" s_client \ + -connect "${host}.badssl.com:${port}" \ + -servername "${host}.badssl.com" \ + <<-EOF + GET / HTTP/1.0 + + EOF +} + +plan_ 41 + +# Certificate + +do_test 'not' 'expired' 443 +do_test 'not' 'wrong.host' 443 +do_test 'not' 'self-signed' 443 +do_test 'not' 'untrusted-root' 443 +do_test 'not' 'revoked' 443 +do_test 'not' 'pinning-test' 443 + +do_test 'not' 'no-common-name' 443 # TODO: Should this pass? +do_test 'not' 'no-subject' 443 # TODO: Should this pass? +do_test 'not' 'incomplete-chain' 443 + +do_test 'not' 'sha1-intermediate' 443 +do_test '' 'sha256' 443 +do_test '' 'sha384' 443 +do_test '' 'sha512' 443 + +do_test '' '1000-sans' 443 +do_test '' '10000-sans' 443 + +do_test '' 'ecc256' 443 +do_test '' 'ecc384' 443 + +do_test '' 'rsa2048' 443 +do_test '' 'rsa4096' 443 +do_test '' 'rsa8192' 443 + +do_test '' 'extended-validation' 443 + +# HTTP + +do_test 'not' 'http' 80 + +# Cipher Suite + +do_test '' 'cbc' 443 +do_test 'not' 'rc4-md5' 443 +do_test 'not' 'rc4' 443 +do_test 'not' '3des' 443 +do_test 'not' 'null' 443 + +do_test 'not' 'mozilla-old' 443 +do_test 'not' 'mozilla-intermediate' 443 +do_test 'not' 'mozilla-modern' 443 + +# Key Exchange + +do_test 'not' 'dh480' 443 +do_test 'not' 'dh512' 443 +do_test '' 'dh1024' 443 +do_test '' 'dh2048' 443 + +do_test 'not' 'dh-small-subgroup' 443 +do_test 'not' 'dh-compsite' 443 + +do_test 'not' 'static-rsa' 443 + +do_test 'not' 'invalid-expected-sct' 443 + +# Protocol + +do_test '' 'tls-v1-0' 1010 +do_test '' 'tls-v1-1' 1011 +do_test '' 'tls-v1-2' 1012 diff --git a/tests/local.mk b/tests/local.mk index 2895de2..6d7980c 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -1,4 +1,5 @@ -TESTS = +TESTS = \ + %reldir%/badssl.sh TEST_EXTENSIONS = .sh SH_LOG_DRIVER = \ AM_TAP_AWK='$(AWK)' \ -- cgit v0.9.1