tests/badssl.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

# Tests using Google's badssl.com Web service
#
# Copyright (C) 2019  Patrick McDermott
#
# This file is part of wolfssl-util.
#
# wolfssl-util is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# wolfssl-util is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with wolfssl-util.  If not, see <http://www.gnu.org/licenses/>.

set -eu

. "${TOP_SRCDIR}/tests/aux/tap-functions.sh"

do_test()
{
	local ok="${1}"
	local host="${2}"
	local port="${3}"
	shift 3

	command_ok_ "${host}" -- ${ok} "${TOP_BUILDDIR}/wolfssl-util" s_client \
		-connect "${host}.badssl.com:${port}" \
		-servername "${host}.badssl.com" \
		<<-EOF
			GET / HTTP/1.0

			EOF
}

plan_ 41

# Certificate

do_test  'not'  'expired'                443
do_test  'not'  'wrong.host'             443
do_test  'not'  'self-signed'            443
do_test  'not'  'untrusted-root'         443
do_test  'not'  'revoked'                443
do_test  'not'  'pinning-test'           443

do_test  'not'  'no-common-name'         443  # TODO: Should this pass?
do_test  'not'  'no-subject'             443  # TODO: Should this pass?
do_test  'not'  'incomplete-chain'       443

do_test  'not'  'sha1-intermediate'      443
do_test  ''     'sha256'                 443
do_test  ''     'sha384'                 443
do_test  ''     'sha512'                 443

do_test  ''     '1000-sans'              443
do_test  ''     '10000-sans'             443

do_test  ''     'ecc256'                 443
do_test  ''     'ecc384'                 443

do_test  ''     'rsa2048'                443
do_test  ''     'rsa4096'                443
do_test  ''     'rsa8192'                443

do_test  ''     'extended-validation'    443

# HTTP

do_test  'not'  'http'                    80

# Cipher Suite

do_test  ''     'cbc'                    443
do_test  'not'  'rc4-md5'                443
do_test  'not'  'rc4'                    443
do_test  'not'  '3des'                   443
do_test  'not'  'null'                   443

do_test  'not'  'mozilla-old'            443
do_test  'not'  'mozilla-intermediate'   443
do_test  'not'  'mozilla-modern'         443

# Key Exchange

do_test  'not'  'dh480'                  443
do_test  'not'  'dh512'                  443
do_test  ''     'dh1024'                 443
do_test  ''     'dh2048'                 443

do_test  'not'  'dh-small-subgroup'      443
do_test  'not'  'dh-compsite'            443

do_test  'not'  'static-rsa'             443

do_test  'not'  'invalid-expected-sct'   443

# Protocol

do_test  ''     'tls-v1-0'              1010
do_test  ''     'tls-v1-1'              1011
do_test  ''     'tls-v1-2'              1012