summaryrefslogtreecommitdiffstats
path: root/tests/badssl.sh
blob: 552bc2c40dafe74968a32a9a2e5007e62f164413 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# Tests using Google's badssl.com Web service
#
# Copyright (C) 2019  Libiquity LLC
#
# This file is part of wolfssl-util.
#
# wolfssl-util is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# wolfssl-util is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with wolfssl-util.  If not, see <http://www.gnu.org/licenses/>.

set -eu

. "${TOP_SRCDIR}/tests/aux/tap-functions.sh"

do_test()
{
	local directive="${1}"
	local ok="${2}"
	local host="${3}"
	local port="${4}"
	shift 4
	local result=

	if ${ok} "${TOP_BUILDDIR}/wolfssl" s_client \
		-connect "${host}.badssl.com:${port}" \
		-servername "${host}.badssl.com" \
		<<-EOF
			GET / HTTP/1.1
			Host: ${host}.badssl.com:${port}
			Connection: close

			EOF
	then
		result='ok'
	else
		result='not ok'
	fi
	printf '\n'
	result_ "${result}" -D "${directive}" -- "${ok} ${host}"
}

plan_ 39

# Certificate

do_test  ''      'not'  'expired'                443
do_test  ''      'not'  'wrong.host'             443
do_test  ''      'not'  'self-signed'            443
do_test  ''      'not'  'untrusted-root'         443
do_test  ''      'not'  'revoked'                443

do_test  ''      '   '  'no-common-name'         443
do_test  ''      '   '  'no-subject'             443
do_test  ''      'not'  'incomplete-chain'       443

do_test  'TODO'  'not'  'sha1-intermediate'      443
do_test  ''      '   '  'sha256'                 443
do_test  ''      '   '  'sha384'                 443
do_test  ''      '   '  'sha512'                 443

do_test  ''      'not'  '1000-sans'              443
do_test  ''      'not'  '10000-sans'             443

do_test  ''      '   '  'ecc256'                 443
do_test  ''      '   '  'ecc384'                 443

do_test  ''      '   '  'rsa2048'                443
do_test  ''      '   '  'rsa4096'                443
do_test  ''      'not'  'rsa8192'                443

do_test  ''      '   '  'extended-validation'    443

# HTTP

do_test  ''      'not'  'http'                    80

# Cipher Suite

do_test  ''      'not'  'cbc'                    443
do_test  ''      'not'  'rc4-md5'                443
do_test  ''      'not'  'rc4'                    443
do_test  ''      'not'  '3des'                   443
do_test  ''      'not'  'null'                   443

do_test  'TODO'  'not'  'mozilla-old'            443
do_test  ''      '   '  'mozilla-intermediate'   443
do_test  ''      '   '  'mozilla-modern'         443

# Key Exchange

do_test  ''      'not'  'dh480'                  443
do_test  ''      'not'  'dh512'                  443
do_test  ''      'not'  'dh1024'                 443
do_test  ''      '   '  'dh2048'                 443

do_test  'TODO'  'not'  'dh-small-subgroup'      443
do_test  ''      'not'  'dh-compsite'            443

do_test  ''      'not'  'static-rsa'             443

# Protocol

do_test  ''      'not'  'tls-v1-0'              1010
do_test  ''      'not'  'tls-v1-1'              1011
do_test  ''      '   '  'tls-v1-2'              1012