1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
+
+
+
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
|
# Auto generated test cases for badssl.csv
# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
package require tcltest
namespace import ::tcltest::*
}
set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]
package require tls
# Constraints
source [file join [file dirname [info script]] common.tcl]
# Helper functions
proc badssl {url} {
set port 443
lassign [split $url ":"] url port
if {$port eq ""} {
set port 443
}
proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set cmd [list tls::socket -autoservername 1 -require 1];if {[info exists ::env(SSL_CERT_FILE)]} {lappend cmd -cafile $::env(SSL_CERT_FILE)};lappend cmd $url $port;set ch [eval $cmd];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}
set cmd [list tls::socket -autoservername 1 -require 1]
if {[info exists ::env(SSL_CERT_FILE)]} {
lappend cmd -cafile $::env(SSL_CERT_FILE)
}
lappend cmd $url $port
set ch [eval $cmd]
if {[catch {tls::handshake $ch} err]} {
close $ch
return -code error $err
} else {
close $ch
}
}
# BadSSL.com Tests
test BadSSL-1.1 {1000-sans} -body {
badssl 1000-sans.badssl.com
} -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1}
|