10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
package require tls
# Find default CA certificates directory
if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]}
# Constraints
set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
foreach protocol $protocols {::tcltest::testConstraint $protocol 0}
foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1}
# Helper functions
proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}
# BadSSL.com Tests
test BadSSL-1.1 {1000-sans} -body {
badssl 1000-sans.badssl.com
} -result {handshake failed: certificate verify failed due to: certificate has expired} -returnCodes {1}
|
|
<
<
>
>
>
|
>
>
|
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
package require tls
# Find default CA certificates directory
if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]}
# Constraints
source common.tcl
# Helper functions
proc badssl {url} {set port 443
lassign [split $url ":"] url port
if {$port eq ""} {set port 443}
set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port]
if {[catch {tls::handshake $ch} err]} {close $ch
return -code error $err} else {close $ch}}
# BadSSL.com Tests
test BadSSL-1.1 {1000-sans} -body {
badssl 1000-sans.badssl.com
} -result {handshake failed: certificate verify failed due to: certificate has expired} -returnCodes {1}
|