13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# Find default CA certificates directory
if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]}
# Constraints
source common.tcl
# Helper functions
proc badssl {url} {set port 443
lassign [split $url ":"] url port
if {$port eq ""} {set port 443}
set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port]
if {[catch {tls::handshake $ch} err]} {close $ch
return -code error $err} else {close $ch}}
# BadSSL.com Tests
test BadSSL-1.1 {1000-sans} -body {
badssl 1000-sans.badssl.com
} -result {handshake failed: certificate verify failed due to: certificate has expired} -returnCodes {1}
|
<
<
<
|
<
<
|
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# Find default CA certificates directory
if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]}
# Constraints
source common.tcl
# Helper functions
proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}
# BadSSL.com Tests
test BadSSL-1.1 {1000-sans} -body {
badssl 1000-sans.badssl.com
} -result {handshake failed: certificate verify failed due to: certificate has expired} -returnCodes {1}
|