File: ssllabs.test

package info (click to toggle)
tcltls 2.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,700 kB
  • sloc: ansic: 4,473; tcl: 1,635; sh: 408; makefile: 35
file content (85 lines) | stat: -rw-r--r-- 3,192 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# Auto generated test cases for ssllabs.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] < 0} {
	package require tcltest
	namespace import ::tcltest::*
}

set ::auto_path [concat [list [file dirname [file dirname [info script]]]] $::auto_path]

package prefer latest
package require tls

# Constraints
set dir [file join [pwd] [file dirname [info script]]]
source [file join $dir common.tcl]

# Helper functions
set ::cafile [file join $dir certs cacert.pem]
set ::env(SSL_CERT_FILE) $::cafile
proc connect {url} {
    set port 443
    lassign [split $url ":"] url port
    if {$port eq ""} {
	set port 443
    }
    set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port]
    if {[catch {tls::handshake $ch} err]} {
	close $ch
	return -code error $err
    } else {
	close $ch
    }
}

# clienttest.ssllabs.com Tests


test SSLLabs-1.1 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {win OpenSSL1.1.1} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: certificate verify failed due to "self signed certificate in certificate chain"} -returnCodes {1}

test SSLLabs-1.2 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {win !OpenSSL1.1.1} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: certificate verify failed due to "self-signed certificate in certificate chain"} -returnCodes {1}

test SSLLabs-1.3 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {mac} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: certificate verify failed due to "self-signed certificate in certificate chain"} -returnCodes {1}

test SSLLabs-1.4 {CVE_2020_0601 (CurveBall) Vulnerability} -constraints {unix !mac} -body {
	connect www.ssllabs.com:10446
    } -result {handshake failed: decode error due to "unable to get local issuer certificate"} -returnCodes {1}

test SSLLabs-1.5 {Logjam Vulnerability} -constraints {win OpenSSL3.0} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1}

test SSLLabs-1.6 {Logjam Vulnerability} -constraints {unix OpenSSL3.0} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: dh key too small} -returnCodes {1}

test SSLLabs-1.7 {Logjam Vulnerability} -constraints {win OpenSSL3.2} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: unknown security bits} -returnCodes {1}

test SSLLabs-1.8 {Logjam Vulnerability} -constraints {unix !mac OpenSSL3.2} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: unknown security bits} -returnCodes {1}

test SSLLabs-1.9 {Logjam Vulnerability} -constraints {mac OpenSSL3.2} -body {
	connect www.ssllabs.com:10445
    } -result {handshake failed: unknown security bits} -returnCodes {1}

test SSLLabs-1.10 {FREAK Vulnerability} -body {
	connect www.ssllabs.com:10444
    } -result {handshake failed: unsupported protocol} -returnCodes {1}

test SSLLabs-1.11 {POODLE Vulnerability} -body {
	connect www.ssllabs.com:10443
    } -result {handshake failed: unsupported protocol} -returnCodes {1}

# Cleanup
::tcltest::cleanupTests
return