mirror of https://github.com/ctz/rustls
148 lines
2.5 KiB
Rust
148 lines
2.5 KiB
Rust
/*
|
|
* These tests use the various test servers run by Google
|
|
* at badssl.com. To be polite they sleep 1 second before
|
|
* each test.
|
|
*/
|
|
|
|
#[allow(dead_code)]
|
|
mod common;
|
|
use common::{TlsClient, polite};
|
|
|
|
fn connect(hostname: &str) -> TlsClient {
|
|
TlsClient::new(hostname)
|
|
}
|
|
|
|
#[test]
|
|
fn no_cbc() {
|
|
polite();
|
|
connect("cbc.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: AlertReceived(HandshakeFailure)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn no_rc4() {
|
|
polite();
|
|
connect("rc4.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: AlertReceived(HandshakeFailure)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn expired() {
|
|
polite();
|
|
connect("expired.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: WebPKIError(CertExpired)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn wrong_host() {
|
|
polite();
|
|
connect("wrong.host.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: WebPKIError(CertNotValidForName)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn self_signed() {
|
|
polite();
|
|
connect("self-signed.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: WebPKIError(UnknownIssuer)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn no_dh() {
|
|
polite();
|
|
connect("dh2048.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: AlertReceived(HandshakeFailure)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn mozilla_old() {
|
|
polite();
|
|
connect("mozilla-old.badssl.com")
|
|
.expect("<title>mozilla-old.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn mozilla_inter() {
|
|
polite();
|
|
connect("mozilla-intermediate.badssl.com")
|
|
.expect("<title>mozilla-intermediate.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn mozilla_modern() {
|
|
polite();
|
|
connect("mozilla-modern.badssl.com")
|
|
.expect("<title>mozilla-modern.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn sha256() {
|
|
polite();
|
|
connect("sha256.badssl.com")
|
|
.expect("<title>sha256.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn many_sans() {
|
|
/* This exercises webpki, but also handshake reassembly. */
|
|
polite();
|
|
connect("1000-sans.badssl.com")
|
|
.expect("<title>1000-sans.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn too_many_sans() {
|
|
polite();
|
|
connect("10000-sans.badssl.com")
|
|
.fails()
|
|
.expect("TLS error: WebPKIError(BadDER)")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn rsa8192() {
|
|
polite();
|
|
connect("rsa8192.badssl.com")
|
|
.expect("<title>rsa8192.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn sha1_2016() {
|
|
polite();
|
|
connect("sha1-2016.badssl.com")
|
|
.expect("<title>sha1-2016.badssl.com</title>")
|
|
.go()
|
|
.unwrap();
|
|
}
|