rustls/rustls-mio/tests/badssl.rs

// These tests use the various test servers run by Google
// at badssl.com.  To be polite they sleep 1 second before
// each test.
//

#[allow(dead_code)]
mod common;

mod online {
    use super::common::{TlsClient, polite};

    fn connect(hostname: &str) -> TlsClient {
        TlsClient::new(hostname)
    }

    #[test]
    fn no_cbc() {
        polite();
        connect("cbc.badssl.com")
            .fails()
            .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
            .go()
            .unwrap();
    }

    #[test]
    fn no_rc4() {
        polite();
        connect("rc4.badssl.com")
            .fails()
            .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
            .go()
            .unwrap();
    }

    #[test]
    fn expired() {
        polite();
        connect("expired.badssl.com")
            .fails()
            .expect(r"TLS error: WebPKIError\(CertExpired\)")
            .go()
            .unwrap();
    }

    #[test]
    fn wrong_host() {
        polite();
        connect("wrong.host.badssl.com")
            .fails()
            .expect(r"TLS error: WebPKIError\(CertNotValidForName\)")
            .go()
            .unwrap();
    }

    #[test]
    fn self_signed() {
        polite();
        connect("self-signed.badssl.com")
            .fails()
            .expect(r"TLS error: WebPKIError\((UnknownIssuer|CertExpired)\)")
            .go()
            .unwrap();
    }

    #[test]
    fn no_dh() {
        polite();
        connect("dh2048.badssl.com")
            .fails()
            .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
            .go()
            .unwrap();
    }

    #[test]
    fn mozilla_old() {
        polite();
        connect("mozilla-old.badssl.com")
            .expect("<title>mozilla-old.badssl.com</title>")
            .go()
            .unwrap();
    }

    #[test]
    fn mozilla_inter() {
        polite();
        connect("mozilla-intermediate.badssl.com")
            .expect("<title>mozilla-intermediate.badssl.com</title>")
            .go()
            .unwrap();
    }

    #[test]
    fn mozilla_modern() {
        polite();
        connect("mozilla-modern.badssl.com")
            .expect("<title>mozilla-modern.badssl.com</title>")
            .go()
            .unwrap();
    }

    #[test]
    fn sha256() {
        polite();
        connect("sha256.badssl.com")
            .expect("<title>sha256.badssl.com</title>")
            .go()
            .unwrap();
    }

    #[test]
    fn too_many_sans() {
        polite();
        connect("10000-sans.badssl.com")
            .fails()
            .expect(r"TLS error: CorruptMessagePayload\(Handshake\)")
            .go()
            .unwrap();
    }

    #[test]
    fn rsa8192() {
        polite();
        connect("rsa8192.badssl.com")
            .expect("<title>rsa8192.badssl.com</title>")
            .go()
            .unwrap();
    }

    #[test]
    fn sha1_2016() {
        polite();
        connect("sha1-2016.badssl.com")
            .fails()
            .expect(r"TLS error: WebPKIError\(CertExpired\)")
            .go()
            .unwrap();
    }

    #[cfg(feature = "dangerous_configuration")]
    mod danger {
        #[test]
        fn self_signed() {
            super::polite();
            super::connect("self-signed.badssl.com")
                .insecure()
                .expect("<title>self-signed.badssl.com</title>")
                .go()
                .unwrap();
        }
    }
}