|
0 |
(* How to add a new test?
|
|
1 |
Execute for a host of interest h:
|
|
2 |
"echo foo | openssl s_client -connect h:443 -showcerts -no_ticket > out.txt"
|
|
3 |
let h_data = {|M-x insert-file out.txt|}
|
|
4 |
Add <h, h_data> either to ok_tests or to err_tests (the expected error is required)
|
|
5 |
|
|
6 |
Please note:
|
|
7 |
- now is set to a static date (below, can be set to other dates in individual tests)
|
|
8 |
- there's no revocation checks
|
|
9 |
*)
|
|
10 |
let now =
|
|
11 |
match Ptime.of_date_time ((2020, 10, 11), ((16, 00, 00), 00)) with
|
|
12 |
| None -> assert false
|
|
13 |
| Some t -> t
|
|
14 |
|
|
15 |
let err =
|
|
16 |
let module M = struct
|
|
17 |
type t = X509.Validation.validation_error
|
|
18 |
|
|
19 |
let pp = X509.Validation.pp_validation_error
|
|
20 |
|
|
21 |
let equal a b = compare a b = 0 (* TODO relies on polymorphic equality *)
|
|
22 |
end in
|
|
23 |
(module M : Alcotest.TESTABLE with type t = M.t)
|
|
24 |
|
|
25 |
let ok =
|
|
26 |
let module M = struct
|
|
27 |
type t = (X509.Certificate.t list * X509.Certificate.t) option
|
|
28 |
|
|
29 |
let pp ppf = function
|
|
30 |
| None -> Fmt.string ppf "none"
|
|
31 |
| Some (chain, _) ->
|
|
32 |
Fmt.(list ~sep:(any ", ") X509.Certificate.pp) ppf chain
|
|
33 |
|
|
34 |
let equal a b =
|
|
35 |
match (a, b) with
|
|
36 |
| None, None -> true
|
|
37 |
| Some (a, _), Some (b, _) ->
|
|
38 |
compare a b = 0 (* TODO relies on polymorphic equality *)
|
|
39 |
| _ -> false
|
|
40 |
end in
|
|
41 |
(module M : Alcotest.TESTABLE with type t = M.t)
|
|
42 |
|
|
43 |
let r = Alcotest.result ok err
|
|
44 |
|
|
45 |
let test_one ?time anchors result host chain () =
|
|
46 |
let time () = match time with None -> Some now | Some t -> Some t
|
|
47 |
and name = Domain_name.to_string host
|
|
48 |
and host = Some host in
|
|
49 |
Alcotest.check r ("test one " ^ name) result
|
|
50 |
(X509.Validation.verify_chain_of_trust ~host ~time ~anchors chain)
|
|
51 |
|
|
52 |
let google =
|
|
53 |
{|
|
|
54 |
CONNECTED(00000003)
|
|
55 |
---
|
|
56 |
Certificate chain
|
|
57 |
0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com
|
|
58 |
i:C = US, O = Google Trust Services, CN = GTS CA 1O1
|
|
59 |
-----BEGIN CERTIFICATE-----
|
|
60 |
MIIJcTCCCFmgAwIBAgIRAOzqbxiPVrFyAgAAAAB8NQswDQYJKoZIhvcNAQELBQAw
|
|
61 |
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
|
|
62 |
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDA5MjIxNTIyMTlaFw0yMDEyMTUxNTIy
|
|
63 |
MTlaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
|
64 |
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwq
|
|
65 |
Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARomdmWq6BlO0yH
|
|
66 |
z9Xb08PTWbhcMw4YF14cQRiDKnigLYp3bGxUCDtu5dAdccM0mqQdzK0cMnYMXqEC
|
|
67 |
2T3Hw647o4IHBzCCBwMwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
|
|
68 |
BwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEN+puKWN1FY2tdecjOJANtw/Sak
|
|
69 |
MB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGgGCCsGAQUFBwEBBFww
|
|
70 |
WjArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMW8xY29yZTAr
|
|
71 |
BggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xLmNydDCCBMIG
|
|
72 |
A1UdEQSCBLkwggS1ggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw
|
|
73 |
ZW5naW5lLmdvb2dsZS5jb22CCSouYmRuLmRldoISKi5jbG91ZC5nb29nbGUuY29t
|
|
74 |
ghgqLmNyb3dkc291cmNlLmdvb2dsZS5jb22CGCouZGF0YWNvbXB1dGUuZ29vZ2xl
|
|
75 |
LmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22C
|
|
76 |
CiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYqLmdvb2dsZS1hbmFseXRpY3Mu
|
|
77 |
Y29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4q
|
|
78 |
Lmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIP
|
|
79 |
Ki5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5j
|
|
80 |
b4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNv
|
|
81 |
bS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5n
|
|
82 |
b29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyC
|
|
83 |
CyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5j
|
|
84 |
boIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdv
|
|
85 |
b2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tghIqLmdz
|
|
86 |
dGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmlj
|
|
87 |
LmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CEyou
|
|
88 |
d2Vhci5na2VjbmFwcHMuY26CFioueW91dHViZS1ub2Nvb2tpZS5jb22CDSoueW91
|
|
89 |
dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CESoueW91dHViZWtpZHMu
|
|
90 |
Y29tggcqLnl0LmJlggsqLnl0aW1nLmNvbYIaYW5kcm9pZC5jbGllbnRzLmdvb2ds
|
|
91 |
ZS5jb22CC2FuZHJvaWQuY29tghtkZXZlbG9wZXIuYW5kcm9pZC5nb29nbGUuY26C
|
|
92 |
HGRldmVsb3BlcnMuYW5kcm9pZC5nb29nbGUuY26CBGcuY2+CCGdncGh0LmNuggxn
|
|
93 |
a2VjbmFwcHMuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2ds
|
|
94 |
ZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xlY29tbWVyY2UuY29tghhzb3Vy
|
|
95 |
Y2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlv
|
|
96 |
dXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1
|
|
97 |
YmVraWRzLmNvbYIFeXQuYmUwIQYDVR0gBBowGDAIBgZngQwBAgIwDAYKKwYBBAHW
|
|
98 |
eQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnBraS5nb29nL0dUUzFP
|
|
99 |
MWNvcmUuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAB7dcG+V9aP/xsMYd
|
|
100 |
IxXHuuZXfFeUt2ruvGE6GmnTohwAAAF0tp+GwAAABAMARjBEAiBis68209UqRM3U
|
|
101 |
pdK8YoCfL8BrZY6+i6ORfGmo7neXTQIgSrcPvX7ZqP3uvT5yoJYFjbpZBwY9cwAV
|
|
102 |
W4n9855SnlcAdwDnEvKwN34aYvuOyQxhhPHqezfLVh0RJlvz4PNL8kFUbgAAAXS2
|
|
103 |
n4TVAAAEAwBIMEYCIQCRyG5B5Www1ro7CxWNLULQ96BNxtNTCko0bNCD5MejPQIh
|
|
104 |
AMNe5UO1cbG7u6oaO7/yRUt2O1OSewKoMddtPB1OUBh+MA0GCSqGSIb3DQEBCwUA
|
|
105 |
A4IBAQAN61JzpCZJVRZrpVJIRy6Hn65b0ZDBXTh3x6OpD3X2Y0Q6FRqaQuPUA7xg
|
|
106 |
DUvVnUUpMGsM2ylzUrtvJhSOCb32FU3g9FwVzTif/PRA5qniYRhysR2aa+NxHg5c
|
|
107 |
rua60gExT/oSHeGKpJUXTCTPypF4wJ1YvKOd7pRfNqlGR4Gfb6BVy/YCA3CW/bk0
|
|
108 |
yQ0k99iL/ancn2qGBn4++Z2XWGZHgo5FTvCtFl6ZrK01T+UeqhLp8kQOvyN58WiM
|
|
109 |
S+c/7a4M2GyzJe+niWodeKFY91N0SpBViX8cl0YmIm6CNmJdRt5AA+C/FmLgxh7F
|
|
110 |
wBPEtuosuW+JHwshTHwwylI7tT1x
|
|
111 |
-----END CERTIFICATE-----
|
|
112 |
1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
|
|
113 |
i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
|
|
114 |
-----BEGIN CERTIFICATE-----
|
|
115 |
MIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw
|
|
116 |
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
|
|
117 |
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
|
|
118 |
MTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
|
|
119 |
U2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA
|
|
120 |
A4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv
|
|
121 |
UA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr
|
|
122 |
mBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac
|
|
123 |
xGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK
|
|
124 |
FsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X
|
|
125 |
rJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV
|
|
126 |
HQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud
|
|
127 |
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G
|
|
128 |
A1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl
|
|
129 |
BggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp
|
|
130 |
MCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g
|
|
131 |
BDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y
|
|
132 |
ZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H
|
|
133 |
TgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN
|
|
134 |
FvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz
|
|
135 |
mqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW
|
|
136 |
IRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ
|
|
137 |
USpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==
|
|
138 |
-----END CERTIFICATE-----
|
|
139 |
---
|
|
140 |
Server certificate
|
|
141 |
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com
|
|
142 |
|
|
143 |
issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1
|
|
144 |
|
|
145 |
---
|
|
146 |
No client certificate CA names sent
|
|
147 |
Peer signing digest: SHA256
|
|
148 |
Peer signature type: ECDSA
|
|
149 |
Server Temp Key: X25519, 253 bits
|
|
150 |
---
|
|
151 |
SSL handshake has read 3832 bytes and written 390 bytes
|
|
152 |
Verification: OK
|
|
153 |
---
|
|
154 |
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
|
|
155 |
Server public key is 256 bit
|
|
156 |
Secure Renegotiation IS NOT supported
|
|
157 |
Compression: NONE
|
|
158 |
Expansion: NONE
|
|
159 |
No ALPN negotiated
|
|
160 |
Early data was not sent
|
|
161 |
Verify return code: 0 (ok)
|
|
162 |
---
|
|
163 |
|}
|
|
164 |
|
|
165 |
let extended_validation_badssl =
|
|
166 |
{|
|
|
167 |
CONNECTED(00000003)
|
|
168 |
---
|
|
169 |
Certificate chain
|
|
170 |
0 s:businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = California, serialNumber = C2543436, C = US, ST = California, L = Mountain View, O = Mozilla Foundation, CN = extended-validation.badssl.com
|
|
171 |
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
|
|
172 |
-----BEGIN CERTIFICATE-----
|
|
173 |
MIIHZDCCBkygAwIBAgIQDtsxL6s4mGkViYnesbc/1zANBgkqhkiG9w0BAQsFADB1
|
|
174 |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
175 |
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
|
|
176 |
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIwMDYyMzAwMDAwMFoXDTIyMDgxMDEy
|
|
177 |
MDAwMFowgeQxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
|
|
178 |
BAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNV
|
|
179 |
BAUTCEMyNTQzNDM2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW
|
|
180 |
MBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBGb3VuZGF0
|
|
181 |
aW9uMScwJQYDVQQDEx5leHRlbmRlZC12YWxpZGF0aW9uLmJhZHNzbC5jb20wggEi
|
|
182 |
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtc
|
|
183 |
qGhJsCK1+ZWesSssdj5swEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5Q
|
|
184 |
N6ZnHGGM9kFCxUbTFocnn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9g
|
|
185 |
lUp3aznxJNExtt1NwMT8U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+
|
|
186 |
WqIW3GmxV0TbChKr3sMPR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII
|
|
187 |
2YxXhFOBBcvm/mtUmEAnhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMB
|
|
188 |
AAGjggN+MIIDejAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNV
|
|
189 |
HQ4EFgQUne7Be4ELOkdpcRh9ETeTvKUbP/swKQYDVR0RBCIwIIIeZXh0ZW5kZWQt
|
|
190 |
dmFsaWRhdGlvbi5iYWRzc2wuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
|
|
191 |
BggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2Ny
|
|
192 |
bDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0
|
|
193 |
cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNV
|
|
194 |
HSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5k
|
|
195 |
aWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYB
|
|
196 |
BQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0
|
|
197 |
cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFs
|
|
198 |
aWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIE
|
|
199 |
AgSCAW8EggFrAWkAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAA
|
|
200 |
AXLhwe8uAAAEAwBHMEUCIQC5/b5wmGbMOkgH/GupRPFXZ29CaGG8JQMFkjzgBz8n
|
|
201 |
owIgZQwjhH6rH8lbUX9y3+DLPyUJMA6JXy+18kKQ90JzanIAdwAiRUUHWVUkVpY/
|
|
202 |
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXLhwe84AAAEAwBIMEYCIQCI7jirWHoe
|
|
203 |
G5VW0FDM7MkB2pkUyi2RzM9JDFZ5HXfGJwIhAMWSFJKM57x+bFVfOJkqz3V0vDI/
|
|
204 |
nywkI96DpHE7tIDdAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYA
|
|
205 |
AAFy4cHu+gAABAMARzBFAiASe/ZlNY2nqmcLX6hnjXu7exSER/BmhAVKHexAeGwU
|
|
206 |
dgIhAJunm2S4Hyz/ofuz4Cs98PknztPlRY3gSxO+ay8lr7XkMA0GCSqGSIb3DQEB
|
|
207 |
CwUAA4IBAQB0ZpWayltbvblCxkb/KI/UptbKSPex2C8HosV0cXZLdzkAa9UA9Vdg
|
|
208 |
IYNfkqVUpZH6Z3b7jtyZIUE7Thtcmglmm/OcPeLYOmO6L27T3igni2+b5mlj7L00
|
|
209 |
PjWsRforHnD7B+q8KnIpdLs4pJc/0hHK2yn11utAOgn+jnBXs3xoRxKYC+nXWM3C
|
|
210 |
Syhq4B+z/4clh3Mq+Jgse9h50uRf9bmn+n/TxCcfeiDdgY5Z2KNy+nPrP78Jhpl9
|
|
211 |
f8N6Kv+K8Mm398q8iHyM14V6o0VdrQUTr8ZmEa/KmRAL+eMRzbEZg+YlIyn9qQAy
|
|
212 |
A5GhqEwE29Z5Knslx7CvNEO9xV3CByfS
|
|
213 |
-----END CERTIFICATE-----
|
|
214 |
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
|
|
215 |
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
|
|
216 |
-----BEGIN CERTIFICATE-----
|
|
217 |
MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBs
|
|
218 |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
219 |
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
|
|
220 |
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTEL
|
|
221 |
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
|
|
222 |
LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBW
|
|
223 |
YWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
|
224 |
ggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUY
|
|
225 |
uD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/
|
|
226 |
LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy
|
|
227 |
/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQh
|
|
228 |
cJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k
|
|
229 |
8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYB
|
|
230 |
Af8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
|
|
231 |
BQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
|
|
232 |
Z2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2Vy
|
|
233 |
dC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2
|
|
234 |
MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j
|
|
235 |
b20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAW
|
|
236 |
gBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbh
|
|
237 |
hgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg
|
|
238 |
4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa
|
|
239 |
2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs
|
|
240 |
1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1
|
|
241 |
oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn
|
|
242 |
8TUoE6smftX3eg==
|
|
243 |
-----END CERTIFICATE-----
|
|
244 |
---
|
|
245 |
Server certificate
|
|
246 |
subject=businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = California, serialNumber = C2543436, C = US, ST = California, L = Mountain View, O = Mozilla Foundation, CN = extended-validation.badssl.com
|
|
247 |
|
|
248 |
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
|
|
249 |
|
|
250 |
---
|
|
251 |
No client certificate CA names sent
|
|
252 |
Peer signing digest: SHA512
|
|
253 |
Peer signature type: RSA
|
|
254 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
255 |
---
|
|
256 |
SSL handshake has read 3620 bytes and written 456 bytes
|
|
257 |
Verification: OK
|
|
258 |
---
|
|
259 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
260 |
Server public key is 2048 bit
|
|
261 |
Secure Renegotiation IS supported
|
|
262 |
Compression: NONE
|
|
263 |
Expansion: NONE
|
|
264 |
No ALPN negotiated
|
|
265 |
SSL-Session:
|
|
266 |
Protocol : TLSv1.2
|
|
267 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
268 |
Session-ID: 23F7C5ED976C5282E0560451480503D57BDA046969A848546C71191842D7613E
|
|
269 |
Session-ID-ctx:
|
|
270 |
Master-Key: BEF4C35CC73EB08048FCAFA254DECE26E7A8A6841EC829D1B7F20E011F757E234E188B8B8C4948BF6762658D46E7C5D3
|
|
271 |
PSK identity: None
|
|
272 |
PSK identity hint: None
|
|
273 |
SRP username: None
|
|
274 |
Start Time: 1602435414
|
|
275 |
Timeout : 7200 (sec)
|
|
276 |
Verify return code: 0 (ok)
|
|
277 |
Extended master secret: no
|
|
278 |
---
|
|
279 |
|}
|
|
280 |
|
|
281 |
let ok_tests =
|
|
282 |
[
|
|
283 |
("google.com", google);
|
|
284 |
("extended-validation.badssl.com", extended_validation_badssl);
|
|
285 |
]
|
|
286 |
|
|
287 |
let self_signed_badssl =
|
|
288 |
{|
|
|
289 |
CONNECTED(00000003)
|
|
290 |
---
|
|
291 |
Certificate chain
|
|
292 |
0 s:C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
|
|
293 |
i:C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
|
|
294 |
-----BEGIN CERTIFICATE-----
|
|
295 |
MIIDeTCCAmGgAwIBAgIJAPziuikCTox4MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
|
|
296 |
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
|
|
297 |
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0x
|
|
298 |
OTEwMDkyMzQxNTJaFw0yMTEwMDgyMzQxNTJaMGIxCzAJBgNVBAYTAlVTMRMwEQYD
|
|
299 |
VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK
|
|
300 |
DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB
|
|
301 |
BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2
|
|
302 |
PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMW
|
|
303 |
hyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3A
|
|
304 |
xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve
|
|
305 |
ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY
|
|
306 |
QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T
|
|
307 |
BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI
|
|
308 |
hvcNAQELBQADggEBAGlwCdbPxflZfYOaukZGCaxYK6gpincX4Lla4Ui2WdeQxE95
|
|
309 |
w7fChXvP3YkE3UYUE7mupZ0eg4ZILr/A0e7JQDsgIu/SRTUE0domCKgPZ8v99k3A
|
|
310 |
vka4LpLK51jHJJK7EFgo3ca2nldd97GM0MU41xHFk8qaK1tWJkfrrfcGwDJ4GQPI
|
|
311 |
iLlm6i0yHq1Qg1RypAXJy5dTlRXlCLd8ufWhhiwW0W75Va5AEnJuqpQrKwl3KQVe
|
|
312 |
wGj67WWRgLfSr+4QG1mNvCZb2CkjZWmxkGPuoP40/y7Yu5OFqxP5tAjj4YixCYTW
|
|
313 |
EVA0pmzIzgBg+JIe3PdRy27T0asgQW/F4TY61Yk=
|
|
314 |
-----END CERTIFICATE-----
|
|
315 |
---
|
|
316 |
Server certificate
|
|
317 |
subject=C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
|
|
318 |
|
|
319 |
issuer=C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
|
|
320 |
|
|
321 |
---
|
|
322 |
No client certificate CA names sent
|
|
323 |
Peer signing digest: SHA512
|
|
324 |
Peer signature type: RSA
|
|
325 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
326 |
---
|
|
327 |
SSL handshake has read 1404 bytes and written 448 bytes
|
|
328 |
Verification error: self signed certificate
|
|
329 |
---
|
|
330 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
331 |
Server public key is 2048 bit
|
|
332 |
Secure Renegotiation IS supported
|
|
333 |
Compression: NONE
|
|
334 |
Expansion: NONE
|
|
335 |
No ALPN negotiated
|
|
336 |
SSL-Session:
|
|
337 |
Protocol : TLSv1.2
|
|
338 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
339 |
Session-ID: F6A1E369801FDF644904D6E4C4E1E29E9448CD8E0FDE574B9F42B9B026FA25BF
|
|
340 |
Session-ID-ctx:
|
|
341 |
Master-Key: 90E3C3917FFE81FD81E05C0E2398499C1AC58C81F8D6B35AD7A3F2450F8B89BFF62710A3AC9AFD1378FADD8AD8EB79E0
|
|
342 |
PSK identity: None
|
|
343 |
PSK identity hint: None
|
|
344 |
SRP username: None
|
|
345 |
Start Time: 1602434632
|
|
346 |
Timeout : 7200 (sec)
|
|
347 |
Verify return code: 18 (self signed certificate)
|
|
348 |
Extended master secret: no
|
|
349 |
---
|
|
350 |
|}
|
|
351 |
|
|
352 |
let expired_badssl =
|
|
353 |
{|
|
|
354 |
CONNECTED(00000003)
|
|
355 |
---
|
|
356 |
Certificate chain
|
|
357 |
0 s:OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.badssl.com
|
|
358 |
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
|
|
359 |
-----BEGIN CERTIFICATE-----
|
|
360 |
MIIFSzCCBDOgAwIBAgIQSueVSfqavj8QDxekeOFpCTANBgkqhkiG9w0BAQsFADCB
|
|
361 |
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
|
362 |
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
|
|
363 |
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
|
|
364 |
QTAeFw0xNTA0MDkwMDAwMDBaFw0xNTA0MTIyMzU5NTlaMFkxITAfBgNVBAsTGERv
|
|
365 |
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls
|
|
366 |
ZGNhcmQxFTATBgNVBAMUDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
|
|
367 |
ggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2PmzA
|
|
368 |
S2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMWhyef
|
|
369 |
dOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3AxPxT
|
|
370 |
uW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqveww9H
|
|
371 |
dFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SYQCeF
|
|
372 |
xxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaOCAdUwggHRMB8GA1Ud
|
|
373 |
IwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSd7sF7gQs6R2lx
|
|
374 |
GH0RN5O8pRs/+zAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
|
|
375 |
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQIC
|
|
376 |
BzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAI
|
|
377 |
BgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5j
|
|
378 |
b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCB
|
|
379 |
hQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2Nh
|
|
380 |
LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0
|
|
381 |
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBww
|
|
382 |
GoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBq
|
|
383 |
evHa/wMHcnjFZqFPRkMOXxQhjHUa6zbgH6QQFezaMyV8O7UKxwE4PSf9WNnM6i1p
|
|
384 |
OXy+l+8L1gtY54x/v7NMHfO3kICmNnwUW+wHLQI+G1tjWxWrAPofOxkt3+IjEBEH
|
|
385 |
fnJ/4r+3ABuYLyw/zoWaJ4wQIghBK4o+gk783SHGVnRwpDTysUCeK1iiWQ8dSO/r
|
|
386 |
ET7BSp68ZVVtxqPv1dSWzfGuJ/ekVxQ8lEEFeouhN0fX9X3c+s5vMaKwjOrMEpsi
|
|
387 |
8TRwz311SotoKQwe6Zaoz7ASH1wq7mcvf71z81oBIgxw+s1F73hczg36TuHvzmWf
|
|
388 |
RwxPuzZEaFZcVlmtqoq8
|
|
389 |
-----END CERTIFICATE-----
|
|
390 |
1 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
|
|
391 |
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
|
|
392 |
-----BEGIN CERTIFICATE-----
|
|
393 |
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
|
|
394 |
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
|
395 |
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
|
|
396 |
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
|
|
397 |
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
|
|
398 |
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
|
|
399 |
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
|
|
400 |
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
|
401 |
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
|
|
402 |
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
|
|
403 |
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
|
|
404 |
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
|
|
405 |
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
|
|
406 |
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
|
|
407 |
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
|
|
408 |
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
|
|
409 |
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
|
|
410 |
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
|
|
411 |
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
|
|
412 |
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
|
|
413 |
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
|
|
414 |
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
|
|
415 |
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
|
|
416 |
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
|
|
417 |
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
|
|
418 |
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
|
|
419 |
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
|
|
420 |
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
|
|
421 |
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
|
|
422 |
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
|
|
423 |
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
|
|
424 |
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
|
|
425 |
+AZxAeKCINT+b72x
|
|
426 |
-----END CERTIFICATE-----
|
|
427 |
2 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
|
|
428 |
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
|
|
429 |
-----BEGIN CERTIFICATE-----
|
|
430 |
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
|
|
431 |
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
|
|
432 |
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
|
|
433 |
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
|
|
434 |
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
|
|
435 |
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
|
|
436 |
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
|
|
437 |
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
|
|
438 |
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
|
|
439 |
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
|
|
440 |
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
|
|
441 |
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
|
|
442 |
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
|
|
443 |
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
|
|
444 |
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
|
|
445 |
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
|
|
446 |
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
|
|
447 |
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
|
|
448 |
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
|
|
449 |
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
|
|
450 |
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
|
|
451 |
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
|
|
452 |
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
|
|
453 |
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
|
|
454 |
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
|
|
455 |
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
|
|
456 |
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
|
|
457 |
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
|
|
458 |
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
|
|
459 |
pu/xO28QOG8=
|
|
460 |
-----END CERTIFICATE-----
|
|
461 |
---
|
|
462 |
Server certificate
|
|
463 |
subject=OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.badssl.com
|
|
464 |
|
|
465 |
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
|
|
466 |
|
|
467 |
---
|
|
468 |
No client certificate CA names sent
|
|
469 |
Peer signing digest: SHA512
|
|
470 |
Peer signature type: RSA
|
|
471 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
472 |
---
|
|
473 |
SSL handshake has read 4824 bytes and written 444 bytes
|
|
474 |
Verification error: certificate has expired
|
|
475 |
---
|
|
476 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
477 |
Server public key is 2048 bit
|
|
478 |
Secure Renegotiation IS supported
|
|
479 |
Compression: NONE
|
|
480 |
Expansion: NONE
|
|
481 |
No ALPN negotiated
|
|
482 |
SSL-Session:
|
|
483 |
Protocol : TLSv1.2
|
|
484 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
485 |
Session-ID: 0E3D5C358767788B8935538CE2B86C4E7D0B932FC3A91153B45A698FF43E6313
|
|
486 |
Session-ID-ctx:
|
|
487 |
Master-Key: B2B26F72CE2275A7BBF8D2EF170088E7FC98E83619009725FA07E5A3CD8B2E2B7AB36AD7DE63B2B31F649B7771E553EE
|
|
488 |
PSK identity: None
|
|
489 |
PSK identity hint: None
|
|
490 |
SRP username: None
|
|
491 |
Start Time: 1602434992
|
|
492 |
Timeout : 7200 (sec)
|
|
493 |
Verify return code: 10 (certificate has expired)
|
|
494 |
Extended master secret: no
|
|
495 |
---
|
|
496 |
|}
|
|
497 |
|
|
498 |
let untrusted_root_badssl =
|
|
499 |
{|
|
|
500 |
CONNECTED(00000003)
|
|
501 |
---
|
|
502 |
Certificate chain
|
|
503 |
0 s:C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
|
|
504 |
i:C = US, ST = California, L = San Francisco, O = BadSSL, CN = BadSSL Untrusted Root Certificate Authority
|
|
505 |
-----BEGIN CERTIFICATE-----
|
|
506 |
MIIEmTCCAoGgAwIBAgIJAOywCwT04S08MA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD
|
|
507 |
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
|
|
508 |
aXNjbzEPMA0GA1UECgwGQmFkU1NMMTQwMgYDVQQDDCtCYWRTU0wgVW50cnVzdGVk
|
|
509 |
IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE5MTAwOTIzMDg1MFoXDTIx
|
|
510 |
MTAwODIzMDg1MFowYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
|
|
511 |
FjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBkJhZFNTTDEVMBMGA1UE
|
|
512 |
AwwMKi5iYWRzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
|
513 |
wgTs+IzuBMKz2FDVcFjMkxjrXKhoSbAitfmVnrErLHY+bMBLYExM6rK0wA+AtrD5
|
|
514 |
csmGAvlcQV0TK39xxEu86ZQuUDemZxxhjPZBQsVG0xaHJ5906wqdEVImIXNshEx5
|
|
515 |
VeTRa+gGPUgVUq2zKNuq/27/YJVKd2s58STRMbbdTcDE/FO5bUKttXz+rvUV0jNI
|
|
516 |
5yJxx8IUemwo6jdK3+pstXK0flqiFtxpsVdE2woSq97DD0d0XEEi4Zr5G5PmrSIG
|
|
517 |
KS6xukkcDCeeo/uL90ByAKySCNmMV4RTgQXL5v5rVJhAJ4XHELtzcO9pGEEHRVV8
|
|
518 |
+WQ/PSzDqXzrkxpMhtHKhQIDAQABozIwMDAJBgNVHRMEAjAAMCMGA1UdEQQcMBqC
|
|
519 |
DCouYmFkc3NsLmNvbYIKYmFkc3NsLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAhU5h
|
|
520 |
jESEo1M5HCTHYlC1EkoxRG+bBLaYtiDsJl3HwlhtYx+r03UvWrwJ7QXhjda1G9fC
|
|
521 |
313JBLtrainBgjgJXPDHW5fmYaTmNExo7i3d+OunalwS97RQKsFtY/c+CJhYgv25
|
|
522 |
8/TOkKhg7uvV/31Uac0cIW9qH7lulE0cBymtbmWvR7sBRjD+P1hU58AULAGyMhBw
|
|
523 |
ijGBGTqHP2tRb6oMLF+iC0Ej2Eho2qloKdoYaNFivBYPMrWBk8YBGKdKOYv12Kpy
|
|
524 |
AmWhkR+x4UYPIGzPXUcFz2685E0bxoVJq0+TTXaiyjPeQ9fSgsXxeGx37g9lQ4iA
|
|
525 |
uZb1qs/MiaVz1dQ7bXGtTQbpSkLjJtRF8Toh0/oJPeM9GGoMPswqcGDTE/wqhD2j
|
|
526 |
tSl5//9kgviVVCKLNbARDJ0ikpnkhB/2K37pz9of+ltYCVHc58cCFfgmCwZfl1nJ
|
|
527 |
Zyd36FfAlATZAG2V+5JE/oir6ggPN/f1Zs21wSTejpunkDaNqWZutYalmpg1hsq8
|
|
528 |
76RNkfxtkONIubPUI90ymmJ7h6l8YPmuV+J/CE7LzDVAU51+uvFjtPNvEmJPRfug
|
|
529 |
rXmQ974mtlnvQfhb+Z3WmERgczbQCSN6C/j6+U86KrUqYcALf5rkX9cVJ1qMp0XS
|
|
530 |
6/5tfSQQuvJ7vzHVdo0OWQ7IOaSnVVV/cXQjkB4=
|
|
531 |
-----END CERTIFICATE-----
|
|
532 |
1 s:C = US, ST = California, L = San Francisco, O = BadSSL, CN = BadSSL Untrusted Root Certificate Authority
|
|
533 |
i:C = US, ST = California, L = San Francisco, O = BadSSL, CN = BadSSL Untrusted Root Certificate Authority
|
|
534 |
-----BEGIN CERTIFICATE-----
|
|
535 |
MIIGfjCCBGagAwIBAgIJAJeg/PrX5Sj9MA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD
|
|
536 |
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
|
|
537 |
aXNjbzEPMA0GA1UECgwGQmFkU1NMMTQwMgYDVQQDDCtCYWRTU0wgVW50cnVzdGVk
|
|
538 |
IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDcwNzA2MzEzNVoXDTM2
|
|
539 |
MDcwMjA2MzEzNVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
|
|
540 |
MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZCYWRTU0wxNDAyBgNV
|
|
541 |
BAMMK0JhZFNTTCBVbnRydXN0ZWQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
|
|
542 |
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKQtPMhEH073gis/HISWAi
|
|
543 |
bOEpCtOsatA3JmeVbaWal8O/5ZO5GAn9dFVsGn0CXAHR6eUKYDAFJLa/3AhjBvWa
|
|
544 |
tnQLoXaYlCvBjodjLEaFi8ckcJHrAYG9qZqioRQ16Yr8wUTkbgZf+er/Z55zi1yn
|
|
545 |
CnhWth7kekvrwVDGP1rApeLqbhYCSLeZf5W/zsjLlvJni9OrU7U3a9msvz8mcCOX
|
|
546 |
fJX9e3VbkD/uonIbK2SvmAGMaOj/1k0dASkZtMws0Bk7m1pTQL+qXDM/h3BQZJa5
|
|
547 |
DwTcATaa/Qnk6YHbj/MaS5nzCSmR0Xmvs/3CulQYiZJ3kypns1KdqlGuwkfiCCgD
|
|
548 |
yWJy7NE9qdj6xxLdqzne2DCyuPrjFPS0mmYimpykgbPnirEPBF1LW3GJc9yfhVXE
|
|
549 |
Cc8OY8lWzxazDNNbeSRDpAGbBeGSQXGjAbliFJxwLyGzZ+cG+G8lc+zSvWjQu4Xp
|
|
550 |
GJ+dOREhQhl+9U8oyPX34gfKo63muSgo539hGylqgQyzj+SX8OgK1FXXb2LS1gxt
|
|
551 |
VIR5Qc4MmiEG2LKwPwfU8Yi+t5TYjGh8gaFv6NnksoX4hU42gP5KvjYggDpR+NSN
|
|
552 |
CGQSWHfZASAYDpxjrOo+rk4xnO+sbuuMk7gORsrl+jgRT8F2VqoR9Z3CEdQxcCjR
|
|
553 |
5FsfTymZCk3GfIbWKkaeLQIDAQABo4H2MIHzMB0GA1UdDgQWBBRvx4NzSbWnY/91
|
|
554 |
3m1u/u37l6MsADCBtgYDVR0jBIGuMIGrgBRvx4NzSbWnY/913m1u/u37l6MsAKGB
|
|
555 |
h6SBhDCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV
|
|
556 |
BAcMDVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBkJhZFNTTDE0MDIGA1UEAwwrQmFk
|
|
557 |
U1NMIFVudHJ1c3RlZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eYIJAJeg/PrX
|
|
558 |
5Sj9MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IC
|
|
559 |
AQBQU9U8+jTRT6H9AIFm6y50tXTg/ySxRNmeP1Ey9Zf4jUE6yr3Q8xBv9gTFLiY1
|
|
560 |
qW2qfkDSmXVdBkl/OU3+xb5QOG5hW7wVolWQyKREV5EvUZXZxoH7LVEMdkCsRJDK
|
|
561 |
wYEKnEErFls5WPXY3bOglBOQqAIiuLQ0f77a2HXULDdQTn5SueW/vrA4RJEKuWxU
|
|
562 |
iD9XPnVZ9tPtky2Du7wcL9qhgTddpS/NgAuLO4PXh2TQ0EMCll5reZ5AEr0NSLDF
|
|
563 |
c/koDv/EZqB7VYhcPzr1bhQgbv1dl9NZU0dWKIMkRE/T7vZ97I3aPZqIapC2ulrf
|
|
564 |
KrlqjXidwrGFg8xbiGYQHPx3tHPZxoM5WG2voI6G3s1/iD+B4V6lUEvivd3f6tq7
|
|
565 |
d1V/3q1sL5DNv7TvaKGsq8g5un0TAkqaewJQ5fXLigF/yYu5a24/GUD783MdAPFv
|
|
566 |
gWz8F81evOyRfpf9CAqIswMF+T6Dwv3aw5L9hSniMrblkg+ai0K22JfoBcGOzMtB
|
|
567 |
Ke/Ps2Za56dTRoY/a4r62hrcGxufXd0mTdPaJLw3sJeHYjLxVAYWQq4QKJQWDgTS
|
|
568 |
dAEWyN2WXaBFPx5c8KIW95Eu8ShWE00VVC3oA4emoZ2nrzBXLrUScifY6VaYYkkR
|
|
569 |
2O2tSqU8Ri3XRdgpNPDWp8ZL49KhYGYo3R/k98gnMHiY5g==
|
|
570 |
-----END CERTIFICATE-----
|
|
571 |
---
|
|
572 |
Server certificate
|
|
573 |
subject=C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
|
|
574 |
|
|
575 |
issuer=C = US, ST = California, L = San Francisco, O = BadSSL, CN = BadSSL Untrusted Root Certificate Authority
|
|
576 |
|
|
577 |
---
|
|
578 |
No client certificate CA names sent
|
|
579 |
Peer signing digest: SHA512
|
|
580 |
Peer signature type: RSA
|
|
581 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
582 |
---
|
|
583 |
SSL handshake has read 3361 bytes and written 451 bytes
|
|
584 |
Verification error: self signed certificate in certificate chain
|
|
585 |
---
|
|
586 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
587 |
Server public key is 2048 bit
|
|
588 |
Secure Renegotiation IS supported
|
|
589 |
Compression: NONE
|
|
590 |
Expansion: NONE
|
|
591 |
No ALPN negotiated
|
|
592 |
SSL-Session:
|
|
593 |
Protocol : TLSv1.2
|
|
594 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
595 |
Session-ID: 649A3C21016DC17582243CEA5FF0E4A66E44261F2193BE54C11FAB1EE0CCBB9B
|
|
596 |
Session-ID-ctx:
|
|
597 |
Master-Key: 4D6B719C876D3025D6C7BD3EA00D0EDE1D026C4A94713AAE19C170ABFF800FC0EE5FB6C4478BB5C9375A51E69D29BC45
|
|
598 |
PSK identity: None
|
|
599 |
PSK identity hint: None
|
|
600 |
SRP username: None
|
|
601 |
Start Time: 1602435337
|
|
602 |
Timeout : 7200 (sec)
|
|
603 |
Verify return code: 19 (self signed certificate in certificate chain)
|
|
604 |
Extended master secret: no
|
|
605 |
---
|
|
606 |
|}
|
|
607 |
|
|
608 |
let wrong_host_badssl =
|
|
609 |
{|
|
|
610 |
CONNECTED(00000003)
|
|
611 |
---
|
|
612 |
Certificate chain
|
|
613 |
0 s:C = US, ST = California, L = Walnut Creek, O = Lucas Garron Torres, CN = *.badssl.com
|
|
614 |
i:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
|
|
615 |
-----BEGIN CERTIFICATE-----
|
|
616 |
MIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN
|
|
617 |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
|
|
618 |
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN
|
|
619 |
MjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
|
|
620 |
YTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g
|
|
621 |
VG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
|
|
622 |
A4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s
|
|
623 |
wEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn
|
|
624 |
n3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8
|
|
625 |
U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP
|
|
626 |
R3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn
|
|
627 |
hccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV
|
|
628 |
HSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp
|
|
629 |
cRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t
|
|
630 |
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
|
|
631 |
awYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et
|
|
632 |
c2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh
|
|
633 |
LXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH
|
|
634 |
AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG
|
|
635 |
AQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t
|
|
636 |
MEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl
|
|
637 |
cnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE
|
|
638 |
AdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO
|
|
639 |
HtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7
|
|
640 |
SFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ
|
|
641 |
VSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi
|
|
642 |
Vsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s
|
|
643 |
GO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U
|
|
644 |
iwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p
|
|
645 |
vfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG
|
|
646 |
9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64
|
|
647 |
xgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4
|
|
648 |
RLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te
|
|
649 |
uice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz
|
|
650 |
MwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP
|
|
651 |
CC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==
|
|
652 |
-----END CERTIFICATE-----
|
|
653 |
1 s:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
|
|
654 |
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
|
|
655 |
-----BEGIN CERTIFICATE-----
|
|
656 |
MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
|
|
657 |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
658 |
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
|
|
659 |
QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT
|
|
660 |
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg
|
|
661 |
U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
|
662 |
ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83
|
|
663 |
nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd
|
|
664 |
KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f
|
|
665 |
/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX
|
|
666 |
kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0
|
|
667 |
/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C
|
|
668 |
AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
|
|
669 |
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6
|
|
670 |
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1
|
|
671 |
oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD
|
|
672 |
QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
|
|
673 |
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh
|
|
674 |
xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
|
|
675 |
CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl
|
|
676 |
5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA
|
|
677 |
8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC
|
|
678 |
2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit
|
|
679 |
c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0
|
|
680 |
j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
|
|
681 |
-----END CERTIFICATE-----
|
|
682 |
---
|
|
683 |
Server certificate
|
|
684 |
subject=C = US, ST = California, L = Walnut Creek, O = Lucas Garron Torres, CN = *.badssl.com
|
|
685 |
|
|
686 |
issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
|
|
687 |
|
|
688 |
---
|
|
689 |
No client certificate CA names sent
|
|
690 |
Peer signing digest: SHA512
|
|
691 |
Peer signature type: RSA
|
|
692 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
693 |
---
|
|
694 |
SSL handshake has read 3398 bytes and written 447 bytes
|
|
695 |
Verification: OK
|
|
696 |
---
|
|
697 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
698 |
Server public key is 2048 bit
|
|
699 |
Secure Renegotiation IS supported
|
|
700 |
Compression: NONE
|
|
701 |
Expansion: NONE
|
|
702 |
No ALPN negotiated
|
|
703 |
SSL-Session:
|
|
704 |
Protocol : TLSv1.2
|
|
705 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
706 |
Session-ID: 3E96EF49E031153871907BFA4362E9AAD79785ED70996B1750AC7FB2004AA85D
|
|
707 |
Session-ID-ctx:
|
|
708 |
Master-Key: 67084AF570632BD11B554FF000D5F67A34923BF512D9AE20E57627C6C8FACF80FA6D74A9298BEE5C908F72666813F2CC
|
|
709 |
PSK identity: None
|
|
710 |
PSK identity hint: None
|
|
711 |
SRP username: None
|
|
712 |
Start Time: 1602435542
|
|
713 |
Timeout : 7200 (sec)
|
|
714 |
Verify return code: 0 (ok)
|
|
715 |
Extended master secret: no
|
|
716 |
---
|
|
717 |
|}
|
|
718 |
|
|
719 |
let incomplete_chain_badssl =
|
|
720 |
{|
|
|
721 |
CONNECTED(00000003)
|
|
722 |
---
|
|
723 |
Certificate chain
|
|
724 |
0 s:C = US, ST = California, L = Walnut Creek, O = Lucas Garron Torres, CN = *.badssl.com
|
|
725 |
i:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
|
|
726 |
-----BEGIN CERTIFICATE-----
|
|
727 |
MIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN
|
|
728 |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
|
|
729 |
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN
|
|
730 |
MjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
|
|
731 |
YTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g
|
|
732 |
VG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
|
|
733 |
A4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s
|
|
734 |
wEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn
|
|
735 |
n3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8
|
|
736 |
U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP
|
|
737 |
R3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn
|
|
738 |
hccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV
|
|
739 |
HSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp
|
|
740 |
cRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t
|
|
741 |
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
|
|
742 |
awYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et
|
|
743 |
c2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh
|
|
744 |
LXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH
|
|
745 |
AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG
|
|
746 |
AQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t
|
|
747 |
MEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl
|
|
748 |
cnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE
|
|
749 |
AdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO
|
|
750 |
HtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7
|
|
751 |
SFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ
|
|
752 |
VSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi
|
|
753 |
Vsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s
|
|
754 |
GO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U
|
|
755 |
iwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p
|
|
756 |
vfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG
|
|
757 |
9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64
|
|
758 |
xgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4
|
|
759 |
RLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te
|
|
760 |
uice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz
|
|
761 |
MwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP
|
|
762 |
CC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==
|
|
763 |
-----END CERTIFICATE-----
|
|
764 |
---
|
|
765 |
Server certificate
|
|
766 |
subject=C = US, ST = California, L = Walnut Creek, O = Lucas Garron Torres, CN = *.badssl.com
|
|
767 |
|
|
768 |
issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
|
|
769 |
|
|
770 |
---
|
|
771 |
No client certificate CA names sent
|
|
772 |
Peer signing digest: SHA512
|
|
773 |
Peer signature type: RSA
|
|
774 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
775 |
---
|
|
776 |
SSL handshake has read 2219 bytes and written 453 bytes
|
|
777 |
Verification error: unable to verify the first certificate
|
|
778 |
---
|
|
779 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
780 |
Server public key is 2048 bit
|
|
781 |
Secure Renegotiation IS supported
|
|
782 |
Compression: NONE
|
|
783 |
Expansion: NONE
|
|
784 |
No ALPN negotiated
|
|
785 |
SSL-Session:
|
|
786 |
Protocol : TLSv1.2
|
|
787 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
788 |
Session-ID: 3A7DBDAC0199C67176A6191BC6ACC812FF469163BD550FCC0AC4CD7190C4980D
|
|
789 |
Session-ID-ctx:
|
|
790 |
Master-Key: A45673CF402FD94CD1B0F4FF96DE8C2651B1DCDC230570AC62ACDAA7BF5D9235D1B66F9FBE4FFBE2746CF61935D5DB9D
|
|
791 |
PSK identity: None
|
|
792 |
PSK identity hint: None
|
|
793 |
SRP username: None
|
|
794 |
Start Time: 1602435786
|
|
795 |
Timeout : 7200 (sec)
|
|
796 |
Verify return code: 21 (unable to verify the first certificate)
|
|
797 |
Extended master secret: no
|
|
798 |
---
|
|
799 |
|}
|
|
800 |
|
|
801 |
let sha1_intermediate_badssl =
|
|
802 |
{|
|
|
803 |
CONNECTED(00000003)
|
|
804 |
---
|
|
805 |
Certificate chain
|
|
806 |
0 s:OU = Domain Control Validated, OU = COMODO SSL Wildcard, CN = *.badssl.com
|
|
807 |
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO SSL CA
|
|
808 |
-----BEGIN CERTIFICATE-----
|
|
809 |
MIIE8TCCA9mgAwIBAgIRAL4AQmnXWHlXEDwE56pO2LIwDQYJKoZIhvcNAQELBQAw
|
|
810 |
cDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
|
811 |
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxFjAUBgNV
|
|
812 |
BAMTDUNPTU9ETyBTU0wgQ0EwHhcNMTcwNDEzMDAwMDAwWhcNMjAwNTMwMjM1OTU5
|
|
813 |
WjBYMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAsT
|
|
814 |
E0NPTU9ETyBTU0wgV2lsZGNhcmQxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIw
|
|
815 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yo
|
|
816 |
aEmwIrX5lZ6xKyx2PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3
|
|
817 |
pmccYYz2QULFRtMWhyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CV
|
|
818 |
SndrOfEk0TG23U3AxPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5a
|
|
819 |
ohbcabFXRNsKEqveww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZ
|
|
820 |
jFeEU4EFy+b+a1SYQCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEA
|
|
821 |
AaOCAZwwggGYMB8GA1UdIwQYMBaAFBtrvR+KSRiUVDdVtCAX7Te5dxh9MB0GA1Ud
|
|
822 |
DgQWBBSd7sF7gQs6R2lxGH0RN5O8pRs/+zAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
|
|
823 |
AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgw
|
|
824 |
RjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j
|
|
825 |
b21vZG8uY29tL0NQUzAIBgZngQwBAgEwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDov
|
|
826 |
L2NybC5jb21vZG9jYS5jb20vQ09NT0RPU1NMQ0EuY3JsMGkGCCsGAQUFBwEBBF0w
|
|
827 |
WzAzBggrBgEFBQcwAoYnaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPU1NM
|
|
828 |
Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYD
|
|
829 |
VR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29tMA0GCSqGSIb3DQEBCwUA
|
|
830 |
A4IBAQCjAoXzYKLon9rpcYVKD1Y3zvIZyojAiUgibAi/v3trIBDA92bOCxBNgCyw
|
|
831 |
yU3yFR8eSriE1lROeZghScU/qMKqJQhNv8jSRKiCaVjX/6XGJeGjJ4vDZgkoFOAt
|
|
832 |
3BUpzUSqCNZPuHim6YSIWRgcoCgvqzvh9wVh/eRTMGt2naTfy2ieUkYSKleGbE91
|
|
833 |
DeCKiiAJlimR0MJ5xOznTvCMxvs0ZppG41F+ain6rmsKQaVZfw4IxJW+9KmtNO4g
|
|
834 |
EJO5rT+lOyz3t3Ij2yblHAwtcdxxwyA9BdvnIxfDcXVtNcqPNfBZRkhct/APO/yS
|
|
835 |
Ix4MYaiI3P48eZeMnLgiw/MOh2Vi
|
|
836 |
-----END CERTIFICATE-----
|
|
837 |
1 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO SSL CA
|
|
838 |
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
|
|
839 |
-----BEGIN CERTIFICATE-----
|
|
840 |
MIIE4jCCA8qgAwIBAgIQbrrwj3mD+p3hsm+W/G6YvzANBgkqhkiG9w0BAQUFADBv
|
|
841 |
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
|
|
842 |
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
|
|
843 |
eHRlcm5hbCBDQSBSb290MB4XDTExMDgyMzAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
|
|
844 |
cDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
|
845 |
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxFjAUBgNV
|
|
846 |
BAMTDUNPTU9ETyBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
|
847 |
AQDUKy4c0qP4f1UUQN73RN2EVfeFe1VmaaflWetlg/TzdrFmw09OmJMJt0Cz0Reg
|
|
848 |
EgmogOEpY5cCjDGdCgLgWVu77TC1735drwhOjYvCOVYWmHOUeArJpk8ot6g0N9sl
|
|
849 |
IbE8mfbgEj5z6mQyn0IGPBnYCgR6TFdJK9J3etAAvF76ju7MwuQTbiVf3DykiKPc
|
|
850 |
Sce8xw/dGcCxcu147ziDCkUXG8l9ne3fqywso3WuW4IdiIONzghlDGYmVwWhDN/m
|
|
851 |
B4QLhKPIq9WVR7/c3P4d/AKTRAHK5rW3axYwAV3piQmVnvheKVzdx1WM8o4gTkB6
|
|
852 |
5PVFA7SYK8SAflOHb8LSV7DpAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6
|
|
853 |
NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUG2u9H4pJGJRUN1W0IBftN7l3GH0w
|
|
854 |
DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAowCDAG
|
|
855 |
BgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNv
|
|
856 |
bS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYwgaMw
|
|
857 |
PwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
|
|
858 |
dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2VydHJ1
|
|
859 |
c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8v
|
|
860 |
b2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBDJTkjBwSsmV1Z
|
|
861 |
Zz3mL2F9WlZ7/AaNs0ud+tUFTA1mtb08x6Iqa7XP5rqDPmCQNgzVwu2KldmSQiMc
|
|
862 |
A3Y+wkjxdXKds4zPs1g0VkkdoS4rPbLoWhBG3mS1Ta5LbvwBtyEQ1ZW36yy+FAbM
|
|
863 |
QS7kbOJGkP/GKH5z/uUXuoLDEAWBZsKLKDigRD7p5M4zsHz44VOduLTL2sku2ZNw
|
|
864 |
jnwL43M+mZmP6+ERRDXYYIFiRdTeRVuQLkkbG9ukD4BiIXNp8ePebdhIfFYSJiIR
|
|
865 |
RwHGXhnCtJWX7mEAVfEEOPyE5ni0DUO+QzPdaNMiWwD7FILoS2J5MM/TlZ+zuYQB
|
|
866 |
1N3PIxL4
|
|
867 |
-----END CERTIFICATE-----
|
|
868 |
---
|
|
869 |
Server certificate
|
|
870 |
subject=OU = Domain Control Validated, OU = COMODO SSL Wildcard, CN = *.badssl.com
|
|
871 |
|
|
872 |
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO SSL CA
|
|
873 |
|
|
874 |
---
|
|
875 |
No client certificate CA names sent
|
|
876 |
Peer signing digest: SHA512
|
|
877 |
Peer signature type: RSA
|
|
878 |
Server Temp Key: ECDH, P-256, 256 bits
|
|
879 |
---
|
|
880 |
SSL handshake has read 3037 bytes and written 454 bytes
|
|
881 |
Verification error: certificate has expired
|
|
882 |
---
|
|
883 |
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
|
884 |
Server public key is 2048 bit
|
|
885 |
Secure Renegotiation IS supported
|
|
886 |
Compression: NONE
|
|
887 |
Expansion: NONE
|
|
888 |
No ALPN negotiated
|
|
889 |
SSL-Session:
|
|
890 |
Protocol : TLSv1.2
|
|
891 |
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
|
892 |
Session-ID: 1AA79F6F986D20959EFE3F4E293F2F5F05E1C33C779BB086A95C33B7B2A13716
|
|
893 |
Session-ID-ctx:
|
|
894 |
Master-Key: 0F738EDA295FEA1972787E50BDFE693B8E0504BA41AC9EE75A6630CAEBD150693CCE7D2209F6D89482B1319C5975EA97
|
|
895 |
PSK identity: None
|
|
896 |
PSK identity hint: None
|
|
897 |
SRP username: None
|
|
898 |
Start Time: 1602436102
|
|
899 |
Timeout : 7200 (sec)
|
|
900 |
Verify return code: 10 (certificate has expired)
|
|
901 |
Extended master secret: no
|
|
902 |
---
|
|
903 |
|}
|
|
904 |
|
|
905 |
let err_tests =
|
|
906 |
[
|
|
907 |
( "self-signed.badssl.com",
|
|
908 |
(fun _ _ -> `InvalidChain),
|
|
909 |
self_signed_badssl,
|
|
910 |
None );
|
|
911 |
( "expired.badssl.com",
|
|
912 |
(fun _ c -> `LeafCertificateExpired (List.hd c, Some now)),
|
|
913 |
expired_badssl,
|
|
914 |
None );
|
|
915 |
( "untrusted-root.badssl.com",
|
|
916 |
(fun _ _ -> `InvalidChain),
|
|
917 |
untrusted_root_badssl,
|
|
918 |
None );
|
|
919 |
( "wrong.host.badssl.com",
|
|
920 |
(fun h c -> `LeafInvalidName (List.hd c, Some h)),
|
|
921 |
wrong_host_badssl,
|
|
922 |
None );
|
|
923 |
( "incomplete-chain.badssl.com",
|
|
924 |
(fun _ _ -> `InvalidChain),
|
|
925 |
incomplete_chain_badssl,
|
|
926 |
None );
|
|
927 |
( "sha1-intermediate.badssl.com",
|
|
928 |
(fun _ _ -> `InvalidChain),
|
|
929 |
sha1_intermediate_badssl,
|
|
930 |
Ptime.of_date_time ((2020, 05, 30), ((16, 00, 00), 00)) );
|
|
931 |
( "wrong.host.google.com",
|
|
932 |
(fun h c -> `LeafInvalidName (List.hd c, Some h)),
|
|
933 |
google,
|
|
934 |
None );
|
|
935 |
]
|
|
936 |
|
|
937 |
let tests tas =
|
|
938 |
List.map
|
|
939 |
(fun (name, data) ->
|
|
940 |
let host = Domain_name.(of_string_exn name |> host_exn)
|
|
941 |
and chain =
|
|
942 |
Result.get_ok
|
|
943 |
(X509.Certificate.decode_pem_multiple (Cstruct.of_string data))
|
|
944 |
in
|
|
945 |
(name, `Quick, test_one tas (Ok (Some (chain, List.hd chain))) host chain))
|
|
946 |
ok_tests
|
|
947 |
@ List.map
|
|
948 |
(fun (name, result, data, time) ->
|
|
949 |
let host = Domain_name.(of_string_exn name |> host_exn)
|
|
950 |
and chain =
|
|
951 |
Result.get_ok
|
|
952 |
(X509.Certificate.decode_pem_multiple (Cstruct.of_string data))
|
|
953 |
in
|
|
954 |
(name, `Quick, test_one ?time tas (Error (result host chain)) host chain))
|
|
955 |
err_tests
|
|
956 |
|
|
957 |
let ta () =
|
|
958 |
Result.bind (Ca_certs.trust_anchors ()) (fun data ->
|
|
959 |
(* we cannot use decode_pem_multiple since this fails on the first
|
|
960 |
undecodable certificate - while we'd like to stay operational, and
|
|
961 |
ignore some certificates *)
|
|
962 |
let sep = "-----END CERTIFICATE-----" in
|
|
963 |
let certs = Astring.String.cuts ~sep ~empty:false data in
|
|
964 |
let cas =
|
|
965 |
List.fold_left
|
|
966 |
(fun acc data ->
|
|
967 |
let data = data ^ sep in
|
|
968 |
match X509.Certificate.decode_pem (Cstruct.of_string data) with
|
|
969 |
| Ok ca -> ca :: acc
|
|
970 |
| Error _ -> acc)
|
|
971 |
[] certs
|
|
972 |
in
|
|
973 |
Ok (List.rev cas))
|
|
974 |
|
|
975 |
let () =
|
|
976 |
let tas = Result.get_ok (ta ()) in
|
|
977 |
Alcotest.run "verification tests"
|
|
978 |
[ ("X509 certificate validation", tests tas) ]
|