tlspretense 0.6.1

data/lib/ssl_test/test_manager.rb

@@ -0,0 +1,116 @@
+module SSLTest
+  # Tracks testing state and handles reporting for the TestListener.
+  class TestManager
+    include PacketThief::Logging
+
+    attr_accessor :current_test
+    attr_reader :remaining_tests
+
+    attr_accessor :listener
+
+    attr_accessor :goodcacert
+    attr_accessor :goodcakey
+
+    def initialize(context, testlist, report, logger=nil)
+      @appctx = context
+      @testlist = testlist
+      @report = report
+      @logger = logger
+      @remaining_tests = @testlist.dup
+
+      @goodcacert = @appctx.cert_manager.get_cert("goodca")
+      @goodcakey = @appctx.cert_manager.get_key("goodca")
+
+      @pause = false
+      prepare_next_test(true)
+    end
+
+    # grabs the next test. Returns it, or nil if we are out of tests.
+    def prepare_next_test(first=false)
+      @current_test = @remaining_tests.shift
+
+      if current_test == nil
+        stop_testing
+      elsif @appctx.config.pause? and not first
+        pause
+      else
+        loginfo "Starting test: #{current_test.id}"
+      end
+
+      @start_time = Time.now
+    end
+
+    # Called when a test completes or is skipped. It adds an SSLTestResult to
+    # the report, and it cleans up after itself.
+    #
+    # :connected, :rejected, :sentdata
+    def test_completed(test, actual_result)
+      logdebug "test_completed", :actual_result => actual_result, :expected_result => test.expected_result, :test => test.id
+      return if actual_result == :running
+
+      passed = if @appctx.config.testing_method == 'tlshandshake'
+                 case test.expected_result.to_s
+                 when 'connected', :connected
+                   %w{connected sentdata}.include? actual_result.to_s
+                 when 'rejected', :rejected
+                   actual_result == :rejected
+                 else
+                   raise "Unknown expected_result: #{test.expected_result}"
+                 end
+               else # senddata, which requires data to be sent for it to pass.
+                 case test.expected_result
+                 when 'connected'
+                   actual_result == :sentdata
+                 when 'rejected'
+                   %w{rejected connected}.include? actual_result.to_s
+                 else
+                   raise "Unknown expected_result: #{test.expected_result}"
+                 end
+               end
+
+      str = SSLTestResult.new(test.id, passed)
+      str.description = test.description
+      str.expected_result = test.expected_result
+      str.actual_result = actual_result.to_s
+      str.start_time = @start_time
+      str.stop_time = Time.now
+
+      @report.add_result(str)
+
+      if actual_result == :skipped
+        loginfo "#{test.id}: Skipping test"
+      else
+        loginfo "#{test.id}: Finished test"
+      end
+
+      prepare_next_test if current_test == test
+    end
+
+    def stop_testing
+      loginfo "Stopping"
+      @listener.stop_server if @listener
+      EM.stop_event_loop
+    end
+
+    def paused?
+      @pause
+    end
+
+    def pause
+      @pause = true
+      loginfo "Press Enter to continue."
+    end
+
+    def unpause
+      if paused?
+        loginfo "Starting test: #{current_test.id}"
+        @pause = false
+      end
+    end
+
+    def testing_method
+      @appctx.config.testing_method
+    end
+
+  end
+end

data/lib/tlspretense.rb

@@ -0,0 +1,13 @@
+require 'fileutils'
+
+require 'ssl_test'
+require 'certmaker'
+require 'certmaker/runner'
+
+module TLSPretense
+  class CleanExitError < StandardError ; end
+
+  autoload :App,        'tlspretense/app'
+  autoload :InitRunner, 'tlspretense/init_runner'
+  autoload :VERSION,    'tlspretense/version'
+end

data/lib/tlspretense/app.rb

@@ -0,0 +1,52 @@
+module TLSPretense
+  class App
+    def initialize(args, stdin, stdout)
+      @args = args
+      @stdin = stdin
+      @stdout = stdout
+      @action_args = args.dup
+      @action = @action_args.shift
+    end
+
+    def usage
+      @stdout.puts <<-QUOTE
+Usage: #{0} action arguments...
+
+Actions:
+  init PATH   Creates a new TLSPretense working directory. This includes
+              configuration files and test certificates.
+  run         Run all or some of the test cases. Call `run -h` for more
+              information.
+  list, ls    List all or some of the test cases (equivalent to `run -l`).
+  ca          Checks for a ca, and generates it if needed.
+  certs       (Re)generate a suite of test certificates.
+  cleancerts  Remove the certs directory.
+QUOTE
+    end
+
+    def run
+      begin
+        case @action
+        when 'init'
+          InitRunner.new(@action_args, @stdin, @stdout).run
+        when 'run'
+          SSLTest::Runner.new(@action_args, @stdin, @stdout).run
+        when 'list', 'ls'
+          SSLTest::Runner.new(['--list'] + @action_args, @stdin, @stdout).run
+        when 'ca'
+          CertMaker::Runner.new.ca
+        when 'certs'
+          CertMaker::Runner.new.certs
+        when 'cleancerts'
+          CertMaker::Runner.new.clean
+        else
+          usage
+        end
+      rescue CleanExitError => e
+        @stdout.puts ""
+        @stdout.puts "#{e.class}: #{e}"
+        exit 1
+      end
+    end
+  end
+end

data/lib/tlspretense/init_runner.rb

@@ -0,0 +1,115 @@
+module TLSPretense
+  class InitRunner
+    include FileUtils
+
+    class InitError < CleanExitError ; end
+
+    def initialize(args, stdin, stdout)
+      @args = args
+      @stdin = stdin
+      @stdout = stdout
+    end
+
+    def run
+      if @args.length != 1
+        usage
+        return
+      end
+      path = @args[0]
+      check_environment
+      init_project(path)
+    end
+
+    def check_environment
+      @stdout.puts "Ruby and OpenSSL compatibility check..."
+      # Ruby check:
+      # TODO: detect non-MRI versions of Ruby such as jruby, ironruby
+      if ruby_version[:major] < 1 or ruby_version[:minor] < 9 or ruby_version[:patch] < 3
+        @stdout.puts <<-QUOTE.gsub(/^          /,'')
+          Warning: You are running TLSPretense on an unsupported version of Ruby:
+
+              RUBY_DESCRIPTION: #{RUBY_DESCRIPTION}
+
+          Use it at your own risk! TLSPretense was developed and tested on MRI Ruby
+          1.9.3. However, bug reports are welcome for Ruby 1.8.7 and later to try and
+          improve compatibility.
+
+          QUOTE
+      end
+      unless openssl_supports_sni?
+        @stdout.puts <<-QUOTE.gsub(/^          /,'')
+
+          Warning: Your version of Ruby and/or OpenSSL does not have the ability to set
+          the SNI hostname on outgoing SSL/TLS connections.
+
+          Testing might work fine, but if the client being tested sends the SNI TLS
+          extension to request the certificate for a certain hostname, TLSPretense will
+          be unable to request the correct certificate from the destination, which may
+          adversely affect testing.
+
+          QUOTE
+      end
+    end
+
+    def ruby_version
+      @ruby_version ||= (
+        v = {}
+        m = /^(.+)\.(.+)\.(.+)$/.match(RUBY_VERSION)
+        v[:major] = m[1].to_i
+        v[:minor] = m[2].to_i
+        v[:patch] = m[3].to_i
+        v
+      )
+    end
+
+    def openssl_supports_sni?
+      OpenSSL::SSL::SSLSocket.public_instance_methods.include? :hostname=
+    end
+
+    def init_project(path)
+      @stdout.print "Creating #{path}... "
+      raise InitError, "#{path} already exists!" if File.exist? path
+      mkdir_p path
+      @stdout.puts "Done"
+
+      @stdout.puts "Populating #{path}... "
+      skeldir = File.join(File.dirname(__FILE__), 'skel')
+      @stdout.print '    ' ; cp_r Dir.glob(File.join(skeldir,'*')), path, :verbose => true
+      @stdout.puts "Done"
+
+      @stdout.puts <<-QUOTE.gsub(/^        /,'')
+        Finished!
+
+        Now cd to #{path} and edit config.yml to suit your needs.
+
+        If you have an existing CA certificate and key you would like to use, you
+        should copy the PEM encoded certificate to:
+
+            #{path}/ca/goodcacert.pem
+
+        And you should copy the PEM encoded private key to:
+
+            #{path}/ca/goodcakey.pem
+
+        Otherwise you can use the preinstalled CA certificate or delete the ca
+        directory and run:
+
+            tlspretense ca
+
+        to generate a new CA (which you will then need to install so that the software
+        you are testing will trust it).
+
+        Refer to the guides on http://isecpartners.github.com/tlspretense/ for more
+        information on configuring your host to run TLSPretense.
+        QUOTE
+    end
+
+    def usage
+      @stdout.puts <<-QUOTE.gsub(/^        /,'')
+        Usage: #{0} init PATH
+
+        Creates a new TLSPretense working directory at PATH.
+        QUOTE
+    end
+  end
+end

data/lib/tlspretense/skel/ca/goodcacert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAg2gAwIBAgIECy0y7TANBgkqhkiG9w0BAQUFADAiMQswCQYDVQQGEwJV
+UzETMBEGA1UEAwwKVHJ1c3RlZCBDQTAeFw0xMjEwMDUyMjIwMjFaFw0xMzEwMDUy
+MjIwMjFaMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApUcnVzdGVkIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6clG32L98j4S9CqddFeup+NyxZmd
+SPuEqJpIJHPQn/oGDmqXg8qmDr+DayAKa2ZHVD0+p0ymBJ74kZlFg6apcE55WWet
+VfE6L491zfAyIqgVET//OPmDd0pgiBo78NXgwVoThMZ/79/fa0BddV02xqqLNuD5
+0lXYB918wEoN909y7kOtldcqSL0N8Ts0SHxXrT3zmh+t2Oz007khsq99W50VrYO+
+qzmeUpf1lJopFwRkBpkw1JoXwUL36Kfzqp0KgjEcgdxJU2DsfDIIcqcZEkCFEU9x
+dkaEq6pIAVT4Qegqb7oeLbMEyvRc253cMd5PkjITMa4DgbBeWrrm1QFm7wIDAQAB
+o2MwYTAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+DmhEoCTfJPfISxh9gBtZNVTDZikwHwYDVR0jBBgwFoAUDmhEoCTfJPfISxh9gBtZ
+NVTDZikwDQYJKoZIhvcNAQEFBQADggEBAEoG5up12jtiNII8MU4dziExht/xnJCa
+ZwlVfsnY9coJ8BDw26T3Qk4qYZuWlQz/XVl3ERquHqRITE5ltcLpjgADWIIa09AT
+eZC2lay/Bprevo4DbSRw+nfHF1YOECIRSPfIiA15/f3XsNoB/8kV+vvLxZbQ1Sfi
+C3YXgiqXBtN72kxCfMwpekBXO77p+//Fu2UYiqbyd+W5U79l7B+U6c6CfqfGLhhW
+Up6KBNu9znx9FJUMtQi3qGqb3JFgKZKAdusb3DYDvssWiXRsjFKtswQXwuBH97f1
+cEr7mv5mLsBfgQrAJCZXwpaUIxLMHwAsRfgktiO5iqFalB9Gf4q7YIo=
+-----END CERTIFICATE-----

data/lib/tlspretense/skel/ca/goodcakey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA6clG32L98j4S9CqddFeup+NyxZmdSPuEqJpIJHPQn/oGDmqX
+g8qmDr+DayAKa2ZHVD0+p0ymBJ74kZlFg6apcE55WWetVfE6L491zfAyIqgVET//
+OPmDd0pgiBo78NXgwVoThMZ/79/fa0BddV02xqqLNuD50lXYB918wEoN909y7kOt
+ldcqSL0N8Ts0SHxXrT3zmh+t2Oz007khsq99W50VrYO+qzmeUpf1lJopFwRkBpkw
+1JoXwUL36Kfzqp0KgjEcgdxJU2DsfDIIcqcZEkCFEU9xdkaEq6pIAVT4Qegqb7oe
+LbMEyvRc253cMd5PkjITMa4DgbBeWrrm1QFm7wIDAQABAoIBAAZIK0hbX5l/w4Ce
+GIcEyCOov+/BVfGdGI5zPtcD6aoyzLDcel/HNTkWOlDJlp4WLHp9/s3+CEP9hY5c
+APstokXrReV6HLU/eyHGCBNVjfNScuZ4wsHkKn0tGXTux4eMJ7LqWbXqo4tth5JZ
+M2mw7ITgFkeOOghF2D013WFJXCC2C6jgJ/QIK2RYehNlPFUbjWrBFIh3Jg1nbfg9
+WuextjpQqB8dA+1t5FzqhaWXmubIvBvYMjdRuYa63WgCN3VOaI6qqi+bVIbE2SyE
+KNOAT0Lj4F/svJ3O8J1a28eaLKJ370K8x3FLfAgu+NzZG7JI1o3bdsDXmPm3yMwF
+HP8K6lECgYEA+oXOhGFo9X6zph7EFLik9XRZkOTwM2E/FjaaObwuQll84e/3mx/G
+CsPc3+Oc+bhbUn94lAqSNFROASukE1/4yHr8lJdABOmarJpOXm7luSPl/dug85XR
+gpz2u9/lVtiXc/4iLM0UENrTWgmZ9rhh1PSD8ZbA5EXxGNnFfAzqqWcCgYEA7uXL
+iWno1qieyWKhB6vE/ZSMrz1MxKwWoOD2U4futPixgrX32oDdlS889yWKajBW8upf
+Qkr7/YbGtzqr27WCZ/WVOYWAe1lwMpm8gmCg2I+NFD/XaG2IR/A/9QWtO9krPv7j
+p874BLQ8MFkR6xZDzq9pt7rbacNqAjmYFgHQeTkCgYBgFNeKwA1QMkLWUHBlfheO
+KAx93MAfBIn8i/6EbB7VxZp20OEG9p2u3UWl/Jbk04b60fa92HwQY9Dy8/jekW1J
+/plGp+eeurVew2ORJjkm05TO0uAc6/XJgUfD8G/16eXUT8BtrE2o1TRAEPSiwj6L
+PSgpjOb35bc9D7CFDjMluwKBgQDN2ZabjnYCWYORNfpZmMoCUzkyWtjGcx6Ae7fl
+XDD1IYIbhl7OmdHVFcIrl96AB600XX29qs0dtT+PbO/fPrTijXuK+B0wrG2APHZx
+xX9ze6Zt92DOa+tNSZhisgSGmGeqPYm+9BlEPGXMp0NIVYQSGZY3qbwckzTKPARv
+mhqgCQKBgQCGQMrlWCb/mEvoroQ8JsTltsXuB1qbVtYudlkOWTMTGdw82lQQFVQ8
+r9rIDSOoTS/70aCvpQg3jFipJ5vFkPucYspM2jE22LvwqncaUg3KJ0hWcbzZJSxE
+tPLj+I5PQWOR8Gljsik4OhstpU9GOumOyL+EL1MG1+8woArH3P0cTA==
+-----END RSA PRIVATE KEY-----

data/lib/tlspretense/skel/config.yml

@@ -0,0 +1,523 @@
+---
+# This hostname is the one that the test runner will actually perform its test
+# against. All other intercepted SSL connections will use the original
+# certificate, but doctored to use the goodca. For this hostname, the SSL
+# interceptor will present the configured certificate chain of generated
+# certificates.
+#
+# Additionally, the defaultsubject and defaultsubjectwithnull strings will
+# replace %HOSTNAME% with this value during certificate generation.
+#hostname: my.hostname.com
+hostname: www.isecpartners.com
+
+# Configuration options to pass to PacketThief to configure your firewall.
+packetthief:
+  # Explicitly declare what firewall implementation to use for intercepting
+  # traffic. It is also needed to discover the original destination of
+  # intercepted network traffic. There are two special implementations: the
+  # 'manual' implementation is meant for when you don't use a firewall at all.
+  # In this case, you must explicitly provide an original destination for the
+  # proxy to forward all intercepted traffic to.
+  #
+  # The second special implementation is 'external'. This means that you are
+  # using a supported firewall, but you want to configure the redirection rule
+  # outside of TLSPretense. In this case, you need to name an actual firewall
+  # implementation so that the socket that receives the intercepted connection
+  # can acquire the original destination (redirected connections provide their
+  # original destination through various standard socket APIs).
+  #
+  # It the implementation is left commented out, then TLSPretense will guess
+  # which implementation to use.
+  #
+  # Options:
+  #
+  # - netfilter                 Linux netfilter
+  #
+  # - ipfw                      MacOSX10.6/BSD ipfw
+  #
+  # - pfrdr                     MacOSX10.7(and 10.8)'s version of PF
+  #
+  # - manual(destination)       If you choose manual, you must also choose a
+  #                             default destination address or hostname.
+  #
+  # - external(implementation)  Use firewall rules that are not managed by the
+  #                             test harness, but that might provide us with
+  #                             the original destination.
+  #implementation: manual(www.isecpartners.com)
+
+  # The remaining options are used to construct the firewall rule:
+  protocol: tcp
+  dest_port: 443
+  # Linux-like interface:
+  in_interface: eth1
+  # Mac OS X-like interface:
+  #in_interface: en1
+
+# The port that PacketThief should redirect traffic to, and the port that the
+# SSL interceptor will run on during each test.
+listener_port: 54321
+
+# The testing_method is used to determine whether the client has accepted or
+# rejected a certificate. If you find any of these to be unreliable, then you
+# will need to determine pass/fail yourself.
+#
+# - tlshandshake    We say that the client accepts a test if it completes the
+#                   TLS handshake, and it rejects a request if it does not
+#                   complete the handshake.
+# - senddata        We say that the client accepts a test if it sends data,
+#                   instead of whether it completes the TLS handshake. This may
+#                   be necessary for Android and probably other Java-based SSL
+#                   using code.
+testing_method: senddata
+
+# Meta-configuration for certificate generation. These values affect the
+# default settings for certificate generation.
+certmaker:
+  # The default subject string used by the generated certificates. Note that
+  # the substring %HOSTNAME% will be replaced with the value of hostname.
+  defaultsubject: &defaultsubject "C=US, CN=%HOSTNAME%"
+
+  # The default subject string for the null in subject certificate test.
+  # Intended to be almost identical to the defaultsubject.
+  defaultsubjectwithnull: &defaultsubjectwithnull "C=US, CN=%HOSTNAME%\0.foo.com"
+
+  # a subject string, but with the the hostname's parent domain instead of its
+  # domain. A test that should fail.
+  defaultparentsubject: &defaultparentsubject "C=US, CN=%PARENTHOSTNAME%"
+
+  # The directory where pregenerated certificates should be stored.
+  outdir: certs
+
+  # If a serial number is not explicitly set on a certificate definition, then
+  # this value helps decide how the certificate factory generates the
+  # certificate. Possible values:
+  #
+  # * <a number>  Use this predefined value as the serial number. Note that
+  #               some SSL clients (eg, Firefox) will detect duplicate serial
+  #               numbers during a single run of the application.
+  #
+  # * random      randomly generate a serial number
+  missing_serial_generation: random
+
+  # customgoodca allows you to load a CA certificate and key from a file. If it
+  # is commented out, then CertMaker will generate a new CA every time it is
+  # run. If this entry exists, but the files do not exist, then the first time
+  # goodca is generated, it will also be copied to these file locations in
+  # order to reuse it in the future.
+  customgoodca:
+    # The path to the PEM encoded certificate:
+    certfile: ca/goodcacert.pem
+    # The path to the PEM encoded key:
+    keyfile:  ca/goodcakey.pem
+    # Uncomment keypass and set the password only if your key needs a password.
+    # If there is no password, leave it commented out. Note that the copy of
+    # the CA that will be created in the certs directory will not have any
+    # password protection.
+    #keypass: changeme
+
+logger:
+  level: INFO
+  file: '-'
+
+certs:
+  goodca: &goodca
+    subject: "C=US, CN=Trusted CA"
+    issuer: self
+    not_before: now
+    not_after: +365
+    extensions:
+    - "keyUsage = critical, keyCertSign"  # can sign certificates
+    - "basicConstraints = critical,CA:true"
+    - "subjectKeyIdentifier=hash"
+    - "authorityKeyIdentifier=keyid:always"
+    key_type: RSA
+    key_size: 1024
+    signing_alg: SHA1
+
+  unknownca: &unknownca
+    <<: *goodca
+    subject: "C=US, CN=Unknown CA"
+
+  goodintermediate: &goodintermediate
+    <<: *goodca
+    subject: "C=US, CN=Intermediate Cert"
+    issuer: goodca
+
+  baseline: &baseline
+    subject: *defaultsubject
+    issuer: goodca
+    not_before: now
+    not_after: +365
+    extensions:
+    - "keyUsage=digitalSignature, keyEncipherment" # can sign data and can encrypt symmetric keys
+    - "extendedKeyUsage=serverAuth, clientAuth" # can be used as both a www server cert and www client cert
+    - "authorityKeyIdentifier=keyid:always"
+    - "subjectKeyIdentifier=hash"
+    - "basicConstraints = critical,CA:FALSE"
+    key_type: RSA
+    key_size: 1024
+    signing_alg: SHA1
+
+  wrongcname: &wrongcname
+    <<: *baseline
+    subject: "C=US, CN=www.foo.com"
+
+  parentcname: &parentcname
+    <<: *baseline
+    subject: *defaultparentsubject
+
+  nullincname: &nullincname
+    <<: *baseline
+    subject: *defaultsubjectwithnull
+
+  baselinesubjectaltname: &baselinesubjectaltname
+    <<: *baseline
+    addextensions:
+    - "subjectAltName=DNS:%HOSTNAME%"
+
+  subjectaltnameonly: &subjectaltnameonly
+    <<: *baseline
+    subject: "C=US, O=My Awesome Organization"
+    addextensions:
+    - "subjectAltName=DNS:%HOSTNAME%"
+
+  wrongsubjectaltnamerightsubject: &wrongsubjectaltnamerightsubject
+    <<: *baseline
+    addextensions:
+    - "subjectAltName=DNS:www.foo.com"
+
+  wrongsubjectaltnamewrongsubject: &wrongsubjectaltnamewrongsubject
+    <<: *baseline
+    subject: "C=US, CN=www.foo.com"
+    addextensions:
+    - "subjectAltName=DNS:www.foo.com"
+
+  # This fails to generate as desired. the null byte truncates the
+  # subjectAltName somewhere within OpenSSL. We need to manually construct the
+  # ASN1 encoding ourselves.
+#  nullinsubjectaltname: &nullinsubjectaltname
+#    <<: *subjectaltnameonly
+#    addextensions:
+#    - "subjectAltName=DNS:%HOSTNAME%\x00.foo.com, DNS:another.com"
+
+  parentinsubjectaltname: &parentinsubjectaltname
+    <<: *subjectaltnameonly
+    addextensions:
+    - "subjectAltName=DNS:%PARENTHOSTNAME%"
+
+  # extended key usage specifies code signing instead of serverAuth
+  wrongextendedkeyusage: &wrongextendedkeyusage
+    <<: *baseline
+    blockextensions:
+    - extendedKeyUsage
+    addextensions:
+    - "extendedKeyUsage = codeSigning"
+
+  rightextendedkeyusagecrit: &rightextendedkeyusagecrit
+    <<: *baseline
+    blockextensions:
+    - extendedKeyUsage
+    addextensions:
+    - "extendedKeyUsage = critical,serverAuth"
+  wrongextendedkeyusagecrit: &wrongextendedkeyusagecrit
+    <<: *baseline
+    blockextensions:
+    - extendedKeyUsage
+    addextensions:
+    - "extendedKeyUsage = critical,codeSigning"
+
+  selfsigned: &selfsigned
+    <<: *baseline
+    issuer: self
+    blockextensions:
+    - authorityKeyIdentifier
+
+  unknowncacert: &unknowncacert
+    <<: *baseline
+    issuer: unknownca
+
+  badsignature: &badsignature
+    <<: *baseline
+    signing_key: unknownca # signing_key defaults to the issuer unless added.
+
+  # we should probably also check for bad keyUsage, since keyUsage=keyCertSign also grants CA abilities
+  cafalseintermediate: &cafalseintermediate
+    <<: *baseline
+    subject: "C=US, CN=Intermediate with BasicConstraints CA:FALSE"
+
+  signedbycafalseint: &signedbycafalseint
+    <<: *baseline
+    issuer: cafalseintermediate
+
+  # we should probably also check for bad keyUsage, since keyUsage=keyCertSign also grants CA abilities
+  nobcintermediate: &nobcintermediate
+    <<: *baseline
+    subject: "C=US, CN=Intermediate with no basicConstraints"
+    blockextensions:
+    - basicconstraints
+
+  signedbynobcint:
+    <<: *baseline
+    issuer: nobcintermediate
+
+  badsigintermediate:
+    <<: *goodintermediate
+    subject: "C=US, CN=Intermediate with bad signature"
+    signing_key: unknownca # signing_key defaults to the issuer unless added
+
+  signedbybadsigintermediate:
+    <<: *baseline
+    issuer: badsigintermediate
+
+  # identical to goodca, but with its own key
+  cawithdifferentkey:
+    <<: *goodca
+
+  signedbydifferentkey:
+    <<: *baseline
+    issuer: cawithdifferentkey
+
+  expiredcert:
+    <<: *baseline
+    not_before: -365
+    not_after: -30
+
+  notyetvalidcert:
+    <<: *baseline
+    not_before: 365
+    not_after: 730
+
+  expiredintermediate:
+    <<: *goodintermediate
+    subject: "C=US, CN=Expired Intermediate"
+    not_before: -365
+    not_after: -30
+
+  signedbyexpiredint:
+    <<: *baseline
+    issuer: expiredintermediate
+
+  signedwithmd5:
+    <<: *baseline
+    signing_alg: MD5
+
+  signedwithmd4:
+    <<: *baseline
+    signing_alg: MD4
+
+  expiredca: &expiredca
+    <<: *goodca
+    subject: "C=US, CN=Expired CA"
+    not_before: -365
+    not_after: -30
+
+  signedbyexpiredca:
+    <<: *baseline
+    issuer: expiredca
+
+
+tests:
+# baseline
+- alias: baseline
+  name: Baseline Happy Test
+  certchain:
+  - baseline
+  - goodca
+  expected_result: connected
+
+# cname tests
+- alias: wrongcname
+  name: Wrong CNAME
+  certchain:
+  - wrongcname
+  - goodca
+  expected_result: rejected
+
+# cname tests
+- alias: parentcname
+  name: "Parent domain's CNAME"
+  certchain:
+  - parentcname
+  - goodca
+  expected_result: rejected
+
+- alias: nullincname
+  name: Null character in CNAME
+  certchain:
+  - nullincname
+  - goodca
+  expected_result: rejected
+
+# subjectAltName tests
+- alias: happysubjectaltname
+  name: Hostname is a dnsName in subjectAltName and in subject
+  certchain:
+  - baselinesubjectaltname
+  - goodca
+  expected_result: connected
+
+- alias: happysubjectaltnameonly
+  name: hostname only a dnsName subjectAltName
+  certchain:
+  - subjectaltnameonly
+  - goodca
+  expected_result: connected
+
+- alias: wrongsubjectaltnamewrongsubject
+  name: hostname in neither subjectAltName nor subject
+  certchain:
+  - wrongsubjectaltnamewrongsubject
+  - goodca
+  expected_result: rejected
+
+- alias: wrongsubjectaltnamerightsubject
+  name: hostname in subject but not in subjectAltName
+  certchain:
+  - wrongsubjectaltnamerightsubject
+  - goodca
+  expected_result: rejected
+
+#- alias: nullinsubjectaltname
+#  name: "null byte in subjectAltName"
+#  certchain:
+#  - nullinsubjectaltname
+#  - goodca
+#  expected_result: rejected
+#
+- alias: parentinsubjectaltname
+  name: "parent domain in subjectAltName"
+  certchain:
+  - parentinsubjectaltname
+  - goodca
+  expected_result: rejected
+
+# key usage
+- alias: wrongextendedkeyusage
+  name: extendedKeyUsage lacks serverAuth
+  certchain:
+  - wrongextendedkeyusage
+  - goodca
+  expected_result: rejected
+
+- alias: rightextendedkeyusagecrit
+  name: extendedKeyUsage lacks serverAuth
+  certchain:
+  - rightextendedkeyusagecrit
+  - goodca
+  expected_result: connected
+
+#####################
+# This one fails against Java/Android's standard SSL client code.
+- alias: wrongextendedkeyusagecrit
+  name: extendedKeyUsage lacks serverAuth
+  certchain:
+  - wrongextendedkeyusagecrit
+  - goodca
+  expected_result: rejected
+#####################
+
+# cert chain issues
+- alias: selfsigned
+  name: Selfsigned certificate
+  certchain:
+  - selfsigned
+  expected_result: rejected
+
+- alias: unknownca
+  name: Signed by an untrusted CA
+  certchain:
+  - unknowncacert
+  - unknownca
+  expected_result: rejected
+
+- alias: differentkeyca
+  name: Signed by an untrusted CA (provided in the chain) with the same name but a different key
+  certchain:
+  - signedbydifferentkey
+  - cawithdifferentkey
+  expected_result: rejected
+
+- alias: badsignature
+  name: Bad signature
+  certchain:
+  - badsignature
+  - goodca
+  expected_result: rejected
+
+- alias: cafalseintermediate
+  name: "Intermediate certificate where BasicConstraints sets CA:FALSE"
+  certchain:
+  - signedbycafalseint
+  - cafalseintermediate
+  - goodca
+  expected_result: rejected
+
+- alias: nobcintermediate
+  name: Intermediate certificate lacks BasicConstraints
+  certchain:
+  - signedbynobcint
+  - nobcintermediate
+  - goodca
+  expected_result: rejected
+
+- alias: badsigonintermediate
+  name: Intermediate certificate has bad signature from CA
+  certchain:
+  - signedbybadsigintermediate
+  - badsigintermediate
+  - goodca
+  expected_result: rejected
+
+- alias: signedwithmd5
+  name: Certificate signed with MD5
+  certchain:
+  - signedwithmd5
+  - goodca
+  expected_result: rejected
+
+- alias: signedwithmd4
+  name: Certificate signed with MD4
+  certchain:
+  - signedwithmd4
+  - goodca
+  expected_result: rejected
+
+## Need OpenSSL built with MD2 support
+#- alias: signedwithmd2
+#  name: Certificate signed with MD2
+#  certchain:
+#  - signedwithmd2
+#  - goodca
+#  expected_result: rejected
+
+- alias: expiredcert
+  name: Certificate that has expired
+  certchain:
+  - expiredcert
+  - goodca
+  expected_result: rejected
+
+- alias: notyetvalidcert
+  name: Certificate that is valid in the future
+  certchain:
+  - notyetvalidcert
+  - goodca
+  expected_result: rejected
+
+- alias: expiredintermediate
+  name: Certificate signed by an intermediate that has expired
+  certchain:
+  - signedbyexpiredint
+  - expiredintermediate
+  - goodca
+  expected_result: rejected
+
+# This requires installing the expired CA that is also installed into the
+# client's trusted root store.
+#- alias: expiredca
+#  name: "Certificate signed by a trusted, but expired CA"
+#  certchain:
+#  - signedbyexpiredca
+#  - expiredca
+#  expected_result: rejected
+