Skip to content

Instantly share code, notes, and snippets.

@greggles
Created July 20, 2017 22:06
Show Gist options
  • Save greggles/66c9c350742c5fd85724c07a6b6343f6 to your computer and use it in GitHub Desktop.
Save greggles/66c9c350742c5fd85724c07a6b6343f6 to your computer and use it in GitHub Desktop.
<?php
print "<pre>";
$urls = [
[
'url' => 'https://badssl.com/',
'expected_http' => 200,
'expected_curl_errno' => 0,
'expected_curl_error' => '',
],
// cool, works normal ^
[
'url' => 'https://revoked.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something for sure',
],
[
'url' => 'https://pinning-test.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something, for sure',
],
[
'url' => 'https://tls-v1-0.badssl.com/',
'port' => 1010,
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something, for sure',
],
[
'url' => 'https://tls-v1-1.badssl.com/',
'port' => 1011,
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something, for sure',
],
[
'url' => 'https://tls-v1-1.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something, for sure',
],
[
'url' => 'https://no-common-name.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'maybe something?',
],
[
'url' => 'https://no-subject.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'probably something',
],
[
'url' => 'https://sha1-intermediate.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something, for sure',
],
[
'url' => 'https://cbc.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'maybe something',
],
[
'url' => 'https://3des.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'maybe something?',
],
[
'url' => 'https://dh-small-subgroup.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'maybe something?',
],
[
'url' => 'https://dh-composite.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'maybe something?',
],
[
'url' => 'https://dh1024.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'something, probably',
],
[
'url' => 'https://dh2048.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'something, probably',
],
[
'url' => 'https://invalid-expected-sct.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'something, for sure',
],
// Failed - false errno = 0^^
[
'url' => 'https://bad.host.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: Invalid certificate chain',
],
[
'url' => 'https://untrusted-root.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: Invalid certificate chain',
],
// failed - errno 60 but gave error text "unable to get local issuer certificate" instead of the same error I get from CLI version of cURL.
[
'url' => 'https://expired.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: certificate has expired',
],
[
'url' => 'https://wrong.host.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 51,
'expected_curl_error' => 'SSL: no alternative certificate subject name matches target host name \'wrong.host.badssl.com\'',
],
[
'url' => 'https://self-signed.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: self signed certificate',
],
[
'url' => 'https://incomplete-chain.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: unable to get local issuer certificate',
],
[
'url' => 'https://rc4-md5.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure',
],
[
'url' => 'https://rc4.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure',
],
[
'url' => 'https://null.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure',
],
[
'url' => 'https://dh480.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small',
],
[
'url' => 'https://dh512.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 35,
'expected_curl_error' => 'error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small',
],
[
'url' => 'https://superfish.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: unable to get local issuer certificate',
],
[
'url' => 'https://edellroot.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: unable to get local issuer certificate',
],
[
'url' => 'https://dsdtestprovider.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: unable to get local issuer certificate',
],
[
'url' => 'https://preact-cli.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: unable to get local issuer certificate',
],
[
'url' => 'https://webpack-dev-server.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: unable to get local issuer certificate',
],
[
'url' => 'https://sha1-2016.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: certificate has expired',
],
[
'url' => 'https://sha1-2017.badssl.com/',
'expected_http' => 0,
'expected_curl_errno' => 60,
'expected_curl_error' => 'SSL certificate problem: certificate has expired',
],
];
$cool = $error = 0;
foreach ($urls as $url) {
print "Url is " . $url['url']. PHP_EOL;
// Make that call.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
if (isset($url['port'])) {
curl_setopt($ch, CURLOPT_PORT, $url['port']);
}
// Below needs curl 7.41.0 or later (Ubuntu 14.04 has 7.35).
// curl_setopt($ch, CURLOPT_SSL_VERIFYSTATUS, TRUE);
$result= curl_exec($ch);
$info = curl_getinfo($ch);
$curl_error = curl_error($ch);
$curl_errno = curl_errno($ch);
if ($info['http_code'] !== $url['expected_http']) {
$error++;
print sprintf("Error: Found HTTP code '%s' doesn't match the expected http code of '%s'", $info['http_code'], $url['expected_http']) . PHP_EOL;
}
else {
$cool++;
print sprintf("Cool: Found HTTP code '%s' matches the expected http code of '%s'", $info['http_code'], $url['expected_http']) . PHP_EOL;
}
if ($curl_error !== $url['expected_curl_error']) {
$error++;
print sprintf("Error: Found CURL error '%s' doesn't match the expected CURL error of '%s'", $curl_error, $url['expected_curl_error']) . PHP_EOL;
}
else {
$cool++;
print sprintf("Cool: Found CURL error '%s' matches the expected CURL error of '%s'", $curl_error, $url['expected_curl_error']) . PHP_EOL;
}
if ($curl_errno !== $url['expected_curl_errno']) {
$error++;
print sprintf("Error: Found CURL error '%s' doesn't match the expected CURL error of '%s'", $curl_errno, $url['expected_curl_errno']) . PHP_EOL;
}
else {
$cool++;
print sprintf("Cool: Found CURL error '%s' matches the expected CURL error of '%s'", $curl_errno, $url['expected_curl_errno']) . PHP_EOL;
}
// All done with that.
curl_close($ch);
}
print "There were $cool cool cases and $error error cases.";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment