Add badssl tests for DNS-over-HTTPS

This commit adds Specsheet checks that connect to invalid TLS servers over at badssl.

dog used to write "No results" to stdout, because the check was in there twice. It didn't quite make sense to say "No results" when there was an error, so that println was removed.

src/table.rs

@@ -74,10 +74,7 @@ impl Table {
 
     /// Prints the formatted table to stdout.
     pub fn print(self, duration: Option<Duration>) {
-        if self.rows.is_empty() {
-            println!("No results");
-        }
-        else {
+        if ! self.rows.is_empty() {
             let qtype_len = self.max_qtype_len();
             let qname_len = self.max_qname_len();
             let ttl_len   = self.max_ttl_len();

xtests/badssl.toml

@@ -0,0 +1,68 @@
+# Untrusted certificates
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server with an expired certificate"
+shell = "dog --https @https://expired.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: The certificate was not trusted." }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server with the wrong host in the certificate"
+shell = "dog --https @https://wrong.host.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: The certificate was not trusted." }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server with a self-signed certificate"
+shell = "dog --https @https://self-signed.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: The certificate was not trusted." }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server with an untrusted root certificate"
+shell = "dog --https @https://untrusted-root.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: The certificate was not trusted." }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server with a revoked certificate"
+shell = "dog --https @https://revoked.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: The certificate was not trusted." }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server with a known bad certificate"
+shell = "dog --https @https://superfish.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: The certificate was not trusted." }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+
+# Handshake failures
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server that accepts the null cipher"
+shell = "dog --https @https://null.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: handshake failure" }
+status = 1
+tags = [ 'live', 'badssl' ]
+
+[[cmd]]
+name = "Using a DNS-over-HTTPS server that accepts the rc4-md5 cipher"
+shell = "dog --https @https://rc4-md5.badssl.com/ lookup.dog"
+stdout = { empty = true }
+stderr = { string = "Error [http]: error trying to connect: handshake failure" }
+status = 1
+tags = [ 'live', 'badssl' ]