# Untrusted certificates

[[cmd]]
name = "Using a DNS-over-HTTPS server with an expired certificate"
shell = "dog --https @https://expired.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: The certificate was not trusted." }
status = 1
tags = [ 'live', 'badssl', 'https' ]

[[cmd]]
name = "Using a DNS-over-HTTPS server with the wrong host in the certificate"
shell = "dog --https @https://wrong.host.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: The certificate was not trusted." }
status = 1
tags = [ 'live', 'badssl', 'https' ]

[[cmd]]
name = "Using a DNS-over-HTTPS server with a self-signed certificate"
shell = "dog --https @https://self-signed.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: The certificate was not trusted." }
status = 1
tags = [ 'live', 'badssl', 'https' ]

[[cmd]]
name = "Using a DNS-over-HTTPS server with an untrusted root certificate"
shell = "dog --https @https://untrusted-root.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: The certificate was not trusted." }
status = 1
tags = [ 'live', 'badssl', 'https' ]

[[cmd]]
name = "Using a DNS-over-HTTPS server with a revoked certificate"
shell = "dog --https @https://revoked.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: The certificate was not trusted." }
status = 1
tags = [ 'live', 'badssl', 'https' ]

[[cmd]]
name = "Using a DNS-over-HTTPS server with a known bad certificate"
shell = "dog --https @https://superfish.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: The certificate was not trusted." }
status = 1
tags = [ 'live', 'badssl', 'https' ]


# Handshake failures

[[cmd]]
name = "Using a DNS-over-HTTPS server that accepts the null cipher"
shell = "dog --https @https://null.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: handshake failure" }
status = 1
tags = [ 'live', 'badssl', 'https' ]

[[cmd]]
name = "Using a DNS-over-HTTPS server that accepts the rc4-md5 cipher"
shell = "dog --https @https://rc4-md5.badssl.com/ lookup.dog"
stdout = { empty = true }
stderr = { string = "Error [tls]: handshake failure" }
status = 1
tags = [ 'live', 'badssl', 'https' ]