From 7b2804df419f7b9c93d1b1b0baeae2e978f300e7 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 24 Nov 2025 10:48:41 +0100
Subject: [PATCH] remove STARTTLS

---
 t/21_baseline_starttls.t | 77 ++++------------------------------------
 1 file changed, 7 insertions(+), 70 deletions(-)

diff --git a/t/21_baseline_starttls.t b/t/21_baseline_starttls.t
index 17be160..bf498f5 100755
--- a/t/21_baseline_starttls.t
+++ b/t/21_baseline_starttls.t
@@ -33,10 +33,8 @@ my $openssl_regex_bl='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client c
 
 die "Unable to open $prg" unless -f $prg;
 
-$uri="smtp-relay.gmail.com:587";
-
-
 #1
+$uri="smtp-relay.gmail.com:587";
 # unlink "tmp.json";
 # we will have client simulations later, so we don't need to run everything again:
 printf "\n%s\n", "STARTTLS SMTP unit test via sockets --> $uri ...";
@@ -46,16 +44,7 @@ unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
 #2
-# unlink "tmp.json";
-printf "\n%s\n", "STARTTLS SMTP unit tests via OpenSSL --> $uri ...";
-$openssl_out = `$prg --ssl-native $check2run_smtp -t smtp $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-unlike($openssl_out, qr/$openssl_regex_bl/, "");
-$tests++;
-
 $uri="pop.gmx.net:110";
-
-#3
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS POP3 unit tests via sockets --> $uri ...";
 $socket_out = `$prg $check2run -t pop3 $uri 2>&1`;
@@ -63,16 +52,8 @@ $socket_out = `$prg $check2run -t pop3 $uri 2>&1`;
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
-#4
-printf "\n%s\n", "STARTTLS POP3 unit tests via OpenSSL --> $uri ...";
-$openssl_out = `$prg --ssl-native $check2run -t pop3 $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-unlike($openssl_out, qr/$openssl_regex_bl/, "");
-$tests++;
-
+#3
 $uri="imap.gmx.net:143";
-
-#5
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS IMAP unit tests via sockets --> $uri ...";
 $socket_out = `$prg $check2run -t imap $uri 2>&1`;
@@ -80,16 +61,8 @@ $socket_out = `$prg $check2run -t imap $uri 2>&1`;
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
-#6
-printf "\n%s\n", "STARTTLS IMAP unit tests via OpenSSL --> $uri ...";
-$openssl_out = `$prg --ssl-native $check2run -t imap $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-unlike($openssl_out, qr/$openssl_regex_bl/, "");
-$tests++;
-
+#4
 $uri="mail.tigertech.net:4190";
-
-#7
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS MANAGE(SIEVE) unit tests via sockets --> $uri ...";
 $socket_out = `$prg $check2run -t sieve $uri 2>&1`;
@@ -97,9 +70,8 @@ $socket_out = `$prg $check2run -t sieve $uri 2>&1`;
 unlike($openssl_out, qr/$openssl_regex_bl/, "");
 $tests++;
 
+#5
 $uri="jabber.org:5222";
-
-#8
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS XMPP unit tests via sockets --> $uri ...";
 $socket_out = `$prg $check2run -t xmpp $uri 2>&1`;
@@ -109,12 +81,6 @@ $tests++;
 
 # commented out, bc of travis' limits
 #
-#printf "\n%s\n", "STARTTLS XMPP unit tests via OpenSSL --> $uri ...";
-#$openssl_out = `$prg --ssl-native $check2run -t xmpp $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-#unlike($openssl_out, qr/$openssl_regex_bl/, "");
-#$tests++;
-
 # $uri="jabber.ccc.de:5269";
 # printf "\n%s\n", "Quick STARTTLS XMPP S2S unit tests via sockets --> $uri ...";
 # $openssl_out = `$prg --openssl=/usr/bin/openssl -p $check2run -t xmpp-server $uri 2>&1`;
@@ -122,10 +88,8 @@ $tests++;
 # unlike($openssl_out, qr/$openssl_regex_bl/, "");
 # $tests++;
 
-
+#6
 $uri="ldap.uni-rostock.de:21";
-
-#9
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS FTP unit tests via sockets --> $uri ...";
 $socket_out = `$prg $check2run -t ftp $uri 2>&1`;
@@ -135,35 +99,15 @@ $socket_out =~ s/ error querying OCSP responder .*\n//g;
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
-# commented out, bc of travis' limits
-#
-# printf "\n%s\n", "STARTTLS FTP unit tests via OpenSSL --> $uri ...";
-# $openssl_out = `$prg --ssl-native $check2run -t ftp $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-# OCSP stapling fails sometimes with: 'offered, error querying OCSP responder (ERROR: No Status found)'
-# $openssl_out =~ s/ error querying OCSP responder .*\n//g;
-# unlike($openssl_out, qr/$openssl_regex_bl/, "");
-# $tests++;
-
-
+#7
 # https://ldapwiki.com/wiki/Public%20LDAP%20Servers
 $uri="db.debian.org:389";
-
-#10
 printf "\n%s\n", "STARTTLS LDAP unit tests via sockets --> $uri ...";
 $socket_out = `$prg $check2run -t ldap $uri 2>&1`;
 # $socket_json = json('tmp.json');
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
-#11
-printf "\n%s\n", "STARTTLS LDAP unit tests via OpenSSL --> $uri ...";
-$openssl_out = `$prg --ssl-native $check2run -t ldap $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-unlike($openssl_out, qr/$openssl_regex_bl/, "");
-$tests++;
-
-
 # For NNTP there doesn't seem to be reliable host out there
 #$uri="144.76.182.167:119";
 
@@ -171,14 +115,7 @@ $tests++;
 #$socket_out = `$prg $check2run -t nntp $uri 2>&1`;
 #unlike($socket_out, qr/$socket_regex_bl/, "");
 #$tests++;
-
-# commented out, bc of travis' limits
-#
-#printf "\n%s\n", "STARTTLS NNTP unit tests via OpenSSL --> $uri ...";
-#$openssl_out = `$prg --ssl-native $check2run -t nntp $uri 2>&1`;
-# $openssl_json = json('tmp.json');
-#unlike($openssl_out, qr/$openssl_regex_bl/, "");
-#$tests++;
+# also: commented out, bc of travis' limits
 
 # IRC: missing
 # LTMP, mysql, postgres