From c7e095305ffb1a50e2e4835ebaa554831190f725 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Sat, 15 Mar 2025 17:24:22 +0100
Subject: [PATCH] Add unit test for certificate revocation

One positive, one negative

This should detect failures in the future like in #2667, #2516
and #1275 .
---
 t/52_ocsp_revoked.t | 55 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100755 t/52_ocsp_revoked.t

diff --git a/t/52_ocsp_revoked.t b/t/52_ocsp_revoked.t
new file mode 100755
index 0000000..a9b29a9
--- /dev/null
+++ b/t/52_ocsp_revoked.t
@@ -0,0 +1,55 @@
+#!/usr/bin/env perl
+
+# Check revoked.badssl.com whether certificate is revoked
+# and cloudflare whether is is not
+# Maybe amended
+#
+# We don't use a full run, only the certificate section.
+
+use strict;
+use Test::More;
+use Data::Dumper;
+use Text::Diff;
+
+my $tests = 0;
+my $prg="./testssl.sh";
+my $csv="tmp.csv";
+my $cat_csv="";
+my $check2run="-q -S --color 0 --phone-out --ip=one --severity CRITICAL --csvfile $csv";
+my $uri="revoked.badssl.com";
+my @args="";
+
+die "Unable to open $prg" unless -f $prg;
+
+# Provide proper start conditions
+unlink $csv;
+
+#1 run
+printf "\n%s\n", "Unit test for certificate revocation against \"$uri\"";
+@args="$prg $check2run $uri >/dev/null";
+system("@args") == 0
+     or die ("FAILED: \"@args\" ");
+$cat_csv=`cat $csv`;
+
+# Is the certificate revoked?
+like($cat_csv, qr/"cert_ocspRevoked".*"CRITICAL","revoked"/,"The certificate should be revoked");
+$tests++;
+unlink $csv;
+
+$uri="cloudflare.com";
+@args="$prg $check2run $uri >/dev/null";
+system("@args") == 0
+     or die ("FAILED: \"@args\" ");
+$cat_csv=`cat $csv`;
+
+# this should not be revoked --> no such line
+unlike($cat_csv, qr/cert_ocspRevoked/,"There should be no certificate revocation entry");
+$tests++;
+unlink $csv;
+
+done_testing($tests);
+printf "\n";
+
+
+# vim:ts=5:sw=5:expandtab
+