Fixed up TLS evaluation tests by moving from disig.sk to badssl.com.

# Conflicts:
#	Tests/TLSEvaluationTests.swift

Alamofire.xcodeproj/project.pbxproj

@@ -61,9 +61,6 @@
 		4C743D061C22772D00BCB23E /* signed-by-ca2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C511B535F540017E0BF /* signed-by-ca2.cer */; };
 		4C743D071C22772D00BCB23E /* valid-dns-name.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C521B535F540017E0BF /* valid-dns-name.cer */; };
 		4C743D081C22772D00BCB23E /* valid-uri.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C531B535F540017E0BF /* valid-uri.cer */; };
-		4C743D091C22772D00BCB23E /* intermediate-ca-disig.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C5E1B535F6D0017E0BF /* intermediate-ca-disig.cer */; };
-		4C743D0A1C22772D00BCB23E /* root-ca-disig.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C5F1B535F6D0017E0BF /* root-ca-disig.cer */; };
-		4C743D0B1C22772D00BCB23E /* testssl-expire.disig.sk.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C601B535F6D0017E0BF /* testssl-expire.disig.sk.cer */; };
 		4C743D0C1C22772E00BCB23E /* certDER.cer in Resources */ = {isa = PBXBuildFile; fileRef = B39E2F831C1A72F8002DA1A9 /* certDER.cer */; };
 		4C743D0D1C22772E00BCB23E /* certDER.crt in Resources */ = {isa = PBXBuildFile; fileRef = B39E2F841C1A72F8002DA1A9 /* certDER.crt */; };
 		4C743D0E1C22772E00BCB23E /* certDER.der in Resources */ = {isa = PBXBuildFile; fileRef = B39E2F851C1A72F8002DA1A9 /* certDER.der */; };
@@ -83,9 +80,6 @@
 		4C743D1C1C22772E00BCB23E /* signed-by-ca2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C511B535F540017E0BF /* signed-by-ca2.cer */; };
 		4C743D1D1C22772E00BCB23E /* valid-dns-name.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C521B535F540017E0BF /* valid-dns-name.cer */; };
 		4C743D1E1C22772E00BCB23E /* valid-uri.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C531B535F540017E0BF /* valid-uri.cer */; };
-		4C743D1F1C22772E00BCB23E /* intermediate-ca-disig.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C5E1B535F6D0017E0BF /* intermediate-ca-disig.cer */; };
-		4C743D201C22772E00BCB23E /* root-ca-disig.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C5F1B535F6D0017E0BF /* root-ca-disig.cer */; };
-		4C743D211C22772E00BCB23E /* testssl-expire.disig.sk.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C601B535F6D0017E0BF /* testssl-expire.disig.sk.cer */; };
 		4C743D221C22772F00BCB23E /* certDER.cer in Resources */ = {isa = PBXBuildFile; fileRef = B39E2F831C1A72F8002DA1A9 /* certDER.cer */; };
 		4C743D231C22772F00BCB23E /* certDER.crt in Resources */ = {isa = PBXBuildFile; fileRef = B39E2F841C1A72F8002DA1A9 /* certDER.crt */; };
 		4C743D241C22772F00BCB23E /* certDER.der in Resources */ = {isa = PBXBuildFile; fileRef = B39E2F851C1A72F8002DA1A9 /* certDER.der */; };
@@ -105,9 +99,6 @@
 		4C743D321C22772F00BCB23E /* signed-by-ca2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C511B535F540017E0BF /* signed-by-ca2.cer */; };
 		4C743D331C22772F00BCB23E /* valid-dns-name.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C521B535F540017E0BF /* valid-dns-name.cer */; };
 		4C743D341C22772F00BCB23E /* valid-uri.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C531B535F540017E0BF /* valid-uri.cer */; };
-		4C743D351C22772F00BCB23E /* intermediate-ca-disig.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C5E1B535F6D0017E0BF /* intermediate-ca-disig.cer */; };
-		4C743D361C22772F00BCB23E /* root-ca-disig.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C5F1B535F6D0017E0BF /* root-ca-disig.cer */; };
-		4C743D371C22772F00BCB23E /* testssl-expire.disig.sk.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4C812C601B535F6D0017E0BF /* testssl-expire.disig.sk.cer */; };
 		4C7C8D221B9D0D9000948136 /* NSURLSessionConfiguration+AlamofireTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4C7C8D211B9D0D9000948136 /* NSURLSessionConfiguration+AlamofireTests.swift */; };
 		4C7C8D231B9D0D9000948136 /* NSURLSessionConfiguration+AlamofireTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4C7C8D211B9D0D9000948136 /* NSURLSessionConfiguration+AlamofireTests.swift */; };
 		4C80F9F81BB730EF001B46D2 /* Response.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4C0B62501BB1001C009302D3 /* Response.swift */; };
@@ -126,6 +117,18 @@
 		4CB9282A1C66BFBC00CE5F08 /* Notifications.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CB928281C66BFBC00CE5F08 /* Notifications.swift */; };
 		4CB9282B1C66BFBC00CE5F08 /* Notifications.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CB928281C66BFBC00CE5F08 /* Notifications.swift */; };
 		4CB9282C1C66BFBC00CE5F08 /* Notifications.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CB928281C66BFBC00CE5F08 /* Notifications.swift */; };
+		4CCB206C1D4549E000C64D5B /* expired.badssl.com-leaf.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB20681D4549E000C64D5B /* expired.badssl.com-leaf.cer */; };
+		4CCB206D1D4549E000C64D5B /* expired.badssl.com-leaf.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB20681D4549E000C64D5B /* expired.badssl.com-leaf.cer */; };
+		4CCB206E1D4549E000C64D5B /* expired.badssl.com-leaf.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB20681D4549E000C64D5B /* expired.badssl.com-leaf.cer */; };
+		4CCB206F1D4549E000C64D5B /* expired.badssl.com-root-ca.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB20691D4549E000C64D5B /* expired.badssl.com-root-ca.cer */; };
+		4CCB20701D4549E000C64D5B /* expired.badssl.com-root-ca.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB20691D4549E000C64D5B /* expired.badssl.com-root-ca.cer */; };
+		4CCB20711D4549E000C64D5B /* expired.badssl.com-root-ca.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB20691D4549E000C64D5B /* expired.badssl.com-root-ca.cer */; };
+		4CCB20721D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB206A1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer */; };
+		4CCB20731D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB206A1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer */; };
+		4CCB20741D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB206A1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer */; };
+		4CCB20751D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB206B1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer */; };
+		4CCB20761D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB206B1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer */; };
+		4CCB20771D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 4CCB206B1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer */; };
 		4CCFA79A1B2BE71600B6F460 /* URLProtocolTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CCFA7991B2BE71600B6F460 /* URLProtocolTests.swift */; };
 		4CCFA79B1B2BE71600B6F460 /* URLProtocolTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CCFA7991B2BE71600B6F460 /* URLProtocolTests.swift */; };
 		4CDE2C371AF8932A00BABAE5 /* Manager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CDE2C361AF8932A00BABAE5 /* Manager.swift */; };
@@ -271,13 +274,14 @@
 		4C812C511B535F540017E0BF /* signed-by-ca2.cer */ = {isa = PBXFileReference; lastKnownFileType = file; name = "signed-by-ca2.cer"; path = "alamofire.org/signed-by-ca2.cer"; sourceTree = "<group>"; };
 		4C812C521B535F540017E0BF /* valid-dns-name.cer */ = {isa = PBXFileReference; lastKnownFileType = file; name = "valid-dns-name.cer"; path = "alamofire.org/valid-dns-name.cer"; sourceTree = "<group>"; };
 		4C812C531B535F540017E0BF /* valid-uri.cer */ = {isa = PBXFileReference; lastKnownFileType = file; name = "valid-uri.cer"; path = "alamofire.org/valid-uri.cer"; sourceTree = "<group>"; };
-		4C812C5E1B535F6D0017E0BF /* intermediate-ca-disig.cer */ = {isa = PBXFileReference; lastKnownFileType = file; name = "intermediate-ca-disig.cer"; path = "disig.sk/intermediate-ca-disig.cer"; sourceTree = "<group>"; };
-		4C812C5F1B535F6D0017E0BF /* root-ca-disig.cer */ = {isa = PBXFileReference; lastKnownFileType = file; name = "root-ca-disig.cer"; path = "disig.sk/root-ca-disig.cer"; sourceTree = "<group>"; };
-		4C812C601B535F6D0017E0BF /* testssl-expire.disig.sk.cer */ = {isa = PBXFileReference; lastKnownFileType = file; name = "testssl-expire.disig.sk.cer"; path = "disig.sk/testssl-expire.disig.sk.cer"; sourceTree = "<group>"; };
 		4C83F41A1B749E0E00203445 /* Stream.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Stream.swift; sourceTree = "<group>"; };
 		4C9DCE771CB1BCE2003E6463 /* SessionDelegateTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionDelegateTests.swift; sourceTree = "<group>"; };
 		4CA028C41B7466C500C84163 /* ResultTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ResultTests.swift; sourceTree = "<group>"; };
 		4CB928281C66BFBC00CE5F08 /* Notifications.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Notifications.swift; sourceTree = "<group>"; };
+		4CCB20681D4549E000C64D5B /* expired.badssl.com-leaf.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = "expired.badssl.com-leaf.cer"; sourceTree = "<group>"; };
+		4CCB20691D4549E000C64D5B /* expired.badssl.com-root-ca.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = "expired.badssl.com-root-ca.cer"; sourceTree = "<group>"; };
+		4CCB206A1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = "expired.badssl.com-intermediate-ca-1.cer"; sourceTree = "<group>"; };
+		4CCB206B1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = "expired.badssl.com-intermediate-ca-2.cer"; sourceTree = "<group>"; };
 		4CCFA7991B2BE71600B6F460 /* URLProtocolTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = URLProtocolTests.swift; sourceTree = "<group>"; };
 		4CDE2C361AF8932A00BABAE5 /* Manager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Manager.swift; sourceTree = "<group>"; };
 		4CDE2C391AF899EC00BABAE5 /* Request.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Request.swift; sourceTree = "<group>"; };
@@ -416,7 +420,7 @@
 			isa = PBXGroup;
 			children = (
 				4C812C391B535F060017E0BF /* alamofire.org */,
-				4C812C381B535F000017E0BF /* disig.sk */,
+				4CCB20671D4549E000C64D5B /* expired.badssl.com */,
 				B39E2F821C1A72E5002DA1A9 /* Varying Encoding Types and Extensions */,
 			);
 			name = Certificates;
@@ -491,16 +495,6 @@
 			name = Extensions;
 			sourceTree = "<group>";
 		};
-		4C812C381B535F000017E0BF /* disig.sk */ = {
-			isa = PBXGroup;
-			children = (
-				4C812C5E1B535F6D0017E0BF /* intermediate-ca-disig.cer */,
-				4C812C5F1B535F6D0017E0BF /* root-ca-disig.cer */,
-				4C812C601B535F6D0017E0BF /* testssl-expire.disig.sk.cer */,
-			);
-			name = disig.sk;
-			sourceTree = "<group>";
-		};
 		4C812C391B535F060017E0BF /* alamofire.org */ = {
 			isa = PBXGroup;
 			children = (
@@ -511,6 +505,17 @@
 			name = alamofire.org;
 			sourceTree = "<group>";
 		};
+		4CCB20671D4549E000C64D5B /* expired.badssl.com */ = {
+			isa = PBXGroup;
+			children = (
+				4CCB20681D4549E000C64D5B /* expired.badssl.com-leaf.cer */,
+				4CCB206A1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer */,
+				4CCB206B1D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer */,
+				4CCB20691D4549E000C64D5B /* expired.badssl.com-root-ca.cer */,
+			);
+			path = expired.badssl.com;
+			sourceTree = "<group>";
+		};
 		4CDE2C481AF8A14A00BABAE5 /* Core */ = {
 			isa = PBXGroup;
 			children = (
@@ -856,27 +861,28 @@
 			buildActionMask = 2147483647;
 			files = (
 				4C743D031C22772D00BCB23E /* wildcard.alamofire.org.cer in Resources */,
+				4CCB20771D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer in Resources */,
 				4C743CFF1C22772D00BCB23E /* alamofire-signing-ca2.cer in Resources */,
 				4C743D061C22772D00BCB23E /* signed-by-ca2.cer in Resources */,
 				4CF627341BA7CC300011A099 /* rainbow.jpg in Resources */,
+				4CCB20741D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer in Resources */,
 				4C743D081C22772D00BCB23E /* valid-uri.cer in Resources */,
 				4C743CFC1C22772D00BCB23E /* keyDER.der in Resources */,
+				4CCB206E1D4549E000C64D5B /* expired.badssl.com-leaf.cer in Resources */,
 				4C743CF81C22772D00BCB23E /* certDER.der in Resources */,
 				4C743D051C22772D00BCB23E /* missing-dns-name-and-uri.cer in Resources */,
 				4C743CFB1C22772D00BCB23E /* randomGibberish.crt in Resources */,
-				4C743D0B1C22772D00BCB23E /* testssl-expire.disig.sk.cer in Resources */,
 				4C743CFE1C22772D00BCB23E /* alamofire-signing-ca1.cer in Resources */,
 				4C743D001C22772D00BCB23E /* multiple-dns-names.cer in Resources */,
 				4C743D011C22772D00BCB23E /* signed-by-ca1.cer in Resources */,
 				4C743D021C22772D00BCB23E /* test.alamofire.org.cer in Resources */,
 				4C743CF61C22772D00BCB23E /* certDER.cer in Resources */,
-				4C743D0A1C22772D00BCB23E /* root-ca-disig.cer in Resources */,
 				4C743CFD1C22772D00BCB23E /* alamofire-root-ca.cer in Resources */,
 				4C743CF91C22772D00BCB23E /* certPEM.cer in Resources */,
 				4CF627351BA7CC300011A099 /* unicorn.png in Resources */,
 				4C743CFA1C22772D00BCB23E /* certPEM.crt in Resources */,
-				4C743D091C22772D00BCB23E /* intermediate-ca-disig.cer in Resources */,
 				4C743CF71C22772D00BCB23E /* certDER.crt in Resources */,
+				4CCB20711D4549E000C64D5B /* expired.badssl.com-root-ca.cer in Resources */,
 				4C743D071C22772D00BCB23E /* valid-dns-name.cer in Resources */,
 				4C743D041C22772D00BCB23E /* expired.cer in Resources */,
 			);
@@ -908,27 +914,28 @@
 			buildActionMask = 2147483647;
 			files = (
 				4C743D2F1C22772F00BCB23E /* wildcard.alamofire.org.cer in Resources */,
+				4CCB20751D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer in Resources */,
 				4C743D2B1C22772F00BCB23E /* alamofire-signing-ca2.cer in Resources */,
 				4C743D321C22772F00BCB23E /* signed-by-ca2.cer in Resources */,
 				4C33A13B1B5207DB00873DFF /* unicorn.png in Resources */,
+				4CCB20721D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer in Resources */,
 				4C743D341C22772F00BCB23E /* valid-uri.cer in Resources */,
 				4C743D281C22772F00BCB23E /* keyDER.der in Resources */,
+				4CCB206C1D4549E000C64D5B /* expired.badssl.com-leaf.cer in Resources */,
 				4C743D241C22772F00BCB23E /* certDER.der in Resources */,
 				4C743D311C22772F00BCB23E /* missing-dns-name-and-uri.cer in Resources */,
 				4C743D271C22772F00BCB23E /* randomGibberish.crt in Resources */,
-				4C743D371C22772F00BCB23E /* testssl-expire.disig.sk.cer in Resources */,
 				4C743D2A1C22772F00BCB23E /* alamofire-signing-ca1.cer in Resources */,
 				4C743D2C1C22772F00BCB23E /* multiple-dns-names.cer in Resources */,
 				4C743D2D1C22772F00BCB23E /* signed-by-ca1.cer in Resources */,
 				4C743D2E1C22772F00BCB23E /* test.alamofire.org.cer in Resources */,
 				4C743D221C22772F00BCB23E /* certDER.cer in Resources */,
-				4C743D361C22772F00BCB23E /* root-ca-disig.cer in Resources */,
 				4C743D291C22772F00BCB23E /* alamofire-root-ca.cer in Resources */,
 				4C743D251C22772F00BCB23E /* certPEM.cer in Resources */,
 				4C33A1391B5207DB00873DFF /* rainbow.jpg in Resources */,
 				4C743D261C22772F00BCB23E /* certPEM.crt in Resources */,
-				4C743D351C22772F00BCB23E /* intermediate-ca-disig.cer in Resources */,
 				4C743D231C22772F00BCB23E /* certDER.crt in Resources */,
+				4CCB206F1D4549E000C64D5B /* expired.badssl.com-root-ca.cer in Resources */,
 				4C743D331C22772F00BCB23E /* valid-dns-name.cer in Resources */,
 				4C743D301C22772F00BCB23E /* expired.cer in Resources */,
 			);
@@ -939,27 +946,28 @@
 			buildActionMask = 2147483647;
 			files = (
 				4C743D191C22772E00BCB23E /* wildcard.alamofire.org.cer in Resources */,
+				4CCB20761D4549E000C64D5B /* expired.badssl.com-intermediate-ca-2.cer in Resources */,
 				4C743D151C22772E00BCB23E /* alamofire-signing-ca2.cer in Resources */,
 				4C743D1C1C22772E00BCB23E /* signed-by-ca2.cer in Resources */,
 				4C33A13C1B5207DB00873DFF /* unicorn.png in Resources */,
+				4CCB20731D4549E000C64D5B /* expired.badssl.com-intermediate-ca-1.cer in Resources */,
 				4C743D1E1C22772E00BCB23E /* valid-uri.cer in Resources */,
 				4C743D121C22772E00BCB23E /* keyDER.der in Resources */,
+				4CCB206D1D4549E000C64D5B /* expired.badssl.com-leaf.cer in Resources */,
 				4C743D0E1C22772E00BCB23E /* certDER.der in Resources */,
 				4C743D1B1C22772E00BCB23E /* missing-dns-name-and-uri.cer in Resources */,
 				4C743D111C22772E00BCB23E /* randomGibberish.crt in Resources */,
-				4C743D211C22772E00BCB23E /* testssl-expire.disig.sk.cer in Resources */,
 				4C743D141C22772E00BCB23E /* alamofire-signing-ca1.cer in Resources */,
 				4C743D161C22772E00BCB23E /* multiple-dns-names.cer in Resources */,
 				4C743D171C22772E00BCB23E /* signed-by-ca1.cer in Resources */,
 				4C743D181C22772E00BCB23E /* test.alamofire.org.cer in Resources */,
 				4C743D0C1C22772E00BCB23E /* certDER.cer in Resources */,
-				4C743D201C22772E00BCB23E /* root-ca-disig.cer in Resources */,
 				4C743D131C22772E00BCB23E /* alamofire-root-ca.cer in Resources */,
 				4C743D0F1C22772E00BCB23E /* certPEM.cer in Resources */,
 				4C33A13A1B5207DB00873DFF /* rainbow.jpg in Resources */,
 				4C743D101C22772E00BCB23E /* certPEM.crt in Resources */,
-				4C743D1F1C22772E00BCB23E /* intermediate-ca-disig.cer in Resources */,
 				4C743D0D1C22772E00BCB23E /* certDER.crt in Resources */,
+				4CCB20701D4549E000C64D5B /* expired.badssl.com-root-ca.cer in Resources */,
 				4C743D1D1C22772E00BCB23E /* valid-dns-name.cer in Resources */,
 				4C743D1A1C22772E00BCB23E /* expired.cer in Resources */,
 			);

Tests/ServerTrustPolicyTests.swift

@@ -1408,13 +1408,13 @@ class ServerTrustPolicyCertificatesInBundleTestCase: ServerTrustPolicyTestCase {
         )
 
         // Then
-        // Expectation: 18 well-formed certificates in the test bundle plus 4 invalid certificates.
+        // Expectation: 19 well-formed certificates in the test bundle plus 4 invalid certificates.
         #if os(OSX)
             // For some reason, OSX is allowing all certificates to be considered valid. Need to file a
             // rdar demonstrating this behavior.
-            XCTAssertEqual(certificates.count, 22, "Expected 22 well-formed certificates")
+            XCTAssertEqual(certificates.count, 23, "Expected 23 well-formed certificates")
         #else
-            XCTAssertEqual(certificates.count, 18, "Expected 18 well-formed certificates")
+            XCTAssertEqual(certificates.count, 19, "Expected 19 well-formed certificates")
         #endif
     }
 }

Tests/TLSEvaluationTests.swift

@@ -27,9 +27,10 @@ import Foundation
 import XCTest
 
 private struct TestCertificates {
-    static let RootCA = TestCertificates.certificateWithFileName("root-ca-disig")
-    static let IntermediateCA = TestCertificates.certificateWithFileName("intermediate-ca-disig")
-    static let Leaf = TestCertificates.certificateWithFileName("testssl-expire.disig.sk")
+    static let RootCA = TestCertificates.certificateWithFileName("expired.badssl.com-root-ca")
+    static let IntermediateCA1 = TestCertificates.certificateWithFileName("expired.badssl.com-intermediate-ca-1")
+    static let IntermediateCA2 = TestCertificates.certificateWithFileName("expired.badssl.com-intermediate-ca-2")
+    static let Leaf = TestCertificates.certificateWithFileName("expired.badssl.com-leaf")
 
     static func certificateWithFileName(_ fileName: String) -> SecCertificate {
         class Bundle {}
@@ -45,7 +46,8 @@ private struct TestCertificates {
 
 private struct TestPublicKeys {
     static let RootCA = TestPublicKeys.publicKeyForCertificate(TestCertificates.RootCA)
-    static let IntermediateCA = TestPublicKeys.publicKeyForCertificate(TestCertificates.IntermediateCA)
+    static let IntermediateCA1 = TestPublicKeys.publicKeyForCertificate(TestCertificates.IntermediateCA1)
+    static let IntermediateCA2 = TestPublicKeys.publicKeyForCertificate(TestCertificates.IntermediateCA2)
     static let Leaf = TestPublicKeys.publicKeyForCertificate(TestCertificates.Leaf)
 
     static func publicKeyForCertificate(_ certificate: SecCertificate) -> SecKey {
@@ -62,8 +64,8 @@ private struct TestPublicKeys {
 // MARK: -
 
 class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
-    let URL = "https://testssl-expire.disig.sk/"
-    let host = "testssl-expire.disig.sk"
+    let URL = "https://expired.badssl.com/"
+    let host = "expired.badssl.com"
     var configuration: URLSessionConfiguration!
 
     // MARK: Setup and Teardown
@@ -170,7 +172,13 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
 
     func testThatExpiredCertificateRequestFailsWhenPinningAllCertificatesWithCertificateChainValidation() {
         // Given
-        let certificates = [TestCertificates.Leaf, TestCertificates.IntermediateCA, TestCertificates.RootCA]
+        let certificates = [
+            TestCertificates.Leaf,
+            TestCertificates.IntermediateCA1,
+            TestCertificates.IntermediateCA2,
+            TestCertificates.RootCA
+        ]
+
         let policies: [String: ServerTrustPolicy] = [
             host: .pinCertificates(certificates: certificates, validateCertificateChain: true, validateHost: true)
         ]
@@ -232,7 +240,7 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
 
     func testThatExpiredCertificateRequestSucceedsWhenPinningIntermediateCACertificateWithoutCertificateChainValidation() {
         // Given
-        let certificates = [TestCertificates.IntermediateCA]
+        let certificates = [TestCertificates.IntermediateCA2]
         let policies: [String: ServerTrustPolicy] = [
             host: .pinCertificates(certificates: certificates, validateCertificateChain: false, validateHost: true)
         ]
@@ -352,7 +360,7 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
 
     func testThatExpiredCertificateRequestSucceedsWhenPinningIntermediateCAPublicKeyWithoutCertificateChainValidation() {
         // Given
-        let publicKeys = [TestPublicKeys.IntermediateCA]
+        let publicKeys = [TestPublicKeys.IntermediateCA2]
         let policies: [String: ServerTrustPolicy] = [
             host: .pinPublicKeys(publicKeys: publicKeys, validateCertificateChain: false, validateHost: true)
         ]