A quick and dirty option is to call out to curl
and see if it returns an error (or whether it returns an error about “SSL”). For example,
curl https://wrong.host.badssl.com/
returns exit code 51, while
curl https://expired.badssl.com/
returns exit code 60, as does
curl https://incomplete-chain.badssl.com/
(unlike your browser, curl
has no way of caching intermediates).
By contrast,
curl https://www.google.com/
returns exit code 0.
There are still potentially some divergences from browser behavior, and also the root store that you have may not align perfectly with those used by any particular browser, unless you deliberately import a copy of their root stores. But it’s not a bad test.
Most programming languages’ libraries for making HTTP connections can probably give similar information.
>>> import requests
>>> requests.get("https://www.google.com/")
<Response [200]>
>>> requests.get("https://expired.badssl.com/")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
>>> requests.get("https://incomplete-chain.badssl.com/")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)