diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-10-03 16:42:07 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-10-03 16:42:07 +0000 |
commit | 6f034aa2e9f140626de2b9413715651dffe9e394 (patch) | |
tree | 0a594b8b65bddc9303e1fd6dcc80807e3a79e602 | |
parent | 12a3bb06a19c78607e9f2a0a59c2e71f43a22b8b (diff) | |
parent | 2c1d544c5d9ad12afec09cc6ede40aa8f4693fd2 (diff) | |
download | gnutls-6f034aa2e9f140626de2b9413715651dffe9e394.tar.gz |
Merge branch 'tmp-sh-tests' into 'master'
tests: simplify shell-script usage
See merge request gnutls/gnutls!1337
159 files changed, 801 insertions, 815 deletions
diff --git a/fuzz/run-afl.sh b/fuzz/run-afl.sh index 68f77f8ce1..ee1283f6fb 100755 --- a/fuzz/run-afl.sh +++ b/fuzz/run-afl.sh @@ -16,7 +16,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" +: ${srcdir=.} export LD_LIBRARY_PATH=${srcdir}/../lib/.libs/ cat ${srcdir}/../config.log|grep afl-gcc >/dev/null 2>&1 diff --git a/tests/Makefile.am b/tests/Makefile.am index ec5ec3f505..d4867cf3af 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -620,4 +620,4 @@ LOG_COMPILER = $(VALGRIND) endif distclean-local: - rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db + rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db port.lock.d diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh index 3469c42d22..547a37ce10 100755 --- a/tests/cert-reencoding.sh +++ b/tests/cert-reencoding.sh @@ -21,13 +21,12 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" -GNUTLS_SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -unset SERV -GNUTLS_CLI="${GNUTLS_CLI:-../src/gnutls-cli${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} SERVER_CERT_FILE="cert.$$.pem.tmp" SERVER_KEY_FILE="key.$$.pem.tmp" CLIENT_CERT_FILE="cli-cert.$$.pem.tmp" @@ -42,11 +41,11 @@ if ! test -x "${OCSPTOOL}"; then exit 77 fi -if ! test -x "${GNUTLS_SERV}"; then +if ! test -x "${SERV}"; then exit 77 fi -if ! test -x "${GNUTLS_CLI}"; then +if ! test -x "${CLI}"; then exit 77 fi @@ -69,8 +68,8 @@ TLS_SERVER_PORT=$PORT eval "${GETPORT}" # Check for OpenSSL -OPENSSL=`which openssl` -if ! test -x "${OPENSSL}"; then +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then echo "You need openssl to run this test." exit 77 fi @@ -244,7 +243,7 @@ TESTDATE="2018-03-01" # Start OpenSSL TLS server # -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ "${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \ -CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www @@ -252,7 +251,7 @@ SERVER_PID="${!}" wait_server "${SERVER_PID}" datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --x509certfile ${CLIENT_CERT_FILE} \ + "${CLI}" --x509certfile ${CLIENT_CERT_FILE} \ --x509keyfile ${CLIENT_KEY_FILE} --x509cafile=${CA_FILE} \ --port="${PORT}" localhost </dev/null rc=$? diff --git a/tests/cert-tests/aki b/tests/cert-tests/aki index e8d39588e3..b7bbe91c1c 100755 --- a/tests/cert-tests/aki +++ b/tests/cert-tests/aki @@ -22,10 +22,10 @@ set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} TMPFILE=aki-$$.tmp -DIFF="${DIFF:-diff -b -B}" +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/alt-chain b/tests/cert-tests/alt-chain index a2261b3809..d72bfa41d6 100755 --- a/tests/cert-tests/alt-chain +++ b/tests/cert-tests/alt-chain @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/cert-critical b/tests/cert-tests/cert-critical index f923b29fa4..5734c3fe00 100755 --- a/tests/cert-tests/cert-critical +++ b/tests/cert-tests/cert-critical @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/cert-non-digits-time b/tests/cert-tests/cert-non-digits-time index 9c25c396de..1c72a9c675 100755 --- a/tests/cert-tests/cert-non-digits-time +++ b/tests/cert-tests/cert-non-digits-time @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/cert-sanity b/tests/cert-tests/cert-sanity index 4bf0a0cf85..c2d63d966c 100755 --- a/tests/cert-tests/cert-sanity +++ b/tests/cert-tests/cert-sanity @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/cert-time b/tests/cert-tests/cert-time index 6ee2a226e6..3310250289 100755 --- a/tests/cert-tests/cert-time +++ b/tests/cert-tests/cert-time @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index 0fd29beea9..11b8b8f636 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} TMPFILE1=certtool-file1.$$.tmp TMPFILE2=certtool-file2.$$.tmp PASS="1234" @@ -39,8 +39,8 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -SETSID=$(which setsid) -if test -n "${SETSID}";then +: ${SETSID=setsid} +if ("$SETSID" --version) >/dev/null 2>&1; then ${VALGRIND} "${CERTTOOL}" --generate-privkey --rsa --outfile ${TMPFILE1} --pkcs8 --password ${PASS} if test $? != 0;then echo "private key generation failed" diff --git a/tests/cert-tests/certtool-crl-decoding b/tests/cert-tests/certtool-crl-decoding index dadc92cbf7..7480150ba1 100755 --- a/tests/cert-tests/certtool-crl-decoding +++ b/tests/cert-tests/certtool-crl-decoding @@ -22,8 +22,8 @@ # This checks whether OIDs > 2^32 are correctly decoded. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} OUTFILE="crl.$$.pem" if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/certtool-ecdsa b/tests/cert-tests/certtool-ecdsa index 9811777b1f..885efe243f 100755 --- a/tests/cert-tests/certtool-ecdsa +++ b/tests/cert-tests/certtool-ecdsa @@ -20,8 +20,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} KEYFILE=ecdsa-privkey.$$.tmp TMPFILE=ecdsa.$$.tmp diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa index 7e07822507..2fc027a95b 100755 --- a/tests/cert-tests/certtool-eddsa +++ b/tests/cert-tests/certtool-eddsa @@ -20,8 +20,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} KEYFILE=eddsa-privkey.$$.tmp TMPFILE=eddsa.$$.tmp TMPFILE2=eddsa2.$$.tmp diff --git a/tests/cert-tests/certtool-long-cn b/tests/cert-tests/certtool-long-cn index 41e7a9740c..9614bdf59a 100755 --- a/tests/cert-tests/certtool-long-cn +++ b/tests/cert-tests/certtool-long-cn @@ -22,9 +22,9 @@ # This checks whether invalid UTF8 strings trigger valgrind warnings. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} outfile="out.$$.pem" if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/certtool-long-oids b/tests/cert-tests/certtool-long-oids index 17e1a40d53..7aa0cc965a 100755 --- a/tests/cert-tests/certtool-long-oids +++ b/tests/cert-tests/certtool-long-oids @@ -22,9 +22,9 @@ # This checks whether OIDs > 2^32 are correctly decoded. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} OUTFILE="long-oids.$$.pem.tmp" TMPFILE1="long-oids1.$$.pem.tmp" diff --git a/tests/cert-tests/certtool-rsa-pss b/tests/cert-tests/certtool-rsa-pss index 654bf34869..598351d41d 100755 --- a/tests/cert-tests/certtool-rsa-pss +++ b/tests/cert-tests/certtool-rsa-pss @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} OUTFILE=cert-pss-privkey.$$.tmp TMPFILE=cert-pss.$$.tmp TMPFILE2=cert2-pss.$$.tmp diff --git a/tests/cert-tests/certtool-subca b/tests/cert-tests/certtool-subca index 6bd5d94def..478d1f0d0b 100755 --- a/tests/cert-tests/certtool-subca +++ b/tests/cert-tests/certtool-subca @@ -24,9 +24,9 @@ # This is a reproducer for #767 -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/certtool-utf8 b/tests/cert-tests/certtool-utf8 index a814c08e12..b37b305f90 100755 --- a/tests/cert-tests/certtool-utf8 +++ b/tests/cert-tests/certtool-utf8 @@ -22,9 +22,9 @@ # This checks whether invalid UTF8 strings trigger valgrind warnings. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" diff --git a/tests/cert-tests/certtool-verify-profiles b/tests/cert-tests/certtool-verify-profiles index a4d738627e..f63ee923fe 100755 --- a/tests/cert-tests/certtool-verify-profiles +++ b/tests/cert-tests/certtool-verify-profiles @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/crl b/tests/cert-tests/crl index f4f97d757b..56ed5e5847 100755 --- a/tests/cert-tests/crl +++ b/tests/cert-tests/crl @@ -22,10 +22,10 @@ export TZ="UTC" -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" -ac_cv_sizeof_time_t="${ac_cv_sizeof_time_t:-8}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +: ${ac_cv_sizeof_time_t=8} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq index 1d64dee27e..60b161f6d8 100755 --- a/tests/cert-tests/crq +++ b/tests/cert-tests/crq @@ -22,9 +22,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/dane b/tests/cert-tests/dane index 66a1f30817..9398c73dcc 100755 --- a/tests/cert-tests/dane +++ b/tests/cert-tests/dane @@ -22,9 +22,9 @@ set -e -srcdir="${srcdir:-.}" -DANETOOL="${DANETOOL:-../../src/danetool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${DANETOOL=../../src/danetool${EXEEXT}} +: ${DIFF=diff} test -e "${DANETOOL}" || exit 77 diff --git a/tests/cert-tests/dsa b/tests/cert-tests/dsa index f8901c8c3e..e623a7483a 100755 --- a/tests/cert-tests/dsa +++ b/tests/cert-tests/dsa @@ -20,13 +20,13 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../../src/gnutls-serv}" -CLI="${CLI:-../../src/gnutls-cli}" +: ${srcdir=.} +: ${SERV=../../src/gnutls-serv${EXEEXT}} +: ${CLI=../../src/gnutls-cli${EXEEXT}} DEBUG="" unset RETCODE -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 @@ -59,7 +59,7 @@ echo "Checking various DSA key sizes (port ${PORT})" echo "Checking DSA-1024 with TLS 1.0" eval "${GETPORT}" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" PID=$! wait_server "${PID}" @@ -93,7 +93,7 @@ wait echo "Checking DSA-1024 with TLS 1.2" eval "${GETPORT}" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" PID=$! wait_server "${PID}" @@ -126,7 +126,7 @@ wait #echo "Checking DSA-2048 with TLS 1.0" #eval "${GETPORT}" -#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" +#launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" #PID=$! #wait_server "${PID}" @@ -140,7 +140,7 @@ wait echo "Checking DSA-2048 with TLS 1.2" eval "${GETPORT}" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" PID=$! wait_server "${PID}" @@ -154,7 +154,7 @@ wait #echo "Checking DSA-3072 with TLS 1.0" -#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" +#launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" #PID=$! #wait_server "${PID}" # @@ -169,7 +169,7 @@ wait echo "Checking DSA-3072 with TLS 1.2" eval "${GETPORT}" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" PID=$! wait_server "${PID}" diff --git a/tests/cert-tests/ecdsa b/tests/cert-tests/ecdsa index c593351b57..431b88f06e 100755 --- a/tests/cert-tests/ecdsa +++ b/tests/cert-tests/ecdsa @@ -22,8 +22,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} TMPFILE=ecdsa.$$.tmp TMPCA=ecdsa-ca.$$.tmp TMPCAKEY=ecdsa-ca-key.$$.tmp diff --git a/tests/cert-tests/email b/tests/cert-tests/email index a00281028e..1629fec881 100755 --- a/tests/cert-tests/email +++ b/tests/cert-tests/email @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} DIFF=$"{DIFF:-diff}" if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/gost b/tests/cert-tests/gost index ff47988a6d..c16c539814 100755 --- a/tests/cert-tests/gost +++ b/tests/cert-tests/gost @@ -21,8 +21,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} TMPFILE=gost.$$.tmp TMPCA=gost-ca.$$.tmp TMPCAKEY=gost-ca-key.$$.tmp diff --git a/tests/cert-tests/illegal-rsa b/tests/cert-tests/illegal-rsa index 1b9a162779..d0cb611bc9 100755 --- a/tests/cert-tests/illegal-rsa +++ b/tests/cert-tests/illegal-rsa @@ -18,9 +18,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -GREP="${GREP:-grep}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${GREP=grep} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/inhibit-anypolicy b/tests/cert-tests/inhibit-anypolicy index ba5e1100f6..e27e4a85f7 100755 --- a/tests/cert-tests/inhibit-anypolicy +++ b/tests/cert-tests/inhibit-anypolicy @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index 58134a4d09..53ef76051b 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -22,9 +22,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi diff --git a/tests/cert-tests/key-id b/tests/cert-tests/key-id index 2e59593a3f..9c88035e87 100755 --- a/tests/cert-tests/key-id +++ b/tests/cert-tests/key-id @@ -22,8 +22,8 @@ set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} TMPFILE=key-id.$$.tmp TEMPLFILE=tmpl.$$.tmp diff --git a/tests/cert-tests/key-invalid b/tests/cert-tests/key-invalid index eeb94ee976..975687fe7a 100755 --- a/tests/cert-tests/key-invalid +++ b/tests/cert-tests/key-invalid @@ -21,9 +21,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} TMPFILE=key-invalid.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/krb5-test b/tests/cert-tests/krb5-test index a6e092cc90..caa7d542d0 100755 --- a/tests/cert-tests/krb5-test +++ b/tests/cert-tests/krb5-test @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=tmp-krb5name.pem TMPLFILE=tmp-krb5name.tmpl diff --git a/tests/cert-tests/md5-test b/tests/cert-tests/md5-test index 15d6280b1c..7438e091f5 100755 --- a/tests/cert-tests/md5-test +++ b/tests/cert-tests/md5-test @@ -21,9 +21,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} TMPFILE=md5.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/name-constraints b/tests/cert-tests/name-constraints index 3b2370d49a..e0c1e7479d 100755 --- a/tests/cert-tests/name-constraints +++ b/tests/cert-tests/name-constraints @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/othername-test b/tests/cert-tests/othername-test index 00f93b22dd..40eb6c12bb 100755 --- a/tests/cert-tests/othername-test +++ b/tests/cert-tests/othername-test @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=tmp-othername.pem if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/pathlen b/tests/cert-tests/pathlen index d532012295..b5cd7d7107 100755 --- a/tests/cert-tests/pathlen +++ b/tests/cert-tests/pathlen @@ -22,9 +22,9 @@ set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding index 267a1fc7f3..dc9380c74b 100755 --- a/tests/cert-tests/pem-decoding +++ b/tests/cert-tests/pem-decoding @@ -22,8 +22,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs1-pad b/tests/cert-tests/pkcs1-pad index c75ab9e09d..c8f34e4144 100755 --- a/tests/cert-tests/pkcs1-pad +++ b/tests/cert-tests/pkcs1-pad @@ -23,8 +23,8 @@ set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs12 b/tests/cert-tests/pkcs12 index f28230a7b2..a04b043c8e 100755 --- a/tests/cert-tests/pkcs12 +++ b/tests/cert-tests/pkcs12 @@ -21,8 +21,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 @@ -37,7 +37,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi -DIFF="${DIFF:-diff}" +: ${DIFF=diff} DEBUG="" TMPFILE=pkcs12.$$.tmp diff --git a/tests/cert-tests/pkcs12-corner-cases b/tests/cert-tests/pkcs12-corner-cases index 0b9c482db7..2c6a2d9f2d 100755 --- a/tests/cert-tests/pkcs12-corner-cases +++ b/tests/cert-tests/pkcs12-corner-cases @@ -21,8 +21,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs12-encode b/tests/cert-tests/pkcs12-encode index 265c0df542..2f719f3044 100755 --- a/tests/cert-tests/pkcs12-encode +++ b/tests/cert-tests/pkcs12-encode @@ -21,8 +21,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 @@ -37,7 +37,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi -DIFF="${DIFF:-diff -b -B}" +: ${DIFF=diff -b -B} DEBUG="" TMPFILE=pkcs12.$$.tmp diff --git a/tests/cert-tests/pkcs12-gost b/tests/cert-tests/pkcs12-gost index f7c4bba52b..ab94479ba7 100755 --- a/tests/cert-tests/pkcs12-gost +++ b/tests/cert-tests/pkcs12-gost @@ -22,8 +22,8 @@ # This test cannot run under windows because it passes UTF8 data on command # line. This seems not to work under windows. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 @@ -38,7 +38,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi -DIFF="${DIFF:-diff}" +: ${DIFF=diff} DEBUG="" TMPFILE=pkcs12-gost.$$.tmp diff --git a/tests/cert-tests/pkcs12-utf8 b/tests/cert-tests/pkcs12-utf8 index ace10ca181..168e7c5126 100755 --- a/tests/cert-tests/pkcs12-utf8 +++ b/tests/cert-tests/pkcs12-utf8 @@ -25,8 +25,8 @@ # line. This seems not to work under windows. It intentionally depends on # bash as few other shells cannot handle utf8 strings -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 @@ -36,7 +36,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi -DIFF="${DIFF:-diff}" +: ${DIFF=diff} DEBUG="" TMPFILE=pkcs12-utf8.$$.tmp diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 5767e09646..709ee5c07f 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs7-broken-sigs b/tests/cert-tests/pkcs7-broken-sigs index b9351a055a..b51d0c5d15 100755 --- a/tests/cert-tests/pkcs7-broken-sigs +++ b/tests/cert-tests/pkcs7-broken-sigs @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs7-cat b/tests/cert-tests/pkcs7-cat index 6543397431..1cec37f4de 100755 --- a/tests/cert-tests/pkcs7-cat +++ b/tests/cert-tests/pkcs7-cat @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs7-constraints b/tests/cert-tests/pkcs7-constraints index 6964d26f09..150c103443 100755 --- a/tests/cert-tests/pkcs7-constraints +++ b/tests/cert-tests/pkcs7-constraints @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs7-constraints2 b/tests/cert-tests/pkcs7-constraints2 index 7d1816a33a..94f89a5e93 100755 --- a/tests/cert-tests/pkcs7-constraints2 +++ b/tests/cert-tests/pkcs7-constraints2 @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa index 6f235c512b..40179703bc 100755 --- a/tests/cert-tests/pkcs7-eddsa +++ b/tests/cert-tests/pkcs7-eddsa @@ -19,9 +19,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs7-list-sign b/tests/cert-tests/pkcs7-list-sign index 5ca04d8005..2cf168bea4 100755 --- a/tests/cert-tests/pkcs7-list-sign +++ b/tests/cert-tests/pkcs7-list-sign @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/pkcs8 b/tests/cert-tests/pkcs8 index d23aad94b4..8bad70193e 100755 --- a/tests/cert-tests/pkcs8 +++ b/tests/cert-tests/pkcs8 @@ -18,9 +18,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -GREP="${GREP:-grep}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${GREP=grep} TMPFILE=tmp-key-ca.$$.p8 diff --git a/tests/cert-tests/pkcs8-decode b/tests/cert-tests/pkcs8-decode index 2fb8696626..27c84bfaf3 100755 --- a/tests/cert-tests/pkcs8-decode +++ b/tests/cert-tests/pkcs8-decode @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} TMPFILE=pkcs8-decode.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/pkcs8-eddsa b/tests/cert-tests/pkcs8-eddsa index 7474078ff6..2d33ebfb50 100755 --- a/tests/cert-tests/pkcs8-eddsa +++ b/tests/cert-tests/pkcs8-eddsa @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} TMPFILE=pkcs8-eddsa.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/pkcs8-gost b/tests/cert-tests/pkcs8-gost index 325b47a581..6527d9d369 100755 --- a/tests/cert-tests/pkcs8-gost +++ b/tests/cert-tests/pkcs8-gost @@ -19,9 +19,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} TMPFILE=pkcs8-gost-decode.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/pkcs8-invalid b/tests/cert-tests/pkcs8-invalid index a9e8beac21..edf19bbeec 100755 --- a/tests/cert-tests/pkcs8-invalid +++ b/tests/cert-tests/pkcs8-invalid @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} TMPFILE=pkcs8-invalid.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/privkey-import b/tests/cert-tests/privkey-import index 73bacae253..575ca58497 100755 --- a/tests/cert-tests/privkey-import +++ b/tests/cert-tests/privkey-import @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} TMPFILE=tmp-$$.privkey.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/provable-dh b/tests/cert-tests/provable-dh index 0676c0f5f0..50d51ce4b7 100755 --- a/tests/cert-tests/provable-dh +++ b/tests/cert-tests/provable-dh @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=provable-dh$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/provable-dh-default b/tests/cert-tests/provable-dh-default index 43c2ed5aff..f6fa889814 100755 --- a/tests/cert-tests/provable-dh-default +++ b/tests/cert-tests/provable-dh-default @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=provable-dh$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/provable-privkey b/tests/cert-tests/provable-privkey index 51d4389eb7..0049c6d949 100755 --- a/tests/cert-tests/provable-privkey +++ b/tests/cert-tests/provable-privkey @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=provable-privkey$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/provable-privkey-dsa2048 b/tests/cert-tests/provable-privkey-dsa2048 index f805ab3576..f7eee5daf1 100755 --- a/tests/cert-tests/provable-privkey-dsa2048 +++ b/tests/cert-tests/provable-privkey-dsa2048 @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=provable-privkey.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/provable-privkey-gen-default b/tests/cert-tests/provable-privkey-gen-default index 3edf3437d8..6517a242a5 100755 --- a/tests/cert-tests/provable-privkey-gen-default +++ b/tests/cert-tests/provable-privkey-gen-default @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=provable-privkey$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/provable-privkey-rsa2048 b/tests/cert-tests/provable-privkey-rsa2048 index f846476e7e..7f6b4090cf 100755 --- a/tests/cert-tests/provable-privkey-rsa2048 +++ b/tests/cert-tests/provable-privkey-rsa2048 @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE=provable-privkey$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/reject-invalid-time b/tests/cert-tests/reject-invalid-time index 39aa5c4ca5..27b3f3c758 100755 --- a/tests/cert-tests/reject-invalid-time +++ b/tests/cert-tests/reject-invalid-time @@ -19,10 +19,10 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${PKG_CONFIG=pkg-config} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 @@ -32,9 +32,9 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -${PKGCONFIG} --version >/dev/null || exit 77 +${PKG_CONFIG} --version >/dev/null || exit 77 -${PKGCONFIG} --atleast-version=4.12 libtasn1 || exit 77 +${PKG_CONFIG} --atleast-version=4.12 libtasn1 || exit 77 # Check whether certificates with invalid time fields are accepted for file in openssl-invalid-time-format.pem;do diff --git a/tests/cert-tests/rsa-pss-pad b/tests/cert-tests/rsa-pss-pad index 2c87c750fc..76b5a50742 100755 --- a/tests/cert-tests/rsa-pss-pad +++ b/tests/cert-tests/rsa-pss-pad @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} TMPFILE=pss.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/sha2-dsa-test b/tests/cert-tests/sha2-dsa-test index 8632aefd31..f24195ce12 100755 --- a/tests/cert-tests/sha2-dsa-test +++ b/tests/cert-tests/sha2-dsa-test @@ -22,8 +22,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} TEMPLFILE=template-dsa.$$.tmp CAFILE=ca-dsa.$$.tmp SUBCAFILE=subca-dsa.$$.tmp diff --git a/tests/cert-tests/sha2-test b/tests/cert-tests/sha2-test index eca12fdf7c..0c5ebd4cbc 100755 --- a/tests/cert-tests/sha2-test +++ b/tests/cert-tests/sha2-test @@ -22,8 +22,8 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} TEMPLFILE=template.$$.tmp CAFILE=ca.$$.tmp SUBCAFILE=subca.$$.tmp diff --git a/tests/cert-tests/sha3-test b/tests/cert-tests/sha3-test index a4300672c3..386b20b63d 100755 --- a/tests/cert-tests/sha3-test +++ b/tests/cert-tests/sha3-test @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} TMPFILE=sha3.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/smime b/tests/cert-tests/smime index f5e68401cf..5f6f8038e8 100755 --- a/tests/cert-tests/smime +++ b/tests/cert-tests/smime @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/template-exts-test b/tests/cert-tests/template-exts-test index 276ba2f798..379a9290e5 100755 --- a/tests/cert-tests/template-exts-test +++ b/tests/cert-tests/template-exts-test @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} OUTFILE="exts.$$.tmp" if ! test -x "${CERTTOOL}"; then diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test index 091021315b..b17942f2f8 100755 --- a/tests/cert-tests/template-test +++ b/tests/cert-tests/template-test @@ -20,10 +20,10 @@ #set -e -srcdir="${srcdir:-.}" -ac_cv_sizeof_time_t="${ac_cv_sizeof_time_t:-8}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${ac_cv_sizeof_time_t=8} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/tlsfeature-test b/tests/cert-tests/tlsfeature-test index fb26f6225b..4148a7b97c 100755 --- a/tests/cert-tests/tlsfeature-test +++ b/tests/cert-tests/tlsfeature-test @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} TMPFILE=tlsfeature.$$.tmp TMPFILE2=tlsfeature-2.$$.tmp diff --git a/tests/cert-tests/tolerate-invalid-time b/tests/cert-tests/tolerate-invalid-time index 22d2a9199b..d5f89163f3 100755 --- a/tests/cert-tests/tolerate-invalid-time +++ b/tests/cert-tests/tolerate-invalid-time @@ -19,10 +19,10 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${PKG_CONFIG=pkg-config} +: ${DIFF=diff -b -B} if ! test -x "${CERTTOOL}"; then exit 77 @@ -32,9 +32,9 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -${PKGCONFIG} --version >/dev/null || exit 77 +${PKG_CONFIG} --version >/dev/null || exit 77 -${PKGCONFIG} --atleast-version=4.12 libtasn1 || exit 77 +${PKG_CONFIG} --atleast-version=4.12 libtasn1 || exit 77 # Check whether certificates with invalid time fields are accepted for file in openssl-invalid-time-format.pem;do diff --git a/tests/cert-tests/userid b/tests/cert-tests/userid index e3cdef1efa..39753c2753 100755 --- a/tests/cert-tests/userid +++ b/tests/cert-tests/userid @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/cert-tests/x509-duplicate-ext b/tests/cert-tests/x509-duplicate-ext index 534a534a69..0cfa7e1673 100755 --- a/tests/cert-tests/x509-duplicate-ext +++ b/tests/cert-tests/x509-duplicate-ext @@ -17,8 +17,8 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} OUTFILE=out.$$.tmp if ! test -x "${CERTTOOL}"; then diff --git a/tests/certtool-pkcs11.sh b/tests/certtool-pkcs11.sh index daba535a4d..0964da536b 100755 --- a/tests/certtool-pkcs11.sh +++ b/tests/certtool-pkcs11.sh @@ -18,12 +18,12 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} RETCODE=0 if ! test -x "${P11TOOL}"; then diff --git a/tests/cipher-listings.sh b/tests/cipher-listings.sh index f11b01babb..768f5cfe63 100755 --- a/tests/cipher-listings.sh +++ b/tests/cipher-listings.sh @@ -20,10 +20,10 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" -SED="${SED:-sed}" +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff -b -B} +: ${SED=sed} unset RETCODE TMPFILE=cipher-listings.$$.tmp diff --git a/tests/danetool.sh b/tests/danetool.sh index be4445d93e..77ab0305c2 100755 --- a/tests/danetool.sh +++ b/tests/danetool.sh @@ -18,8 +18,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -DANETOOL="${DANETOOL:-../src/danetool${EXEEXT}}" +: ${srcdir=.} +: ${DANETOOL=../src/danetool${EXEEXT}} if test "${WINDIR}" != ""; then exit 77 diff --git a/tests/dh-fips-approved.sh b/tests/dh-fips-approved.sh index 136dd15f32..cc98b91fb3 100755 --- a/tests/dh-fips-approved.sh +++ b/tests/dh-fips-approved.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -85,7 +85,7 @@ for params in $ALLOWED_PARAMS; do PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem eval "${GETPORT}" - launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} + launch_server ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} PID=$! wait_server ${PID} @@ -102,7 +102,7 @@ for params in $DISALLOWED_PARAMS; do PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem eval "${GETPORT}" - launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} + launch_server ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} PID=$! wait_server ${PID} diff --git a/tests/fastopen.sh b/tests/fastopen.sh index 87f3b24bba..23a474e245 100755 --- a/tests/fastopen.sh +++ b/tests/fastopen.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -53,7 +53,7 @@ CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem CA1=${srcdir}/../doc/credentials/x509/ca.pem eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 2a1738cc6e..a73910dea6 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -20,9 +20,9 @@ # along with this program. If not, see <https://www.gnu.org/licenses/> # -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -DCLI="${DCLI:-../src/gnutls-cli-debug${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${DCLI=../src/gnutls-cli-debug${EXEEXT}} OUTFILE=cli-debug.$$.tmp TMPFILE=config.$$.tmp unset RETCODE @@ -66,7 +66,7 @@ TMPFILE=outcert.$$.tmp echo "Checking output of gnutls-cli-debug for TLS1.1 and TLS1.2 server" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 PID=$! wait_server ${PID} @@ -113,7 +113,7 @@ echo "" echo "Checking output of gnutls-cli-debug for TLS1.3 and TLS1.2 server" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 PID=$! wait_server ${PID} @@ -155,7 +155,7 @@ echo "" echo "Checking output of gnutls-cli-debug for small records and no RSA" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} --recordsize=64 >/dev/null 2>&1 PID=$! wait_server ${PID} @@ -173,7 +173,7 @@ check_text "for RSA key exchange support... no" echo "" echo "Checking output of gnutls-cli-debug when algorithms are disabled" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 PID=$! wait_server ${PID} @@ -207,7 +207,7 @@ if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then echo "Checking output of gnutls-cli-debug for GOST-enabled server" eval "${GETPORT}" - launch_server $$ --echo --priority "NORMAL:+GOST" --x509keyfile ${KEY4} --x509certfile ${CERT4} >/dev/null 2>&1 + launch_server --echo --priority "NORMAL:+GOST" --x509keyfile ${KEY4} --x509certfile ${CERT4} >/dev/null 2>&1 PID=$! wait_server ${PID} diff --git a/tests/gnutls-cli-invalid-crl.sh b/tests/gnutls-cli-invalid-crl.sh index 1a82bfafd3..32e72630f7 100755 --- a/tests/gnutls-cli-invalid-crl.sh +++ b/tests/gnutls-cli-invalid-crl.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE TMPFILE=crl-inv.$$.pem.tmp CAFILE=crl-inv-ca.$$.pem.tmp @@ -164,7 +164,7 @@ FQj9tqRIMQZIer3gaURWG8OZfntCAvtlSSwc1PjwLBXO9ZvNBw== __EOF__ eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} +launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} PID=$! wait_server ${PID} diff --git a/tests/gnutls-cli-rawpk.sh b/tests/gnutls-cli-rawpk.sh index 8b60da780e..90fde68c46 100755 --- a/tests/gnutls-cli-rawpk.sh +++ b/tests/gnutls-cli-rawpk.sh @@ -20,9 +20,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE CERTFILE1=rawpk-script1.$$.pem.tmp CERTFILE2=rawpk-script2.$$.pem.tmp @@ -186,7 +186,7 @@ cleanup() echo " * testing server X.509, client RAW" eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${CERTFILE1} --x509certfile ${CERTFILE1} --priority NORMAL:-CTYPE-CLI-ALL:+CTYPE-CLI-RAWPK --require-client-cert +launch_server --echo --x509keyfile ${CERTFILE1} --x509certfile ${CERTFILE1} --priority NORMAL:-CTYPE-CLI-ALL:+CTYPE-CLI-RAWPK --require-client-cert PID=$! wait_server ${PID} @@ -216,7 +216,7 @@ wait echo " * testing server RAW, client none" eval "${GETPORT}" -launch_server $$ --echo --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} --priority NORMAL:+CTYPE-SRV-RAWPK +launch_server --echo --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} --priority NORMAL:+CTYPE-SRV-RAWPK PID=$! wait_server ${PID} @@ -247,7 +247,7 @@ wait echo " * testing server RAW, client RAW" eval "${GETPORT}" -launch_server $$ --echo --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} --priority NORMAL:+CTYPE-SRV-RAWPK:-CTYPE-CLI-ALL:+CTYPE-CLI-RAWPK --require-client-cert +launch_server --echo --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} --priority NORMAL:+CTYPE-SRV-RAWPK:-CTYPE-CLI-ALL:+CTYPE-CLI-RAWPK --require-client-cert PID=$! wait_server ${PID} @@ -279,7 +279,7 @@ wait echo " * testing server X.509+RAW, client none" eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${CERTFILE1} --x509certfile ${CERTFILE1} --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} --priority NORMAL:+CTYPE-SRV-RAWPK +launch_server --echo --x509keyfile ${CERTFILE1} --x509certfile ${CERTFILE1} --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} --priority NORMAL:+CTYPE-SRV-RAWPK PID=$! wait_server ${PID} diff --git a/tests/gnutls-cli-resume.sh b/tests/gnutls-cli-resume.sh index 38ac076efa..bd33ff01d2 100755 --- a/tests/gnutls-cli-resume.sh +++ b/tests/gnutls-cli-resume.sh @@ -20,9 +20,9 @@ # along with this program. If not, see <https://www.gnu.org/licenses/> # -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -45,7 +45,7 @@ KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/gnutls-cli-save-data.sh b/tests/gnutls-cli-save-data.sh index 29a2c081b6..785d907d8f 100755 --- a/tests/gnutls-cli-save-data.sh +++ b/tests/gnutls-cli-save-data.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -56,7 +56,7 @@ TMPFILE1=save-data1.$$.tmp TMPFILE2=save-data2.$$.tmp eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} --ocsp-response=${OCSP1} --ignore-ocsp-response-errors -d 6 +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} --ocsp-response=${OCSP1} --ignore-ocsp-response-errors -d 6 PID=$! wait_server ${PID} diff --git a/tests/gnutls-cli-self-signed.sh b/tests/gnutls-cli-self-signed.sh index fbb5375bf0..8fd7ea9e47 100755 --- a/tests/gnutls-cli-self-signed.sh +++ b/tests/gnutls-cli-self-signed.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE TMPFILE=self-signed.$$.pem.tmp @@ -119,7 +119,7 @@ i2yISkQxkJZp8sTwSlIGZSBpuZcDq9AdUjan1WhGgl4hpHpjr3Y= __EOF__ eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} +launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} PID=$! wait_server ${PID} diff --git a/tests/logfile-option.sh b/tests/logfile-option.sh index 8cd8f9b53f..e0086dc821 100755 --- a/tests/logfile-option.sh +++ b/tests/logfile-option.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -59,7 +59,7 @@ TMPFILE2=save-data2.$$.tmp OPTS="--sni-hostname example.com --verify-hostname example.com" eval "${GETPORT}" -launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} +launch_server --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} PID=$! wait_server ${PID} @@ -86,7 +86,7 @@ fi rm -f ${TMPFILE1} ${TMPFILE2} eval "${GETPORT}" -launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} +launch_server --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} PID=$! wait_server ${PID} @@ -115,7 +115,7 @@ rm -f ${TMPFILE1} ${TMPFILE2} echo "x509 functionality test" eval "${GETPORT}" -launch_server $$ --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} @@ -141,7 +141,7 @@ fi rm -f ${TMPFILE1} ${TMPFILE2} eval "${GETPORT}" -launch_server $$ --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/long-crl.sh b/tests/long-crl.sh index 3abd910cbd..b59c8cb74c 100755 --- a/tests/long-crl.sh +++ b/tests/long-crl.sh @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/nist-pkits/pkits b/tests/nist-pkits/pkits index ac7221244e..0bdd337223 100755 --- a/tests/nist-pkits/pkits +++ b/tests/nist-pkits/pkits @@ -20,7 +20,7 @@ set -e -srcdir="${srcdir:-.}" +: ${srcdir=.} echo "Running PKITS CRT..." "${srcdir}/pkits_crt" diff --git a/tests/nist-pkits/pkits_crl b/tests/nist-pkits/pkits_crl index 6c3e92d606..40d51da5d5 100755 --- a/tests/nist-pkits/pkits_crl +++ b/tests/nist-pkits/pkits_crl @@ -18,8 +18,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} test -d crls || unzip "${srcdir}/PKITS_data.zip" diff --git a/tests/nist-pkits/pkits_crt b/tests/nist-pkits/pkits_crt index 92b69bd855..3a529b570b 100755 --- a/tests/nist-pkits/pkits_crt +++ b/tests/nist-pkits/pkits_crt @@ -18,8 +18,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} test -d certs || unzip "${srcdir}/PKITS_data.zip" diff --git a/tests/nist-pkits/pkits_pkcs12 b/tests/nist-pkits/pkits_pkcs12 index 0b34cb9a6f..9f071f20c5 100755 --- a/tests/nist-pkits/pkits_pkcs12 +++ b/tests/nist-pkits/pkits_pkcs12 @@ -18,8 +18,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} test -d pkcs12 || unzip "${srcdir}/PKITS_data.zip" diff --git a/tests/nist-pkits/pkits_smime b/tests/nist-pkits/pkits_smime index 62da9c95b4..aca9340bdf 100755 --- a/tests/nist-pkits/pkits_smime +++ b/tests/nist-pkits/pkits_smime @@ -18,8 +18,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -srcdir="${srcdir:-.}" -CERTTOOL=${CERTTOOL:-../../src/certtool} +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} test -d smime || unzip "${srcdir}/PKITS_data.zip" diff --git a/tests/nist-pkits/pkits_test b/tests/nist-pkits/pkits_test index 49feecb951..adf999c9c9 100755 --- a/tests/nist-pkits/pkits_test +++ b/tests/nist-pkits/pkits_test @@ -2,7 +2,7 @@ set -e -srcdir="${srcdir:-.}" +: ${srcdir=.} test -d certs || unzip "${srcdir}/PKITS_data.zip" diff --git a/tests/ocsp-tests/ocsp-load-chain b/tests/ocsp-tests/ocsp-load-chain index 0822bc3d99..33cc020fcb 100755 --- a/tests/ocsp-tests/ocsp-load-chain +++ b/tests/ocsp-tests/ocsp-load-chain @@ -19,9 +19,9 @@ #set -e -srcdir="${srcdir:-.}" -OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${OCSPTOOL}"; then exit 77 diff --git a/tests/ocsp-tests/ocsp-must-staple-connection b/tests/ocsp-tests/ocsp-must-staple-connection index 7da31765ed..049491add6 100755 --- a/tests/ocsp-tests/ocsp-must-staple-connection +++ b/tests/ocsp-tests/ocsp-must-staple-connection @@ -18,13 +18,12 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" -GNUTLS_SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -unset SERV -GNUTLS_CLI="${GNUTLS_CLI:-../src/gnutls-cli${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} TEMPLATE_FILE="ms-out.$$.tmpl.tmp" SERVER_CERT_FILE="ms-cert.$$.pem.tmp" SERVER_CERT_NO_EXT_FILE="ms-cert-no-ext.$$.pem.tmp" @@ -41,11 +40,11 @@ if ! test -x "${OCSPTOOL}"; then exit 77 fi -if ! test -x "${GNUTLS_SERV}"; then +if ! test -x "${SERV}"; then exit 77 fi -if ! test -x "${GNUTLS_CLI}"; then +if ! test -x "${CLI}"; then exit 77 fi @@ -70,8 +69,8 @@ OCSP_PORT=$PORT SERVER_START_TIMEOUT=10 # Check for OpenSSL -OPENSSL=`which openssl` -if ! test -x "${OPENSSL}"; then +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then echo "You need openssl to run this test." exit 77 fi @@ -130,7 +129,7 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} # if started repeatedly in a short time, probably a lack of # SO_REUSEADDR usage. PORT=${OCSP_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ -port "${OCSP_PORT}" \ @@ -171,9 +170,9 @@ fi echo "=== Test 1: Server with valid certificate - no staple ===" PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" @@ -184,7 +183,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -203,9 +202,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -217,7 +216,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -238,9 +237,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -252,7 +251,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -274,9 +273,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -288,7 +287,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -317,9 +316,9 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -TIMEOUT=$(which timeout) -if test -n "$TIMEOUT";then -${TIMEOUT} 30 "${GNUTLS_SERV}" --echo --disable-client-cert \ +: ${TIMEOUT=timeout} +if ("$TIMEOUT" --version) >/dev/null 2>&1; then +${TIMEOUT} 30 "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -332,9 +331,9 @@ fi echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring errors) ===" -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -347,7 +346,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -376,9 +375,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -390,7 +389,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -409,9 +408,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -423,7 +422,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -442,9 +441,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_NO_EXT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -456,7 +455,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -475,9 +474,9 @@ eval "${GETPORT}" # Port for gnutls-serv TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" \ @@ -489,7 +488,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? diff --git a/tests/ocsp-tests/ocsp-test b/tests/ocsp-tests/ocsp-test index bc2641a22e..cfb3033978 100755 --- a/tests/ocsp-tests/ocsp-test +++ b/tests/ocsp-tests/ocsp-test @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} if ! test -x "${OCSPTOOL}"; then exit 77 diff --git a/tests/ocsp-tests/ocsp-tls-connection b/tests/ocsp-tests/ocsp-tls-connection index fba9a6eb1c..84eda22b27 100755 --- a/tests/ocsp-tests/ocsp-tls-connection +++ b/tests/ocsp-tests/ocsp-tls-connection @@ -21,13 +21,12 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" -GNUTLS_SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -unset SERV -GNUTLS_CLI="${GNUTLS_CLI:-../src/gnutls-cli${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} TEMPLATE_FILE="out.$$.tmpl.tmp" SERVER_CERT_FILE="cert.$$.pem.tmp" @@ -39,11 +38,11 @@ if ! test -x "${OCSPTOOL}"; then exit 77 fi -if ! test -x "${GNUTLS_SERV}"; then +if ! test -x "${SERV}"; then exit 77 fi -if ! test -x "${GNUTLS_CLI}"; then +if ! test -x "${CLI}"; then exit 77 fi @@ -70,8 +69,8 @@ OCSP_PORT=$PORT SERVER_START_TIMEOUT=10 # Check for OpenSSL -OPENSSL=`which openssl` -if ! test -x "${OPENSSL}"; then +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then echo "You need openssl to run this test." exit 77 fi @@ -112,7 +111,7 @@ echo "=== Bringing OCSP server up ===" # if started repeatedly in a short time, probably a lack of # SO_REUSEADDR usage. PORT=${OCSP_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ "${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \ -port "${OCSP_PORT}" \ @@ -150,9 +149,9 @@ fi echo "=== Test 1: Server with valid certificate ===" PORT=${TLS_SERVER_PORT} -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" @@ -163,7 +162,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -195,9 +194,9 @@ echo "=== Test 2: Server with revoked certificate ===" eval "${GETPORT}" TLS_SERVER_PORT=$PORT -launch_bare_server $$ \ +launch_bare_server \ datefudge "${TESTDATE}" \ - "${GNUTLS_SERV}" --echo --disable-client-cert \ + "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \ --x509certfile="${SERVER_CERT_FILE}" \ --port="${TLS_SERVER_PORT}" @@ -207,7 +206,7 @@ wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ datefudge -s "${TESTDATE}" \ - "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? diff --git a/tests/ocsp-tests/ocsptool b/tests/ocsp-tests/ocsptool index 6677f80588..b10013ed32 100755 --- a/tests/ocsp-tests/ocsptool +++ b/tests/ocsp-tests/ocsptool @@ -21,10 +21,10 @@ # Sanity check program for various ocsptool options -srcdir="${srcdir:-.}" -OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" -DIFF="${DIFF:-diff}" -CMP="${CMP:-cmp}" +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} +: ${CMP=cmp} TMPFILE=ocsp.$$.tmp if ! test -x "${OCSPTOOL}"; then diff --git a/tests/p11-kit-load.sh b/tests/p11-kit-load.sh index 419900f6a3..36629241da 100755 --- a/tests/p11-kit-load.sh +++ b/tests/p11-kit-load.sh @@ -19,12 +19,12 @@ #set -e -srcdir="${srcdir:-.}" -builddir="${builddir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}" -DIFF="${DIFF:-diff}" -PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}" +: ${srcdir=.} +: ${builddir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${DIFF=diff} +: ${PKG_CONFIG=pkg-config} TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp" P11DIR="p11-kit-conf.$$.tmp" PIN=1234 @@ -46,9 +46,9 @@ for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/l fi done -${PKGCONFIG} --version >/dev/null || exit 77 +${PKG_CONFIG} --version >/dev/null || exit 77 -${PKGCONFIG} --atleast-version=0.23.10 p11-kit-1 +${PKG_CONFIG} --atleast-version=0.23.10 p11-kit-1 if test $? != 0;then echo p11-kit 0.23.10 is required exit 77 diff --git a/tests/p11-kit-trust.sh b/tests/p11-kit-trust.sh index 0af8272310..b47004accb 100755 --- a/tests/p11-kit-trust.sh +++ b/tests/p11-kit-trust.sh @@ -20,10 +20,10 @@ #set -e -srcdir="${srcdir:-.}" -P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff}" +: ${srcdir=.} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff} EXPORTED_FILE=out.$$.tmp DER_FILE=out-der.$$.tmp diff --git a/tests/pkcs7-cat.sh b/tests/pkcs7-cat.sh index a7a53a431a..86b1c6a1da 100755 --- a/tests/pkcs7-cat.sh +++ b/tests/pkcs7-cat.sh @@ -20,9 +20,9 @@ #set -e -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" fi diff --git a/tests/pkgconfig.sh b/tests/pkgconfig.sh index e1034162ae..b06ffa5a8c 100755 --- a/tests/pkgconfig.sh +++ b/tests/pkgconfig.sh @@ -20,19 +20,19 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -top_builddir="${top_builddir:-..}" -PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}" -CC=${CC:-cc} +: ${srcdir=.} +: ${top_builddir=..} +: ${PKG_CONFIG=pkg-config} +: ${CC=cc} unset RETCODE TMPFILE=c.$$.tmp.c TMPFILE_O=c.$$.tmp.o echo "$CFLAGS"|grep sanitize && exit 77 -${PKGCONFIG} --version >/dev/null || exit 77 +${PKG_CONFIG} --version >/dev/null || exit 77 -${PKGCONFIG} --libs nettle +${PKG_CONFIG} --libs nettle if test $? != 0;then echo "Nettle was not found in pkg-config" exit 77 @@ -40,7 +40,7 @@ fi for lib in libidn2 p11-kit-1 do - OTHER=$(${PKGCONFIG} --libs --static $lib) + OTHER=$(${PKG_CONFIG} --libs --static $lib) if test -n "${OTHER}" && test "${OTHER#*-R}" != "$OTHER";then echo "Found invalid string in $lib flags: ${OTHER}" exit 77 @@ -68,16 +68,16 @@ __EOF__ COMMON="-I${top_builddir}/lib/includes -L${top_builddir}/lib/.libs -I${srcdir}/../lib/includes" echo "Trying dynamic linking with:" -echo " * flags: $(${PKGCONFIG} --libs gnutls)" +echo " * flags: $(${PKG_CONFIG} --libs gnutls)" echo " * common: ${COMMON}" echo " * lib: ${CFLAGS}" -echo cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON} -${CC} ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON} +echo cc ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} +${CC} ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} echo "" -echo "Trying static linking with $(${PKGCONFIG} --libs --static gnutls)" -echo cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --static --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON} -${CC} ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --static --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON} +echo "Trying static linking with $(${PKG_CONFIG} --libs --static gnutls)" +echo cc ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --static --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} +${CC} ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --static --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} rm -f ${TMPFILE} ${TMPFILE_O} diff --git a/tests/profile-tests.sh b/tests/profile-tests.sh index 71295fd5a6..42ac25cfcb 100755 --- a/tests/profile-tests.sh +++ b/tests/profile-tests.sh @@ -22,9 +22,9 @@ # This program tests whether the profile keywords work as expected -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 @@ -81,7 +81,7 @@ _EOF_ KEY="${CERT}" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} PID=$! wait_server ${PID} @@ -145,7 +145,7 @@ _EOF_ KEY="${CERT}" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} PID=$! wait_server ${PID} @@ -213,7 +213,7 @@ _EOF_ KEY="${CERT}" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} PID=$! wait_server ${PID} diff --git a/tests/psktool.sh b/tests/psktool.sh index a5302f57aa..9e81d01718 100755 --- a/tests/psktool.sh +++ b/tests/psktool.sh @@ -19,8 +19,8 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -PSKTOOL="${PSKTOOL:-../src/psktool${EXEEXT}}" +: ${srcdir=.} +: ${PSKTOOL=../src/psktool${EXEEXT}} TMPFILE=psktool.$$.tmp if ! test -x "${PSKTOOL}"; then diff --git a/tests/rfc2253-escape-test b/tests/rfc2253-escape-test index 71a42504f4..2d71b83d00 100755 --- a/tests/rfc2253-escape-test +++ b/tests/rfc2253-escape-test @@ -22,7 +22,7 @@ set -e -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" +: ${CERTTOOL=../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/rsa-md5-collision/rsa-md5-collision.sh b/tests/rsa-md5-collision/rsa-md5-collision.sh index e319544b73..85f8e82675 100755 --- a/tests/rsa-md5-collision/rsa-md5-collision.sh +++ b/tests/rsa-md5-collision/rsa-md5-collision.sh @@ -21,8 +21,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} TMPFILE1=rsa-md5.$$.tmp TMPFILE2=rsa-md5-2.$$.tmp diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index 3229510385..30afae3460 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -26,40 +26,67 @@ export TZ="UTC" # command in the caller's PFCMD, or exit, indicating an unsupported # test. Prefer ss from iproute2 over the older netstat. have_port_finder() { - for file in $(which ss 2> /dev/null) /*bin/ss /usr/*bin/ss /usr/local/*bin/ss;do - if test -x "$file";then - PFCMD="$file";return 0 - fi - done + # Prefer PFCMD if set + if test "${PFCMD+set}" = set; then + return + fi - if test -z "$PFCMD";then - for file in $(which netstat 2> /dev/null) /bin/netstat /usr/bin/netstat /usr/local/bin/netstat;do - if test -x "$file";then - PFCMD="$file";return 0 + if (ss --version) > /dev/null 2>&1; then + PFCMD=ss + return + fi + + # 'ss' might be installed in /sbin + for dir in /sbin /usr/sbin /usr/local/sbin; do + if ($dir/ss --version) > /dev/null 2>&1; then + PFCMD=$dir/ss + return fi done - fi - if test -z "$PFCMD";then - echo "neither ss nor netstat found" - exit 1 + # We can't assume netstat --version for portability reasons + if (type netstat) > /dev/null 2>&1; then + PFCMD=netstat + return fi + + echo "neither ss nor netstat found" 1>&2 + exit 77 } check_if_port_in_use() { - local PORT="$1" - local PFCMD; have_port_finder + local PORT=$1 + have_port_finder $PFCMD -an|grep "[\:\.]$PORT" >/dev/null 2>&1 } check_if_port_listening() { - local PORT="$1" - local PFCMD; have_port_finder + local PORT=$1 + have_port_finder $PFCMD -anl|grep "[\:\.]$PORT"|grep LISTEN >/dev/null 2>&1 } +trap "rmdir \"$top_builddir/tests/port.lock.d\" > /dev/null 2>&1 || :" 1 15 2 + +obtain_port_lock() +{ + local i + for i in 1 2 3 4 5 6; do + if mkdir "$top_builddir/tests/port.lock.d" > /dev/null 2>&1; then + return + fi + echo "try $i: obtaining port lock" + sleep 2 + done + return 1 +} + # Find a port number not currently in use. GETPORT=' + obtain_port_lock() + if $? -ne 0; then + echo "failed to obtain port lock: continuing anyway" + fi rc=0 unset myrandom while test $rc = 0; do @@ -101,26 +128,20 @@ fail() { exit_if_non_x86() { -which lscpu >/dev/null 2>&1 -if test $? = 0;then - $(which lscpu)|grep Architecture|grep x86 - if test $? != 0;then - echo "non-x86 CPU detected" - exit 0 - fi -fi + if (lscpu --version) >/dev/null 2>&1 && \ + ! lscpu 2>/dev/null | grep 'Architecture:[ ]*x86' >/dev/null; then + echo "non-x86 CPU detected" + exit + fi } exit_if_non_padlock() { -which lscpu >/dev/null 2>&1 -if test $? = 0;then - $(which lscpu)|grep Flags|grep phe - if test $? != 0;then - echo "non-Via padlock CPU detected" - exit 0 - fi -fi + if (lscpu --version) >/dev/null 2>&1 && \ + ! lscpu 2>/dev/null | grep 'Flags:[ ]*phe' >/dev/null; then + echo "non-Via padlock CPU detected" + exit + fi } wait_for_port() @@ -129,16 +150,17 @@ wait_for_port() local PORT="$1" sleep 1 - for i in 1 2 3 4 5 6;do + local i=0 + while test $i -lt 90; do check_if_port_listening ${PORT} ret=$? - if test $ret != 0;then - check_if_port_in_use ${PORT} - echo try $i - sleep 2 - else + if test $ret = 0;then break fi + i=`expr $i + 1` + check_if_port_in_use ${PORT} + echo "try $i: waiting for port" + sleep 2 done return $ret } @@ -160,42 +182,25 @@ wait_for_free_port() return $ret } -launch_server() { - PARENT="$1" - shift - - wait_for_free_port ${PORT} - ${SERV} ${DEBUG} -p "${PORT}" "$@" >${LOGFILE-/dev/null} & -} - -launch_pkcs11_server() { - PARENT="$1" - shift - PROVIDER="$1" - shift - - wait_for_free_port ${PORT} - - ${VALGRIND} ${SERV} ${PROVIDER} ${DEBUG} -p "${PORT}" "$@" & -} - launch_bare_server() { - PARENT="$1" - shift + wait_for_free_port "$PORT" + "$@" >${LOGFILE-/dev/null} & +} - wait_for_free_port ${PORT} - ${SERV} "$@" >${LOGFILE-/dev/null} & +launch_server() { + launch_bare_server $VALGRIND $SERV $DEBUG -p "$PORT" "$@" } wait_server() { local PID=$1 - trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2 + trap "test -n \"${PID}\" && kill ${PID}; exit 1" 1 15 2 wait_for_port $PORT if test $? != 0;then echo "Server $PORT did not come up" kill $PID exit 1 fi + rmdir "$top_builddir/tests/port.lock.d" > /dev/null 2>&1 || : } wait_udp_server() { @@ -204,14 +209,6 @@ wait_udp_server() { sleep 4 } -if test -x /usr/bin/lockfile-create;then -LOCKFILE="lockfile-create global" -UNLOCKFILE="lockfile-remove global" -else -LOCKFILE="lockfile global.lock" -UNLOCKFILE="rm -f global.lock" -fi - create_testdir() { local PREFIX=$1 d=`mktemp -d -t ${PREFIX}.XXXXXX` diff --git a/tests/serv-udp.sh b/tests/serv-udp.sh index 9db3a32a42..bccc34c816 100755 --- a/tests/serv-udp.sh +++ b/tests/serv-udp.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -52,7 +52,7 @@ KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem eval "${GETPORT}" -launch_server $$ --x509keyfile ${KEY1} --x509certfile ${CERT1} --udp -d 2 +launch_server --x509keyfile ${KEY1} --x509certfile ${CERT1} --udp -d 2 PID=$! wait_udp_server $PID diff --git a/tests/server-multi-keys.sh b/tests/server-multi-keys.sh index 7737ec9b83..9dd6a6adfe 100755 --- a/tests/server-multi-keys.sh +++ b/tests/server-multi-keys.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -60,7 +60,7 @@ CAFILE=${srcdir}/../doc/credentials/x509/ca.pem TMPFILE=outcert.$$.tmp eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ +launch_server --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} PID=$! wait_server ${PID} diff --git a/tests/server-weak-keys.sh b/tests/server-weak-keys.sh index 1fa14711fb..89b134c72a 100755 --- a/tests/server-weak-keys.sh +++ b/tests/server-weak-keys.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -54,7 +54,7 @@ KEY1=${srcdir}/certs/rsa-512.pem CERT1=${srcdir}/certs/rsa-512.pem eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/slow/test-ciphers-api.sh b/tests/slow/test-ciphers-api.sh index d591496be1..814f5cc024 100755 --- a/tests/slow/test-ciphers-api.sh +++ b/tests/slow/test-ciphers-api.sh @@ -19,7 +19,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" +: ${srcdir=.} PROG=./cipher-api-test${EXEEXT} . "${srcdir}/test-ciphers-common.sh" diff --git a/tests/slow/test-ciphers-common.sh b/tests/slow/test-ciphers-common.sh index 1a76b48ce0..e8b38c84ed 100644 --- a/tests/slow/test-ciphers-common.sh +++ b/tests/slow/test-ciphers-common.sh @@ -23,7 +23,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -srcdir="${srcdir:-.}" +: ${srcdir=.} . "${srcdir}/../scripts/common.sh" ${PROG} @@ -74,8 +74,8 @@ if test $ret != 0; then fi #SHANI -$(which lscpu)|grep Flags|grep sha_ni >/dev/null -if test $? = 0;then +if (lscpu --version) >/dev/null 2>&1 && \ + lscpu 2>/dev/null | grep 'Flags:[ ]*sha_ni' >/dev/null; then GNUTLS_CPUID_OVERRIDE=0x20 ${PROG} ret=$? if test $ret != 0; then diff --git a/tests/slow/test-ciphers-openssl.sh b/tests/slow/test-ciphers-openssl.sh index b025fcc600..dc8fb60edc 100755 --- a/tests/slow/test-ciphers-openssl.sh +++ b/tests/slow/test-ciphers-openssl.sh @@ -20,7 +20,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} PROG=./cipher-openssl-compat${EXEEXT} . "${srcdir}/test-ciphers-common.sh" diff --git a/tests/slow/test-ciphers.sh b/tests/slow/test-ciphers.sh index abc020be6b..b4bc41151a 100755 --- a/tests/slow/test-ciphers.sh +++ b/tests/slow/test-ciphers.sh @@ -20,7 +20,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} PROG=./cipher-test${EXEEXT} . "${srcdir}/test-ciphers-common.sh" diff --git a/tests/slow/test-hash-large.sh b/tests/slow/test-hash-large.sh index 754232ec2c..7a052bddcd 100755 --- a/tests/slow/test-hash-large.sh +++ b/tests/slow/test-hash-large.sh @@ -27,7 +27,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -srcdir="${srcdir:-.}" +: ${srcdir=.} . "${srcdir}/../scripts/common.sh" run_test() { @@ -44,23 +44,19 @@ run_test() { #0x1: no optimizations #"": default optimizations -SSSE3FLAG="" -SHANIFLAG="" -which lscpu >/dev/null 2>&1 -if test $? = 0;then - $(which lscpu)|grep Architecture|grep x86 >/dev/null - if test $? = 0;then - SSSE3FLAG="0x4" +FLAGS="" +if (lscpu --version) >/dev/null 2>&1; then + if lscpu 2>/dev/null | grep 'Flags:[ ]*ssse3' >/dev/null; then + FLAGS="$FLAGS 0x4" fi - $(which lscpu)|grep Flags|grep sha_ni >/dev/null - if test $? = 0;then - SHANIFLAG="0x20" + if lscpu 2>/dev/null | grep 'Flags:[ ]*sha_ni' >/dev/null; then + FLAGS="$FLAGS 0x20" fi fi WAITPID="" -for flags in "" "0x1" ${SSSE3FLAG} ${SHANIFLAG};do +for flags in "" "0x1" ${FLAGS};do run_test ${flags} & WAITPID="${WAITPID} $!" done diff --git a/tests/sni-hostname.sh b/tests/sni-hostname.sh index 8bcc3b9a8a..b8100d9d6d 100755 --- a/tests/sni-hostname.sh +++ b/tests/sni-hostname.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -55,7 +55,7 @@ OPTS="--sni-hostname example.com --verify-hostname example.com" NOOPTS="--sni-hostname noexample.com --verify-hostname example.com" eval "${GETPORT}" -launch_server $$ --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/sni-resume.sh b/tests/sni-resume.sh index 913f4a8b79..7f2fd0132d 100755 --- a/tests/sni-resume.sh +++ b/tests/sni-resume.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${SERV}"; then @@ -52,7 +52,7 @@ echo "Checking if the SNI extension is parsed in gnutls-serv during" \ TMPFILE="servoutput.$$.tmp" eval "${GETPORT}" -launch_server $$ --echo --priority ${PRIORITY} --sni-hostname-fatal \ +launch_server --echo --priority ${PRIORITY} --sni-hostname-fatal \ --sni-hostname server.example.com --noticket 2>${TMPFILE} PID=$! wait_server ${PID} diff --git a/tests/starttls-ftp.sh b/tests/starttls-ftp.sh index 4e6b241e3a..9baad57941 100755 --- a/tests/starttls-ftp.sh +++ b/tests/starttls-ftp.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls-lmtp.sh b/tests/starttls-lmtp.sh index 96c5c0c160..a1b6d6b13c 100755 --- a/tests/starttls-lmtp.sh +++ b/tests/starttls-lmtp.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls-nntp.sh b/tests/starttls-nntp.sh index 256a7cad4b..6cd834dcae 100755 --- a/tests/starttls-nntp.sh +++ b/tests/starttls-nntp.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls-pop3.sh b/tests/starttls-pop3.sh index 57fa2de9af..37e5263897 100755 --- a/tests/starttls-pop3.sh +++ b/tests/starttls-pop3.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls-sieve.sh b/tests/starttls-sieve.sh index e7b90a3e06..dc395ba9af 100755 --- a/tests/starttls-sieve.sh +++ b/tests/starttls-sieve.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls-smtp.sh b/tests/starttls-smtp.sh index c346b11f17..6633e1ce13 100755 --- a/tests/starttls-smtp.sh +++ b/tests/starttls-smtp.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls-xmpp.sh b/tests/starttls-xmpp.sh index 71fc512572..82d0db7751 100755 --- a/tests/starttls-xmpp.sh +++ b/tests/starttls-xmpp.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/starttls.sh b/tests/starttls.sh index 0feed953ac..ed9be413ec 100755 --- a/tests/starttls.sh +++ b/tests/starttls.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" @@ -33,7 +33,7 @@ SERV="${SERV} -q" echo "Checking STARTTLS" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:+ANON-ECDH" +launch_server --echo --priority "NORMAL:+ANON-ECDH" PID=$! wait_server ${PID} diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh index c616189e63..4a32c65ad5 100755 --- a/tests/suite/certs/create-chain.sh +++ b/tests/suite/certs/create-chain.sh @@ -1,6 +1,6 @@ #!/bin/sh -CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}" +: ${CERTTOOL=../../../src/certtool${EXEEXT}} OUTPUT=out TEMPLATE=tmpl diff --git a/tests/suite/chain.sh b/tests/suite/chain.sh index d9e04bead7..03eea2e8b2 100755 --- a/tests/suite/chain.sh +++ b/tests/suite/chain.sh @@ -20,11 +20,11 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} mkdir -p x509paths cd x509paths -CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}" +: ${CERTTOOL=../../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/suite/ciphersuite/scan-gnutls.sh b/tests/suite/ciphersuite/scan-gnutls.sh index 1a7b519530..e84f04057e 100755 --- a/tests/suite/ciphersuite/scan-gnutls.sh +++ b/tests/suite/ciphersuite/scan-gnutls.sh @@ -3,8 +3,8 @@ echo 'var gnutls_ciphersuites = {' -srcdir="${srcdir:-.}" -top_builddir="${top_builddir:-../..}" +: ${srcdir=.} +: ${top_builddir=../..} gcc -E "${srcdir}/../../lib/algorithms/ciphersuites.c" -I"${top_builddir}" -I"${srcdir}/../../lib" -DHAVE_CONFIG_H -DHAVE_LIBNETTLE -I"${srcdir}/../../gl" -I"${srcdir}/../includes" -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \ | awk '/^static const gnutls_cipher_suite_entry_st cs_algorithms/, /;/ { print; }' \ diff --git a/tests/suite/eagain.sh b/tests/suite/eagain.sh index d012ad8cde..1b41ae482f 100755 --- a/tests/suite/eagain.sh +++ b/tests/suite/eagain.sh @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../../src/gnutls-serv${EXEEXT}} if ! test -x "${SERV}"; then exit 77 @@ -36,7 +36,7 @@ eval "${GETPORT}" KEY1=${srcdir}/../../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../../doc/credentials/x509/cert-rsa.pem -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/suite/multi-ticket-reception.sh b/tests/suite/multi-ticket-reception.sh index 6c0113e372..2e16008ae4 100755 --- a/tests/suite/multi-ticket-reception.sh +++ b/tests/suite/multi-ticket-reception.sh @@ -20,10 +20,10 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} TLSPY_SERV="${srcdir}/tls-fuzzer/tlslite-ng/scripts/tls.py" PYPATH="${srcdir}/tls-fuzzer/tlsfuzzer/" -CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +: ${CLI=../../src/gnutls-cli${EXEEXT}} unset RETCODE if test "${PYTHON}" = ":" ; then diff --git a/tests/suite/test-ciphersuite-names.sh b/tests/suite/test-ciphersuite-names.sh index a00fa482de..a5c66099d9 100755 --- a/tests/suite/test-ciphersuite-names.sh +++ b/tests/suite/test-ciphersuite-names.sh @@ -1,7 +1,7 @@ #!/bin/sh -srcdir="${srcdir:-.}" -top_builddir="${top_builddir:-../..}" +: ${srcdir=.} +: ${top_builddir=../..} nodejs --help >/dev/null 2>&1 if test $? = 0; then diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl index ce87a4ba5e..4c06df5bc7 100755 --- a/tests/suite/testcompat-main-openssl +++ b/tests/suite/testcompat-main-openssl @@ -30,9 +30,9 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -srcdir="${srcdir:-.}" -GNUTLS_SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../../src/gnutls-serv${EXEEXT}} +: ${CLI=../../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${CLI}"; then @@ -49,40 +49,38 @@ fi . "${srcdir}/../scripts/common.sh" -PORT="${PORT:-${RPORT}}" +: ${PORT=${RPORT}} -SERV=openssl -OPENSSL_CLI="$SERV" +: ${OPENSSL=openssl} SIGALGS=RSA+SHA1:RSA+SHA256 -echo "Compatibility checks using "`${SERV} version` -${SERV} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1 -SV=$? -if test ${SV} != 0; then +echo "Compatibility checks using "`${OPENSSL} version` +${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1 +if test $? != 0; then echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" exit 77 fi . "${srcdir}/testcompat-common" -${SERV} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1 +${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1 HAVE_X25519=$? test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519" -${SERV} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1 +${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1 NO_TLS1_2=$? test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2" -${SERV} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1 +${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1 if test $? = 0;then NO_DH_PARAMS=0 else NO_DH_PARAMS=1 fi -${SERV} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1 +${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1 NO_DSS=$? if test $NO_DSS != 0;then @@ -92,27 +90,27 @@ else SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256" fi -${SERV} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1 +${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1 NO_CAMELLIA=$? test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites" -${SERV} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1 +${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1 NO_RC4=$? test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites" -${SERV} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1 +${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1 NO_3DES=$? test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites" -${SERV} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1 +${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1 NO_NULL=$? test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites" -${SERV} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1 +${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1 NO_PRIME192v1=$? test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam" @@ -123,16 +121,16 @@ else OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\"" fi -${SERV} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1 +${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1 HAVE_NOT_SSL3=$? if test $HAVE_NOT_SSL3 = 0;then eval "${GETPORT}" - launch_bare_server $$ s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1 + launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \ HAVE_NOT_SSL3=1 kill ${PID} wait @@ -156,7 +154,7 @@ run_client_suite() { # It seems debian disabled SSL 3.0 completely on openssl eval "${GETPORT}" - launch_bare_server $$ s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -182,7 +180,7 @@ run_client_suite() { if test "${NO_RC4}" != 1; then eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 >/dev/null PID=$! wait_server ${PID} @@ -198,7 +196,7 @@ run_client_suite() { if test "${NO_NULL}" = 0; then #-cipher RSA-NULL eval "${GETPORT}" - launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -213,7 +211,7 @@ run_client_suite() { #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -264,7 +262,7 @@ run_client_suite() { if test "${FIPS_CURVES}" != 1 && test "${NO_PRIME192v1}" != 1; then eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -278,7 +276,7 @@ run_client_suite() { #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -293,7 +291,7 @@ run_client_suite() { #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -307,7 +305,7 @@ run_client_suite() { #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -321,7 +319,7 @@ run_client_suite() { #-cipher PSK eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null PID=$! wait_server ${PID} @@ -336,7 +334,7 @@ run_client_suite() { # Tests requiring openssl 1.0.1 - TLS 1.2 #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -367,7 +365,7 @@ run_client_suite() { if test "${HAVE_X25519}" = 0; then eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -382,7 +380,7 @@ run_client_suite() { if test "${FIPS_CURVES}" != 1; then #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -396,7 +394,7 @@ run_client_suite() { #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -410,7 +408,7 @@ run_client_suite() { if test "${FIPS_CURVES}" != 1; then #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null PID=$! wait_server ${PID} @@ -425,7 +423,7 @@ run_client_suite() { #-cipher PSK eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null PID=$! wait_server ${PID} @@ -437,7 +435,7 @@ run_client_suite() { wait eval "${GETPORT}" - launch_bare_server $$ s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_udp_server ${PID} @@ -450,7 +448,7 @@ run_client_suite() { wait eval "${GETPORT}" - launch_bare_server $$ s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_udp_server ${PID} @@ -464,7 +462,7 @@ run_client_suite() { if test "${NO_DSS}" = 0; then eval "${GETPORT}" - launch_bare_server $$ s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_udp_server ${PID} @@ -478,7 +476,7 @@ run_client_suite() { fi eval "${GETPORT}" - launch_bare_server $$ s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_udp_server ${PID} @@ -490,7 +488,7 @@ run_client_suite() { wait eval "${GETPORT}" - launch_bare_server $$ s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_udp_server ${PID} @@ -503,7 +501,7 @@ run_client_suite() { wait eval "${GETPORT}" - launch_bare_server $$ s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null + launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null PID=$! wait_udp_server ${PID} @@ -531,7 +529,7 @@ echo "${PREFIX}" echo "${PREFIX}###############################################" echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#" echo "${PREFIX}###############################################" -SERV="${GNUTLS_SERV} -q" +SERV="${SERV} -q" # Note that openssl s_client does not return error code on failure @@ -546,16 +544,16 @@ run_server_suite() { echo "${PREFIX}Check SSL 3.0 with RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+3DES-CBC:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+MD5:+ARCFOUR-128:+3DES-CBC:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" if test "${NO_RC4}" != 1; then echo "${PREFIX}Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" fi @@ -564,11 +562,11 @@ run_server_suite() { echo "${PREFIX}Check SSL 3.0 with DHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -577,11 +575,11 @@ run_server_suite() { if test "${NO_DSS}" = 0; then echo "${PREFIX}Check SSL 3.0 with DHE-DSS ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -593,11 +591,11 @@ run_server_suite() { # This test was disabled because it doesn't work as expected with openssl 1.0.0d #echo "${PREFIX}Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + #launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" #PID=$! #wait_server ${PID} # - #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + #${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ # fail ${PID} "Failed" # #kill ${PID} @@ -606,11 +604,11 @@ run_server_suite() { if test "${NO_NULL}" = 0; then echo "${PREFIX}Check TLS 1.0 with RSA-NULL ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -619,11 +617,11 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -632,11 +630,11 @@ run_server_suite() { if test "${NO_DSS}" = 0; then echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -645,12 +643,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-RSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -659,12 +657,12 @@ run_server_suite() { if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -673,12 +671,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -686,12 +684,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -700,12 +698,12 @@ run_server_suite() { if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -714,12 +712,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} #-cipher PSK-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + ${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ fail ${PID} "Failed" kill ${PID} @@ -729,11 +727,11 @@ run_server_suite() { # test resumption echo "${PREFIX}Check TLS 1.2 with resumption" eval "${GETPORT}" - launch_server $$ --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -741,11 +739,11 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -754,11 +752,11 @@ run_server_suite() { if test "${NO_DSS}" = 0; then echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -767,12 +765,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-RSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -781,11 +779,11 @@ run_server_suite() { if test "${HAVE_X22519}" = 0; then echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -795,12 +793,12 @@ run_server_suite() { if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -809,12 +807,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -822,12 +820,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -836,12 +834,12 @@ run_server_suite() { if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -850,12 +848,12 @@ run_server_suite() { echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} #-cipher PSK-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + ${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ fail ${PID} "Failed" kill ${PID} @@ -866,11 +864,11 @@ run_server_suite() { # DTLS echo "${PREFIX}Check DTLS 1.0 with RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -879,12 +877,12 @@ run_server_suite() { echo "${PREFIX}Check DTLS 1.0 with DHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -893,12 +891,12 @@ run_server_suite() { if test "${NO_DSS}" = 0; then echo "${PREFIX}Check DTLS 1.0 with DHE-DSS ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -907,11 +905,11 @@ run_server_suite() { echo "${PREFIX}Check DTLS 1.2 with AES-CBC" eval "${GETPORT}" - launch_server $$ --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -919,11 +917,11 @@ run_server_suite() { echo "${PREFIX}Check DTLS 1.2 with RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -932,12 +930,12 @@ run_server_suite() { echo "${PREFIX}Check DTLS 1.2 with DHE-RSA ciphersuite" eval "${GETPORT}" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -945,12 +943,12 @@ run_server_suite() { echo "${PREFIX}Check DTLS 1.2 with ECDHE-RSA" eval "${GETPORT}" - launch_server $$ --priority "NONE:+GROUP-ALL:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+GROUP-ALL:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_udp_server ${PID} - ${OPENSSL_CLI} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl index e945fd5025..ba8b7bbb6c 100755 --- a/tests/suite/testcompat-main-polarssl +++ b/tests/suite/testcompat-main-polarssl @@ -30,8 +30,8 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -srcdir="${srcdir:-.}" -CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${CLI=../../src/gnutls-cli${EXEEXT}} LOGFILE=polarssl.log unset RETCODE @@ -102,7 +102,7 @@ run_server_suite() { #TLS 1.0 echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -113,7 +113,7 @@ run_server_suite() { wait #echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" + #launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" #PID=$! #wait_server ${PID} @@ -125,7 +125,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -138,7 +138,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -151,7 +151,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with DHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -164,7 +164,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with ECDHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -177,7 +177,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with RSA-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -191,7 +191,7 @@ run_server_suite() { if test ${ALL_CURVES} = 1; then eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -205,7 +205,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -218,7 +218,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -231,7 +231,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -244,7 +244,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -256,7 +256,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -268,7 +268,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -280,7 +280,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -292,7 +292,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -303,7 +303,7 @@ run_server_suite() { wait #echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" + #launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}" #PID=$! #wait_server ${PID} # @@ -315,7 +315,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -329,7 +329,7 @@ run_server_suite() { if test ${ALL_CURVES} = 1; then eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -343,7 +343,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -356,7 +356,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -369,7 +369,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" PID=$! wait_server ${PID} @@ -382,7 +382,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -395,7 +395,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with DHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -408,7 +408,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with ECDHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} @@ -421,7 +421,7 @@ run_server_suite() { eval "${GETPORT}" echo "${PREFIX}Check TLS 1.2 with RSA-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" + launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" PID=$! wait_server ${PID} diff --git a/tests/suite/testcompat-oldgnutls.sh b/tests/suite/testcompat-oldgnutls.sh index 937bf57050..b8700a7300 100755 --- a/tests/suite/testcompat-oldgnutls.sh +++ b/tests/suite/testcompat-oldgnutls.sh @@ -30,9 +30,9 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -abs_top_srcdir="${abs_top_srcdir:-$(pwd)/../../}" -srcdir="${srcdir:-.}" -CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +: ${abs_top_srcdir=$(pwd)/../../} +: ${srcdir=.} +: ${CLI=../../src/gnutls-cli${EXEEXT}} TMPFILE=testcompat-oldgnutls.$$.tmp # This assumes a root directory in /usr/local/OLDGNUTLS containing the @@ -58,7 +58,7 @@ skip_if_no_datefudge . "${srcdir}/testcompat-common" -PORT="${PORT:-${RPORT}}" +: ${PORT=${RPORT}} SERV=/usr/local/OLDGNUTLS/usr/bin/gnutls-serv @@ -86,7 +86,7 @@ run_client_suite() { fi eval "${GETPORT}" - LD_LIBRARY_PATH=$LDPATH launch_server $$ --priority "NORMAL:+SHA256${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + LD_LIBRARY_PATH=$LDPATH launch_server --priority "NORMAL:+SHA256${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} @@ -150,7 +150,7 @@ run_server_suite() { fi eval "${GETPORT}" - launch_server $$ --priority "NORMAL:+SHA256${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" + launch_server --priority "NORMAL:+SHA256${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}" PID=$! wait_server ${PID} diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl.sh index b932a599c9..847eded621 100755 --- a/tests/suite/testcompat-openssl.sh +++ b/tests/suite/testcompat-openssl.sh @@ -30,7 +30,7 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -srcdir="${srcdir:-.}" +: ${srcdir=.} if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then echo "Cannot run in FIPS140-2 mode" diff --git a/tests/suite/testcompat-polarssl.sh b/tests/suite/testcompat-polarssl.sh index 2197a94bf7..7a9f67c27c 100755 --- a/tests/suite/testcompat-polarssl.sh +++ b/tests/suite/testcompat-polarssl.sh @@ -30,7 +30,7 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -srcdir="${srcdir:-.}" +: ${srcdir=.} export TZ="UTC" diff --git a/tests/suite/testcompat-tls13-openssl.sh b/tests/suite/testcompat-tls13-openssl.sh index 1090a47763..7abbb5d7bc 100755 --- a/tests/suite/testcompat-tls13-openssl.sh +++ b/tests/suite/testcompat-tls13-openssl.sh @@ -30,10 +30,9 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -abs_top_srcdir="${abs_top_srcdir:-$(pwd)/../../}" -srcdir="${srcdir:-.}" -GNUTLS_SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../../src/gnutls-serv${EXEEXT}} +: ${CLI=../../src/gnutls-cli${EXEEXT}} unset RETCODE if ! test -x "${CLI}"; then @@ -54,10 +53,9 @@ skip_if_no_datefudge . "${srcdir}/testcompat-common" -PORT="${PORT:-${RPORT}}" +: ${PORT=${RPORT}} -SERV=openssl -OPENSSL_CLI="$SERV" +: ${OPENSSL=openssl} if test -z "$OUTPUT";then OUTPUT=/dev/null @@ -69,7 +67,7 @@ echo_cmd() { tee -a ${OUTPUT} <<<$(echo $1) } -echo_cmd "Compatibility checks using "`${SERV} version` +echo_cmd "Compatibility checks using "`${OPENSSL} version` echo_cmd "#################################################" echo_cmd "# Client mode tests (gnutls cli-openssl server) #" @@ -86,7 +84,7 @@ run_client_suite() { eval "${GETPORT}" - launch_bare_server $$ s_server -ciphersuites ${OCIPHERSUITES} -groups 'X25519:P-256:X448:P-521:P-384' -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -ciphersuites ${OCIPHERSUITES} -groups 'X25519:P-256:X448:P-521:P-384' -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -119,7 +117,7 @@ run_client_suite() { #test PSK ciphersuites # disabled as I do not seem to be able to connect to openssl s_server with PSK eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -psk_identity ${PSKID} -psk ${PSKKEY} -nocert + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -psk_identity ${PSKID} -psk ${PSKKEY} -nocert PID=$! wait_server ${PID} @@ -141,7 +139,7 @@ run_client_suite() { #test client certificates eval "${GETPORT}" - launch_bare_server $$ s_server -cipher "ALL" -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_bare_server "$OPENSSL" s_server -cipher "ALL" -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} @@ -168,7 +166,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with Ed25519 certificate..." eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED25519_KEY}" -cert "${ED25519_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED25519_KEY}" -cert "${ED25519_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -180,7 +178,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..." eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED448_KEY}" -cert "${ED448_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED448_KEY}" -cert "${ED448_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -192,7 +190,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..." eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ECC_KEY}" -cert "${ECC_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ECC_KEY}" -cert "${ECC_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -204,7 +202,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with RSA-PSS certificate..." eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_PSS_KEY}" -cert "${RSA_PSS_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_PSS_KEY}" -cert "${RSA_PSS_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -218,7 +216,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with resumption..." testdir=`create_testdir tls13-openssl-resumption` eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -232,7 +230,7 @@ run_client_suite() { # Try resumption with HRR echo_cmd "${PREFIX}Checking TLS 1.3 with resumption and HRR..." eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -groups 'X25519:P-256' -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" + launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -groups 'X25519:P-256' -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -247,7 +245,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with resumption with early data..." testdir=`create_testdir tls13-openssl-resumption` eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data + launch_bare_server "$OPENSSL" s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data PID=$! wait_server ${PID} @@ -263,7 +261,7 @@ run_client_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with resumption with early data..." testdir=`create_testdir tls13-openssl-resumption` eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data -max_early_data 1 + launch_bare_server "$OPENSSL" s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data -max_early_data 1 PID=$! wait_server ${PID} @@ -282,7 +280,7 @@ run_client_suite() { testdir=`create_testdir tls13-openssl-keymatexport` eval "${GETPORT}" LOGFILE="${testdir}/server.out" - launch_bare_server $$ s_server -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -keymatexport label -keymatexportlen 20 + launch_bare_server "$OPENSSL" s_server -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -keymatexport label -keymatexportlen 20 unset LOGFILE PID=$! wait_server ${PID} @@ -310,7 +308,7 @@ echo_cmd "${PREFIX}" echo_cmd "${PREFIX}###############################################" echo_cmd "${PREFIX}# Server mode tests (gnutls server-openssl cli#" echo_cmd "${PREFIX}###############################################" -SERV="${GNUTLS_SERV} -q" +SERV="${SERV} -q" # Note that openssl s_client does not return error code on failure @@ -326,11 +324,11 @@ run_server_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with ${i}..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+${i}${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+${i}${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -ciphersuites ${OCIPHERSUITES} -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -ciphersuites ${OCIPHERSUITES} -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -342,11 +340,11 @@ run_server_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with ${i}..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+${i}${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+${i}${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -355,18 +353,18 @@ run_server_suite() { echo_cmd "${PREFIX}Checking TLS 1.3 with HRR..." eval "${GETPORT}" - launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -groups 'X25519:P-256:X448:P-521:P-384' -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -groups 'X25519:P-256:X448:P-521:P-384' -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" echo_cmd "${PREFIX}Checking TLS 1.3 with rekey..." expect - >/dev/null <<_EOF_ set timeout 10 set os_error_flag 1 -spawn ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" +spawn ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" expect "SSL-Session" {send "K\n"} timeout {exit 1} expect "KEYUPDATE" {send "HELLO\n"} timeout {exit 1} @@ -389,28 +387,28 @@ _EOF_ # client certificates eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --require-client-cert --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --require-client-cert --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} echo_cmd "${PREFIX}Checking TLS 1.3 with RSA client certificate..." - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" echo_cmd "${PREFIX}Checking TLS 1.3 with RSA-PSS client certificate..." - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${RSA_PSS_CLI_CERT}" -key "${RSA_PSS_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${RSA_PSS_CLI_CERT}" -key "${RSA_PSS_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 client certificate..." - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ECC_CLI_CERT}" -key "${ECC_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${ECC_CLI_CERT}" -key "${ECC_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" echo_cmd "${PREFIX}Checking TLS 1.3 with Ed25519 client certificate..." - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED25519_CLI_CERT}" -key "${ED25519_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${ED25519_CLI_CERT}" -key "${ED25519_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 client certificate..." - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED448_CLI_CERT}" -key "${ED448_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${ED448_CLI_CERT}" -key "${ED448_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -419,14 +417,14 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with post handshake auth..." eval "${GETPORT}" - launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} expect - >/dev/null <<_EOF_ set timeout 10 set os_error_flag 1 -spawn ${OPENSSL_CLI} s_client -enable_pha -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" +spawn ${OPENSSL} s_client -enable_pha -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" expect "SSL-Session" {send "**REAUTH**\n"} timeout {exit 1} expect { @@ -460,11 +458,11 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with Ed25519 certificate..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ED25519_CERT}" --x509keyfile "${ED25519_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ED25519_CERT}" --x509keyfile "${ED25519_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -473,11 +471,11 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ED448_CERT}" --x509keyfile "${ED448_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ED448_CERT}" --x509keyfile "${ED448_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -486,11 +484,11 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ECC_CERT}" --x509keyfile "${ECC_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ECC_CERT}" --x509keyfile "${ECC_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -499,11 +497,11 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with RSA-PSS certificate..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_PSS_CERT}" --x509keyfile "${RSA_PSS_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_PSS_CERT}" --x509keyfile "${RSA_PSS_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" kill ${PID} @@ -515,11 +513,11 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with ${i}..." eval "${GETPORT}" - launch_server $$ --pskpasswd "${SERV_PSK}" --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+${i}${ADD}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --pskpasswd "${SERV_PSK}" --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+${i}${ADD}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -psk_identity "${PSKID}" -psk "${PSKKEY}" </dev/null >>${OUTPUT} || \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -psk_identity "${PSKID}" -psk "${PSKKEY}" </dev/null >>${OUTPUT} || \ fail ${PID} "Failed" kill ${PID} @@ -530,14 +528,14 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with resumption..." testdir=`create_testdir tls13-openssl-resumption` eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} { echo a; sleep 1; } | \ - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess.pem" 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess.pem" 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess.pem" </dev/null 2>&1 > "${testdir}/server.out" + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess.pem" </dev/null 2>&1 > "${testdir}/server.out" grep "\:error\:" "${testdir}/server.out" && \ fail ${PID} "Failed" grep "^Reused, TLSv1.3" "${testdir}/server.out" || \ @@ -548,14 +546,14 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with resumption and HRR..." eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:-GROUP-ALL:+GROUP-SECP384R1${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:-GROUP-ALL:+GROUP-SECP384R1${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} { echo a; sleep 1; } | \ - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-hrr.pem" 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-hrr.pem" 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-hrr.pem" </dev/null 2>&1 > "${testdir}/server.out" + ${OPENSSL} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-hrr.pem" </dev/null 2>&1 > "${testdir}/server.out" grep "\:error\:" "${testdir}/server.out" && \ fail ${PID} "Failed" grep "^Reused, TLSv1.3" "${testdir}/server.out" || \ @@ -567,15 +565,15 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with resumption and early data..." testdir=`create_testdir tls13-openssl-resumption` eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" --earlydata >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" --earlydata >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} echo "This file contains early data sent by the client" > "${testdir}/earlydata.txt" { echo a; sleep 1; } | \ - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out" + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out" grep "\:error\:" "${testdir}/server.out" && \ fail ${PID} "Failed" grep "^Reused, TLSv1.3" "${testdir}/server.out" || \ @@ -587,15 +585,15 @@ _EOF_ echo_cmd "${PREFIX}Checking TLS 1.3 with resumption and early data with small limit..." testdir=`create_testdir tls13-openssl-resumption` eval "${GETPORT}" - launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" --earlydata --maxearlydata 1 >>${OUTPUT} 2>&1 + launch_server --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" --x509cafile "${CA_CERT}" --earlydata --maxearlydata 1 >>${OUTPUT} 2>&1 PID=$! wait_server ${PID} echo "This file contains early data sent by the client" > "${testdir}/earlydata.txt" { echo a; sleep 1; } | \ - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \ + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out" + ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out" grep "^Early data was rejected" "${testdir}/server.out" || \ fail ${PID} "Failed" diff --git a/tests/suite/testdane.sh b/tests/suite/testdane.sh index 6fb56d2f8c..fac0427f49 100755 --- a/tests/suite/testdane.sh +++ b/tests/suite/testdane.sh @@ -18,8 +18,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -DANETOOL="${DANETOOL:-../../src/danetool${EXEEXT}}" +: ${srcdir=.} +: ${DANETOOL=../../src/danetool${EXEEXT}} unset RETCODE if ! test -x "${DANETOOL}"; then diff --git a/tests/suite/testrandom.sh b/tests/suite/testrandom.sh index 1283e9e765..fffde850e8 100755 --- a/tests/suite/testrandom.sh +++ b/tests/suite/testrandom.sh @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} if ! test -x "${CERTTOOL}"; then exit 77 diff --git a/tests/suite/testrng.sh b/tests/suite/testrng.sh index c45c9300eb..1c8b2bd48a 100755 --- a/tests/suite/testrng.sh +++ b/tests/suite/testrng.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} if ! test -x "/usr/bin/dieharder"; then exit 77 diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh index 07ab0fa7f0..020dc454a5 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh index 054343fc28..bf8af74393 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh index 37efc16241..98371e7f36 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:-VERS-ALL:+VERS-SSL3.0" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh index f9268627a2..638594bc3b 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+AES-128-CCM:+AES-256-CCM:+AES-128-CCM-8" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh index 5405fc936c..d068d6d0e6 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nolimit-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nolimit-tls13.sh index 4b0e0fa087..e1babe89d4 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nolimit-tls13.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nolimit-tls13.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:%ALLOW_SMALL_RECORDS" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nolimit.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nolimit.sh index df1ae6bcc2..a4793a1939 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nolimit.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nolimit.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh index aeefae9a5e..80a346ca19 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh @@ -18,7 +18,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" +: ${srcdir=.} tls_fuzzer_prepare() { PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:-KX-ALL:+DHE-PSK:+ECDHE-PSK:+PSK" diff --git a/tests/system-override-curves.sh b/tests/system-override-curves.sh index 84d581bc8f..b4bcb2517a 100755 --- a/tests/system-override-curves.sh +++ b/tests/system-override-curves.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp TMPFILE2=log.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 @@ -76,7 +76,7 @@ CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem unset GNUTLS_SYSTEM_PRIORITY_FILE eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} @@ -97,7 +97,7 @@ KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/system-override-default-priority-string.sh b/tests/system-override-default-priority-string.sh index b0c963bb9c..da262c8542 100755 --- a/tests/system-override-default-priority-string.sh +++ b/tests/system-override-default-priority-string.sh @@ -19,12 +19,12 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp TMPFILE2=log.$$.tmp -STOCK_PRIORITY="${GNUTLS_SYSTEM_PRIORITY_FILE:-./system.prio}" +STOCK_PRIORITY="${GNUTLS_SYSTEM_PRIORITY_FILE-./system.prio}" export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 if ! test -x "${SERV}"; then @@ -48,7 +48,7 @@ CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem # Try whether a client connection with priority string None succeeds export GNUTLS_SYSTEM_PRIORITY_FILE="${srcdir}/system-override-default-priority-string.none.config" eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} @@ -61,7 +61,7 @@ wait # Try whether a client connection to an tls1.3 only server succeeds export GNUTLS_SYSTEM_PRIORITY_FILE="${srcdir}/system-override-default-priority-string.only-tls13.config" eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} @@ -80,7 +80,7 @@ wait export GNUTLS_SYSTEM_PRIORITY_FILE="${srcdir}/system-override-default-priority-string.bad.config" unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID eval "${GETPORT}" -launch_server $$ --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/system-override-invalid.sh b/tests/system-override-invalid.sh index 9bd1e91f93..8b8f673410 100755 --- a/tests/system-override-invalid.sh +++ b/tests/system-override-invalid.sh @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=c.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 diff --git a/tests/system-override-kx.sh b/tests/system-override-kx.sh index cd318a1650..642ff0b794 100755 --- a/tests/system-override-kx.sh +++ b/tests/system-override-kx.sh @@ -19,9 +19,9 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see <https://www.gnu.org/licenses/> -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp TMPFILE2=log.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 @@ -60,7 +60,7 @@ CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem unset GNUTLS_SYSTEM_PRIORITY_FILE eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} @@ -89,7 +89,7 @@ KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/system-override-profiles.sh b/tests/system-override-profiles.sh index 516ce57e71..1b03bdb598 100755 --- a/tests/system-override-profiles.sh +++ b/tests/system-override-profiles.sh @@ -20,9 +20,9 @@ # along with this program. If not, see <https://www.gnu.org/licenses/> # -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp TMPFILE2=log.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 @@ -47,7 +47,7 @@ CERT="${srcdir}/certs/cert-ecc256.pem" KEY="${srcdir}/certs/ecc256.pem" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} PID=$! wait_server ${PID} diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh index 54bc190dd9..a0ad3d0e4d 100755 --- a/tests/system-override-tls.sh +++ b/tests/system-override-tls.sh @@ -20,9 +20,9 @@ # along with this program. If not, see <https://www.gnu.org/licenses/> # -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 @@ -46,7 +46,7 @@ CERT="${srcdir}/certs/cert-ecc256.pem" KEY="${srcdir}/certs/ecc256.pem" eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:+SHA256" --x509keyfile ${KEY} --x509certfile ${CERT} +launch_server --echo --priority "NORMAL:+SHA256" --x509keyfile ${KEY} --x509certfile ${CERT} PID=$! wait_server ${PID} diff --git a/tests/system-override-versions.sh b/tests/system-override-versions.sh index e5191e2aeb..a9999cce0c 100755 --- a/tests/system-override-versions.sh +++ b/tests/system-override-versions.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} TMPFILE=config.$$.tmp TMPFILE2=log.$$.tmp export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 @@ -73,7 +73,7 @@ CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem unset GNUTLS_SYSTEM_PRIORITY_FILE eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} @@ -91,7 +91,7 @@ KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} diff --git a/tests/systemkey.sh b/tests/systemkey.sh index 991d798696..4e559915da 100755 --- a/tests/systemkey.sh +++ b/tests/systemkey.sh @@ -20,8 +20,8 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -SYSTEMKEY="${SYSTEMKEY:-../src/systemkey${EXEEXT}}" +: ${srcdir=.} +: ${SYSTEMKEY=../src/systemkey${EXEEXT}} unset RETCODE . "${srcdir}/scripts/common.sh" diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh index 9458af2381..ccdcfbf5ce 100755 --- a/tests/testpkcs11.sh +++ b/tests/testpkcs11.sh @@ -18,12 +18,12 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" -SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +: ${srcdir=.} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} RETCODE=0 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then @@ -900,7 +900,7 @@ use_certificate_test () { echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " # start server eval "${GETPORT}" - launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ + launch_server ${ADDITIONAL_PARAM} --echo --priority NORMAL --x509certfile="${certfile}" \ --x509keyfile="$keyfile" --x509cafile="${cafile}" \ --verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1 diff --git a/tests/tls13/prf-early.sh b/tests/tls13/prf-early.sh index 7f62aba8d8..755ae35f9e 100755 --- a/tests/tls13/prf-early.sh +++ b/tests/tls13/prf-early.sh @@ -18,8 +18,8 @@ # along with this program. If not, see <https://www.gnu.org/licenses/> # -srcdir="${srcdir:-.}" -builddir="${builddir:-.}" +: ${srcdir=.} +: ${builddir=.} . "${srcdir}/scripts/common.sh" diff --git a/tests/tpmtool_test.sh b/tests/tpmtool_test.sh index c6e4bc42ef..eba502612a 100755 --- a/tests/tpmtool_test.sh +++ b/tests/tpmtool_test.sh @@ -20,9 +20,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -TPMTOOL="${TPMTOOL:-../src/tpmtool${EXEEXT}}" +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${TPMTOOL=../src/tpmtool${EXEEXT}} if [ "$(id -u)" -ne 0 ]; then echo "Need to be root to run this test." |