From 3e83c0c4bf904bc4250a946e9aae051ed731e640 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 24 Sep 2020 10:47:30 +0200
Subject: tests: rewrite launch_server using launch_bare_server

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 tests/cert-reencoding.sh                     |  11 +--
 tests/ocsp-tests/ocsp-must-staple-connection |  47 +++++----
 tests/ocsp-tests/ocsp-tls-connection         |  17 ++--
 tests/scripts/common.sh                      |  11 +--
 tests/suite/testcompat-main-openssl          | 142 +++++++++++++--------------
 tests/suite/testcompat-tls13-openssl.sh      |  80 ++++++++-------
 6 files changed, 150 insertions(+), 158 deletions(-)

diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh
index 8b5974b61c..22396558a0 100755
--- a/tests/cert-reencoding.sh
+++ b/tests/cert-reencoding.sh
@@ -24,9 +24,8 @@
 : ${srcdir=.}
 : ${CERTTOOL=../src/certtool${EXEEXT}}
 : ${OCSPTOOL=../src/ocsptool${EXEEXT}}
-GNUTLS_SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
-unset SERV
-: ${GNUTLS_CLI=../src/gnutls-cli${EXEEXT}}
+: ${SERV=../src/gnutls-serv${EXEEXT}}
+: ${CLI=../src/gnutls-cli${EXEEXT}}
 : ${DIFF=diff}
 SERVER_CERT_FILE="cert.$$.pem.tmp"
 SERVER_KEY_FILE="key.$$.pem.tmp"
@@ -42,11 +41,11 @@ if ! test -x "${OCSPTOOL}"; then
 	exit 77
 fi
 
-if ! test -x "${GNUTLS_SERV}"; then
+if ! test -x "${SERV}"; then
 	exit 77
 fi
 
-if ! test -x "${GNUTLS_CLI}"; then
+if ! test -x "${CLI}"; then
 	exit 77
 fi
 
@@ -252,7 +251,7 @@ SERVER_PID="${!}"
 wait_server "${SERVER_PID}"
 
 datefudge -s "${TESTDATE}" \
-      "${GNUTLS_CLI}" --x509certfile ${CLIENT_CERT_FILE} \
+      "${CLI}" --x509certfile ${CLIENT_CERT_FILE} \
       --x509keyfile ${CLIENT_KEY_FILE} --x509cafile=${CA_FILE} \
       --port="${PORT}" localhost </dev/null
 rc=$?
diff --git a/tests/ocsp-tests/ocsp-must-staple-connection b/tests/ocsp-tests/ocsp-must-staple-connection
index da8bc6a6a1..284864ff39 100755
--- a/tests/ocsp-tests/ocsp-must-staple-connection
+++ b/tests/ocsp-tests/ocsp-must-staple-connection
@@ -21,9 +21,8 @@
 : ${srcdir=.}
 : ${CERTTOOL=../src/certtool${EXEEXT}}
 : ${OCSPTOOL=../src/ocsptool${EXEEXT}}
-GNUTLS_SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
-unset SERV
-: ${GNUTLS_CLI=../src/gnutls-cli${EXEEXT}}
+: ${SERV=../src/gnutls-serv${EXEEXT}}
+: ${CLI=../src/gnutls-cli${EXEEXT}}
 : ${DIFF=diff}
 TEMPLATE_FILE="ms-out.$$.tmpl.tmp"
 SERVER_CERT_FILE="ms-cert.$$.pem.tmp"
@@ -41,11 +40,11 @@ if ! test -x "${OCSPTOOL}"; then
 	exit 77
 fi
 
-if ! test -x "${GNUTLS_SERV}"; then
+if ! test -x "${SERV}"; then
 	exit 77
 fi
 
-if ! test -x "${GNUTLS_CLI}"; then
+if ! test -x "${CLI}"; then
 	exit 77
 fi
 
@@ -173,7 +172,7 @@ echo "=== Test 1: Server with valid certificate - no staple ==="
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}"
@@ -184,7 +183,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -205,7 +204,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -217,7 +216,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -240,7 +239,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -252,7 +251,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -276,7 +275,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -288,7 +287,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -319,7 +318,7 @@ PORT=${TLS_SERVER_PORT}
 
 TIMEOUT=$(which timeout)
 if test -n "$TIMEOUT";then
-${TIMEOUT} 30 "${GNUTLS_SERV}" --echo --disable-client-cert \
+${TIMEOUT} 30 "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -334,7 +333,7 @@ echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring err
 
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -347,7 +346,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -378,7 +377,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -390,7 +389,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -411,7 +410,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -423,7 +422,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -444,7 +443,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_NO_EXT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -456,7 +455,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -477,7 +476,7 @@ TLS_SERVER_PORT=$PORT
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}" \
@@ -489,7 +488,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
diff --git a/tests/ocsp-tests/ocsp-tls-connection b/tests/ocsp-tests/ocsp-tls-connection
index 1a0ec35b9d..5431a3e670 100755
--- a/tests/ocsp-tests/ocsp-tls-connection
+++ b/tests/ocsp-tests/ocsp-tls-connection
@@ -24,9 +24,8 @@
 : ${srcdir=.}
 : ${CERTTOOL=../src/certtool${EXEEXT}}
 : ${OCSPTOOL=../src/ocsptool${EXEEXT}}
-GNUTLS_SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
-unset SERV
-: ${GNUTLS_CLI=../src/gnutls-cli${EXEEXT}}
+: ${SERV=../src/gnutls-serv${EXEEXT}}
+: ${CLI=../src/gnutls-cli${EXEEXT}}
 : ${DIFF=diff}
 TEMPLATE_FILE="out.$$.tmpl.tmp"
 SERVER_CERT_FILE="cert.$$.pem.tmp"
@@ -39,11 +38,11 @@ if ! test -x "${OCSPTOOL}"; then
 	exit 77
 fi
 
-if ! test -x "${GNUTLS_SERV}"; then
+if ! test -x "${SERV}"; then
 	exit 77
 fi
 
-if ! test -x "${GNUTLS_CLI}"; then
+if ! test -x "${CLI}"; then
 	exit 77
 fi
 
@@ -152,7 +151,7 @@ echo "=== Test 1: Server with valid certificate ==="
 PORT=${TLS_SERVER_PORT}
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}"
@@ -163,7 +162,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
@@ -197,7 +196,7 @@ TLS_SERVER_PORT=$PORT
 
 launch_bare_server \
 	  datefudge "${TESTDATE}" \
-	  "${GNUTLS_SERV}" --echo --disable-client-cert \
+	  "${SERV}" --echo --disable-client-cert \
 	  --x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \
 	  --x509certfile="${SERVER_CERT_FILE}" \
 	  --port="${TLS_SERVER_PORT}"
@@ -207,7 +206,7 @@ wait_for_port "${TLS_SERVER_PORT}"
 
 echo "test 123456" | \
     datefudge -s "${TESTDATE}" \
-	      "${GNUTLS_CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+	      "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
 	      --port="${TLS_SERVER_PORT}" localhost
 rc=$?
 
diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
index 40bff32323..275988ebd9 100644
--- a/tests/scripts/common.sh
+++ b/tests/scripts/common.sh
@@ -160,14 +160,13 @@ wait_for_free_port()
 	return $ret
 }
 
-launch_server() {
-	wait_for_free_port ${PORT}
-	${SERV} ${DEBUG} -p "${PORT}" "$@" >${LOGFILE-/dev/null} &
+launch_bare_server() {
+	wait_for_free_port "$PORT"
+	"$@" >${LOGFILE-/dev/null} &
 }
 
-launch_bare_server() {
-	wait_for_free_port ${PORT}
-	${SERV} "$@" >${LOGFILE-/dev/null} &
+launch_server() {
+	launch_bare_server $VALGRIND $SERV $DEBUG -p "$PORT" "$@"
 }
 
 wait_server() {
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index 41a6965fa5..4c06df5bc7 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -31,7 +31,7 @@
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 : ${srcdir=.}
-GNUTLS_SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}"
+: ${SERV=../../src/gnutls-serv${EXEEXT}}
 : ${CLI=../../src/gnutls-cli${EXEEXT}}
 unset RETCODE
 
@@ -51,38 +51,36 @@ fi
 
 : ${PORT=${RPORT}}
 
-SERV=openssl
-OPENSSL_CLI="$SERV"
+: ${OPENSSL=openssl}
 SIGALGS=RSA+SHA1:RSA+SHA256
 
-echo "Compatibility checks using "`${SERV} version`
-${SERV} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
-SV=$?
-if test ${SV} != 0; then
+echo "Compatibility checks using "`${OPENSSL} version`
+${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
+if test $? != 0; then
 	echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
 	exit 77
 fi
 
 . "${srcdir}/testcompat-common"
 
-${SERV} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
+${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
 HAVE_X25519=$?
 
 test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
 
-${SERV} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
+${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
 NO_TLS1_2=$?
 
 test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
 
-${SERV} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
+${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
 if test $? = 0;then
 	NO_DH_PARAMS=0
 else
 	NO_DH_PARAMS=1
 fi
 
-${SERV} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
+${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
 NO_DSS=$?
 
 if test $NO_DSS != 0;then
@@ -92,27 +90,27 @@ else
 	SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256"
 fi
 
-${SERV} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
+${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
 NO_CAMELLIA=$?
 
 test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
 
-${SERV} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
+${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
 NO_RC4=$?
 
 test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
 
-${SERV} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
+${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
 NO_3DES=$?
 
 test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
 
-${SERV} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
+${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
 NO_NULL=$?
 
 test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
 
-${SERV} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
+${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
 NO_PRIME192v1=$?
 
 test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam"
@@ -123,16 +121,16 @@ else
 	OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
 fi
 
-${SERV} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
+${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
 HAVE_NOT_SSL3=$?
 
 if test $HAVE_NOT_SSL3 = 0;then
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
+	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
 		HAVE_NOT_SSL3=1
 	kill ${PID}
 	wait
@@ -156,7 +154,7 @@ run_client_suite() {
 		# It seems debian disabled SSL 3.0 completely on openssl
 
 		eval "${GETPORT}"
-		launch_bare_server s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 		PID=$!
 		wait_server ${PID}
 
@@ -182,7 +180,7 @@ run_client_suite() {
 
 		if test "${NO_RC4}" != 1; then
 			eval "${GETPORT}"
-			launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 >/dev/null
+			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 >/dev/null
 			PID=$!
 			wait_server ${PID}
 
@@ -198,7 +196,7 @@ run_client_suite() {
 	if test "${NO_NULL}" = 0; then
 		#-cipher RSA-NULL
 		eval "${GETPORT}"
-		launch_bare_server s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 		PID=$!
 		wait_server ${PID}
 
@@ -213,7 +211,7 @@ run_client_suite() {
 
 	#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 	PID=$!
 	wait_server ${PID}
 
@@ -264,7 +262,7 @@ run_client_suite() {
 
 	if test "${FIPS_CURVES}" != 1 && test "${NO_PRIME192v1}" != 1; then
 		eval "${GETPORT}"
-		launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null
 		PID=$!
 		wait_server ${PID}
 
@@ -278,7 +276,7 @@ run_client_suite() {
 
 		#-cipher ECDHE-ECDSA-AES128-SHA
 		eval "${GETPORT}"
-		launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
 		PID=$!
 		wait_server ${PID}
 
@@ -293,7 +291,7 @@ run_client_suite() {
 
 	#-cipher ECDHE-ECDSA-AES128-SHA
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
 	PID=$!
 	wait_server ${PID}
 
@@ -307,7 +305,7 @@ run_client_suite() {
 
 	#-cipher ECDHE-ECDSA-AES128-SHA
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
 	PID=$!
 	wait_server ${PID}
 
@@ -321,7 +319,7 @@ run_client_suite() {
 
 	#-cipher PSK
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
 	PID=$!
 	wait_server ${PID}
 
@@ -336,7 +334,7 @@ run_client_suite() {
 		# Tests requiring openssl 1.0.1 - TLS 1.2
 		#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
 		eval "${GETPORT}"
-		launch_bare_server s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 		PID=$!
 		wait_server ${PID}
 
@@ -367,7 +365,7 @@ run_client_suite() {
 
 		if test "${HAVE_X25519}" = 0; then
 			eval "${GETPORT}"
-			launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null
+			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null
 			PID=$!
 			wait_server ${PID}
 
@@ -382,7 +380,7 @@ run_client_suite() {
 		if test "${FIPS_CURVES}" != 1; then
 			#-cipher ECDHE-ECDSA-AES128-SHA
 			eval "${GETPORT}"
-			launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
 			PID=$!
 			wait_server ${PID}
 
@@ -396,7 +394,7 @@ run_client_suite() {
 
 		#-cipher ECDHE-ECDSA-AES128-SHA
 		eval "${GETPORT}"
-		launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
 		PID=$!
 		wait_server ${PID}
 
@@ -410,7 +408,7 @@ run_client_suite() {
 		if test "${FIPS_CURVES}" != 1; then
 			#-cipher ECDHE-ECDSA-AES128-SHA
 			eval "${GETPORT}"
-			launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
 			PID=$!
 			wait_server ${PID}
 
@@ -425,7 +423,7 @@ run_client_suite() {
 
 	#-cipher PSK
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
 	PID=$!
 	wait_server ${PID}
 
@@ -437,7 +435,7 @@ run_client_suite() {
 	wait
 
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 	PID=$!
 	wait_udp_server ${PID}
 
@@ -450,7 +448,7 @@ run_client_suite() {
 	wait
 
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 	PID=$!
 	wait_udp_server ${PID}
 
@@ -464,7 +462,7 @@ run_client_suite() {
 
 	if test "${NO_DSS}" = 0; then
 		eval "${GETPORT}"
-		launch_bare_server s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+		launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 		PID=$!
 		wait_udp_server ${PID}
 
@@ -478,7 +476,7 @@ run_client_suite() {
 	fi
 
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 	PID=$!
 	wait_udp_server ${PID}
 
@@ -490,7 +488,7 @@ run_client_suite() {
 	wait
 
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 	PID=$!
 	wait_udp_server ${PID}
 
@@ -503,7 +501,7 @@ run_client_suite() {
 	wait
 
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
 	PID=$!
 	wait_udp_server ${PID}
 
@@ -531,7 +529,7 @@ echo "${PREFIX}"
 echo "${PREFIX}###############################################"
 echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
 echo "${PREFIX}###############################################"
-SERV="${GNUTLS_SERV} -q"
+SERV="${SERV} -q"
 
 # Note that openssl s_client does not return error code on failure
 
@@ -550,12 +548,12 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		if test "${NO_RC4}" != 1; then
 			echo "${PREFIX}Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
-			${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
+			${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
 				fail ${PID} "Failed"
 		fi
 
@@ -568,7 +566,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -581,7 +579,7 @@ run_server_suite() {
 			PID=$!
 			wait_server ${PID}
 
-			${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 				fail ${PID} "Failed"
 
 			kill ${PID}
@@ -597,7 +595,7 @@ run_server_suite() {
 	#PID=$!
 	#wait_server ${PID}
 	#
-	#${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	#${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 	#	fail ${PID} "Failed"
 	#
 	#kill ${PID}
@@ -610,7 +608,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -623,7 +621,7 @@ run_server_suite() {
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -636,7 +634,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -650,7 +648,7 @@ run_server_suite() {
 	wait_server ${PID}
 
 	#-cipher ECDHE-RSA-AES128-SHA
-	${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -664,7 +662,7 @@ run_server_suite() {
 		wait_server ${PID}
 
 		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -678,7 +676,7 @@ run_server_suite() {
 	wait_server ${PID}
 
 	#-cipher ECDHE-ECDSA-AES128-SHA
-	${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -691,7 +689,7 @@ run_server_suite() {
 	wait_server ${PID}
 
 	#-cipher ECDHE-ECDSA-AES128-SHA
-	${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -705,7 +703,7 @@ run_server_suite() {
 		wait_server ${PID}
 
 		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL_CLI} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -719,7 +717,7 @@ run_server_suite() {
 	wait_server ${PID}
 
 	#-cipher PSK-AES128-SHA
-	${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+	${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -733,7 +731,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -745,7 +743,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -758,7 +756,7 @@ run_server_suite() {
 			PID=$!
 			wait_server ${PID}
 
-			${OPENSSL_CLI} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			${OPENSSL} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 				fail ${PID} "Failed"
 
 			kill ${PID}
@@ -772,7 +770,7 @@ run_server_suite() {
 		wait_server ${PID}
 
 		#-cipher ECDHE-RSA-AES128-SHA
-		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -785,7 +783,7 @@ run_server_suite() {
 			PID=$!
 			wait_server ${PID}
 
-			${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 				fail ${PID} "Failed"
 
 			kill ${PID}
@@ -800,7 +798,7 @@ run_server_suite() {
 			wait_server ${PID}
 
 			#-cipher ECDHE-ECDSA-AES128-SHA
-			${OPENSSL_CLI} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			${OPENSSL} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 				fail ${PID} "Failed"
 
 			kill ${PID}
@@ -814,7 +812,7 @@ run_server_suite() {
 		wait_server ${PID}
 
 		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -827,7 +825,7 @@ run_server_suite() {
 		wait_server ${PID}
 
 		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -841,7 +839,7 @@ run_server_suite() {
 			wait_server ${PID}
 
 			#-cipher ECDHE-ECDSA-AES128-SHA
-			${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 				fail ${PID} "Failed"
 
 			kill ${PID}
@@ -855,7 +853,7 @@ run_server_suite() {
 		wait_server ${PID}
 
 		#-cipher PSK-AES128-SHA
-		${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+		${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -870,7 +868,7 @@ run_server_suite() {
 	PID=$!
 	wait_udp_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -884,7 +882,7 @@ run_server_suite() {
 	wait_udp_server ${PID}
 
 
-	${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -898,7 +896,7 @@ run_server_suite() {
 		wait_udp_server ${PID}
 
 
-		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -911,7 +909,7 @@ run_server_suite() {
 	PID=$!
 	wait_udp_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -923,7 +921,7 @@ run_server_suite() {
 	PID=$!
 	wait_udp_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -937,7 +935,7 @@ run_server_suite() {
 	wait_udp_server ${PID}
 
 
-	${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -950,7 +948,7 @@ run_server_suite() {
 	wait_udp_server ${PID}
 
 
-	${OPENSSL_CLI} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
diff --git a/tests/suite/testcompat-tls13-openssl.sh b/tests/suite/testcompat-tls13-openssl.sh
index fc3d8e0d41..7abbb5d7bc 100755
--- a/tests/suite/testcompat-tls13-openssl.sh
+++ b/tests/suite/testcompat-tls13-openssl.sh
@@ -30,9 +30,8 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-: ${abs_top_srcdir=$(pwd)/../../}
 : ${srcdir=.}
-GNUTLS_SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}"
+: ${SERV=../../src/gnutls-serv${EXEEXT}}
 : ${CLI=../../src/gnutls-cli${EXEEXT}}
 unset RETCODE
 
@@ -56,8 +55,7 @@ skip_if_no_datefudge
 
 : ${PORT=${RPORT}}
 
-SERV=openssl
-OPENSSL_CLI="$SERV"
+: ${OPENSSL=openssl}
 
 if test -z "$OUTPUT";then
 OUTPUT=/dev/null
@@ -69,7 +67,7 @@ echo_cmd() {
 	tee -a ${OUTPUT} <<<$(echo $1)
 }
 
-echo_cmd "Compatibility checks using "`${SERV} version`
+echo_cmd "Compatibility checks using "`${OPENSSL} version`
 
 echo_cmd "#################################################"
 echo_cmd "# Client mode tests (gnutls cli-openssl server) #"
@@ -86,7 +84,7 @@ run_client_suite() {
 
 
 	eval "${GETPORT}"
-	launch_bare_server s_server -ciphersuites ${OCIPHERSUITES} -groups 'X25519:P-256:X448:P-521:P-384' -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -ciphersuites ${OCIPHERSUITES} -groups 'X25519:P-256:X448:P-521:P-384' -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -119,7 +117,7 @@ run_client_suite() {
 	#test PSK ciphersuites
 	# disabled as I do not seem to be able to connect to openssl s_server with PSK
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -psk_identity ${PSKID} -psk ${PSKKEY} -nocert
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -psk_identity ${PSKID} -psk ${PSKKEY} -nocert
 	PID=$!
 	wait_server ${PID}
 
@@ -141,7 +139,7 @@ run_client_suite() {
 
 	#test client certificates
 	eval "${GETPORT}"
-	launch_bare_server s_server -cipher "ALL" -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >>${OUTPUT} 2>&1
+	launch_bare_server "$OPENSSL" s_server -cipher "ALL" -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >>${OUTPUT} 2>&1
 	PID=$!
 	wait_server ${PID}
 
@@ -168,7 +166,7 @@ run_client_suite() {
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with Ed25519 certificate..."
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED25519_KEY}" -cert "${ED25519_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED25519_KEY}" -cert "${ED25519_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -180,7 +178,7 @@ run_client_suite() {
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..."
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED448_KEY}" -cert "${ED448_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED448_KEY}" -cert "${ED448_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -192,7 +190,7 @@ run_client_suite() {
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..."
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ECC_KEY}" -cert "${ECC_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ECC_KEY}" -cert "${ECC_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -204,7 +202,7 @@ run_client_suite() {
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with RSA-PSS certificate..."
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_PSS_KEY}" -cert "${RSA_PSS_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_PSS_KEY}" -cert "${RSA_PSS_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -218,7 +216,7 @@ run_client_suite() {
 	echo_cmd "${PREFIX}Checking TLS 1.3 with resumption..."
 	testdir=`create_testdir tls13-openssl-resumption`
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -232,7 +230,7 @@ run_client_suite() {
 	# Try resumption with HRR
 	echo_cmd "${PREFIX}Checking TLS 1.3 with resumption and HRR..."
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -www -accept "${PORT}" -groups 'X25519:P-256' -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -groups 'X25519:P-256' -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
 	PID=$!
 	wait_server ${PID}
 
@@ -247,7 +245,7 @@ run_client_suite() {
 	echo_cmd "${PREFIX}Checking TLS 1.3 with resumption with early data..."
 	testdir=`create_testdir tls13-openssl-resumption`
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data
+	launch_bare_server "$OPENSSL" s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data
 	PID=$!
 	wait_server ${PID}
 
@@ -263,7 +261,7 @@ run_client_suite() {
 	echo_cmd "${PREFIX}Checking TLS 1.3 with resumption with early data..."
 	testdir=`create_testdir tls13-openssl-resumption`
 	eval "${GETPORT}"
-	launch_bare_server s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data -max_early_data 1
+	launch_bare_server "$OPENSSL" s_server -quiet -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -early_data -max_early_data 1
 	PID=$!
 	wait_server ${PID}
 
@@ -282,7 +280,7 @@ run_client_suite() {
 	testdir=`create_testdir tls13-openssl-keymatexport`
 	eval "${GETPORT}"
 	LOGFILE="${testdir}/server.out"
-	launch_bare_server s_server -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -keymatexport label -keymatexportlen 20
+	launch_bare_server "$OPENSSL" s_server -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -keymatexport label -keymatexportlen 20
 	unset LOGFILE
 	PID=$!
 	wait_server ${PID}
@@ -310,7 +308,7 @@ echo_cmd "${PREFIX}"
 echo_cmd "${PREFIX}###############################################"
 echo_cmd "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
 echo_cmd "${PREFIX}###############################################"
-SERV="${GNUTLS_SERV} -q"
+SERV="${SERV} -q"
 
 # Note that openssl s_client does not return error code on failure
 
@@ -330,7 +328,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -ciphersuites ${OCIPHERSUITES} -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -ciphersuites ${OCIPHERSUITES} -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -346,7 +344,7 @@ run_server_suite() {
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -359,14 +357,14 @@ run_server_suite() {
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -groups 'X25519:P-256:X448:P-521:P-384' -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -groups 'X25519:P-256:X448:P-521:P-384' -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with rekey..."
 	expect - >/dev/null <<_EOF_
 set timeout 10
 set os_error_flag 1
-spawn ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}"
+spawn ${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}"
 
 expect "SSL-Session" {send "K\n"} timeout {exit 1}
 expect "KEYUPDATE" {send "HELLO\n"} timeout {exit 1}
@@ -394,23 +392,23 @@ _EOF_
 	wait_server ${PID}
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with RSA client certificate..."
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with RSA-PSS client certificate..."
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${RSA_PSS_CLI_CERT}" -key "${RSA_PSS_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${RSA_PSS_CLI_CERT}" -key "${RSA_PSS_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 client certificate..."
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ECC_CLI_CERT}" -key "${ECC_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${ECC_CLI_CERT}" -key "${ECC_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with Ed25519 client certificate..."
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED25519_CLI_CERT}" -key "${ED25519_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${ED25519_CLI_CERT}" -key "${ED25519_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 client certificate..."
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED448_CLI_CERT}" -key "${ED448_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${ED448_CLI_CERT}" -key "${ED448_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -426,7 +424,7 @@ _EOF_
 	expect - >/dev/null <<_EOF_
 set timeout 10
 set os_error_flag 1
-spawn ${OPENSSL_CLI} s_client -enable_pha -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}"
+spawn ${OPENSSL} s_client -enable_pha -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}"
 
 expect "SSL-Session" {send "**REAUTH**\n"} timeout {exit 1}
 expect {
@@ -464,7 +462,7 @@ _EOF_
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -477,7 +475,7 @@ _EOF_
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -490,7 +488,7 @@ _EOF_
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -503,7 +501,7 @@ _EOF_
 	PID=$!
 	wait_server ${PID}
 
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
 
 	kill ${PID}
@@ -519,7 +517,7 @@ _EOF_
 		PID=$!
 		wait_server ${PID}
 
-		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -psk_identity "${PSKID}" -psk "${PSKKEY}" </dev/null >>${OUTPUT} || \
+		${OPENSSL} s_client -host localhost -port "${PORT}" -psk_identity "${PSKID}" -psk "${PSKKEY}" </dev/null >>${OUTPUT} || \
 			fail ${PID} "Failed"
 
 		kill ${PID}
@@ -535,9 +533,9 @@ _EOF_
 	wait_server ${PID}
 
 	{ echo a; sleep 1; } | \
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess.pem" 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess.pem" 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess.pem" </dev/null 2>&1 > "${testdir}/server.out"
+	${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess.pem" </dev/null 2>&1 > "${testdir}/server.out"
 	grep "\:error\:" "${testdir}/server.out" && \
 		fail ${PID} "Failed"
 	grep "^Reused, TLSv1.3" "${testdir}/server.out" || \
@@ -553,9 +551,9 @@ _EOF_
 	wait_server ${PID}
 
 	{ echo a; sleep 1; } | \
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-hrr.pem" 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-hrr.pem" 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-hrr.pem" </dev/null 2>&1 > "${testdir}/server.out"
+	${OPENSSL} s_client -host localhost -port "${PORT}" -curves 'X25519:P-256:X448:P-521:P-384' -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-hrr.pem" </dev/null 2>&1 > "${testdir}/server.out"
 	grep "\:error\:" "${testdir}/server.out" && \
 		fail ${PID} "Failed"
 	grep "^Reused, TLSv1.3" "${testdir}/server.out" || \
@@ -573,9 +571,9 @@ _EOF_
 
 	echo "This file contains early data sent by the client" > "${testdir}/earlydata.txt"
 	{ echo a; sleep 1; } | \
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out"
+	${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out"
 	grep "\:error\:" "${testdir}/server.out" && \
 		fail ${PID} "Failed"
 	grep "^Reused, TLSv1.3" "${testdir}/server.out" || \
@@ -593,9 +591,9 @@ _EOF_
 
 	echo "This file contains early data sent by the client" > "${testdir}/earlydata.txt"
 	{ echo a; sleep 1; } | \
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \
+	${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_out "${testdir}/sess-earlydata.pem" 2>&1 | grep "\:error\:" && \
 		fail ${PID} "Failed"
-	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out"
+	${OPENSSL} s_client -host localhost -port "${PORT}" -CAfile "${CA_CERT}" -sess_in "${testdir}/sess-earlydata.pem" -early_data "${testdir}/earlydata.txt" </dev/null 2>&1 > "${testdir}/server.out"
 	grep "^Early data was rejected" "${testdir}/server.out" || \
 		fail ${PID} "Failed"
 
-- 
cgit v1.2.1