Refactor the cert renewal scripts with error handling

Portability updates

certs/crl/gencrls.sh

@@ -1,25 +1,41 @@
 #!/bin/bash
 
 # gencrls, crl config already done, see taoCerts.txt for setup
+check_result(){
+    if [ $1 -ne 0 ]; then
+        echo "Step failed, Abort"
+        exit 1
+    else
+        echo "Step Succeeded!"
+    fi
+}
 
-function setup_files() {
+setup_files() {
     #set up the file system for updating the crls
     echo "setting up the file system for generating the crls..."
     echo ""
-    touch ./index.txt
+    mkdir demoCA || exit 1
-    touch ./crlnumber
+    touch ./demoCA/index.txt || exit 1
-    echo "01" >> crlnumber
+    touch ./index.txt || exit 1
-    touch ./blank.index.txt
+    touch ../ecc/index.txt || exit 1
-    mkdir demoCA
+    touch ./crlnumber || exit 1
-    touch ./demoCA/index.txt
+    touch ../ecc/crlnumber || exit 1
+    echo "01" >> crlnumber || exit 1
+    echo "01" >> ../ecc/crlnumber || exit 1
+    touch ./blank.index.txt || exit 1
+    touch ./demoCA/index.txt.attr || exit 1
+    touch ../ecc/index.txt.attr || exit 1
 }
 
-function cleanup_files() {
+cleanup_files() {
-    rm blank.index.txt
+    rm blank.index.txt || exit 1
-    rm index.*
+    rm index.* || exit 1
-    rm crlnumber*
+    rm crlnumber* || exit 1
-    rm -r demoCA
+    rm ../ecc/crlnumber* || exit 1
+    rm ../ecc/index.* || exit 1
+    rm -r demoCA || exit 1
     echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
+    echo "        ../ecc/index.txt"
     echo ""
     exit 0
 }
@@ -30,31 +46,49 @@ setup_files
 
 # caCrl
 # revoke server-revoked-cert.pem
+echo "Step 1"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem
+check_result $?
 
+echo "Step 2"
 openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
 
+echo "Step 3"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
 
 # metadata
+echo "Step 4"
 openssl crl -in crl.pem -text > tmp
+check_result $?
 mv tmp crl.pem
 # install (only needed if working outside wolfssl)
 #cp crl.pem ~/wolfssl/certs/crl/crl.pem
 
 # crl2 create
+echo "Step 5"
 openssl crl -in crl.pem -text > tmp
+check_result $?
+echo "Step 6"
 openssl crl -in crl2.pem -text >> tmp
+check_result $?
 mv tmp crl2.pem
 
 # caCrl server revoked
+echo "Step 7"
 openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
 
 # caCrl server revoked generation
+echo "Step 8"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
 
 # metadata
+echo "Step 9"
 openssl crl -in crl.revoked -text > tmp
+check_result $?
 mv tmp crl.revoked
 # install (only needed if working outside wolfssl)
 #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
@@ -64,58 +98,90 @@ mv tmp crl.revoked
 cp blank.index.txt demoCA/index.txt
 
 # caEccCrl
+echo "Step 10"
 openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
+check_result $?
 
+echo "Step 11"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
+check_result $?
 
 # metadata
+echo "Step 12"
 openssl crl -in caEccCrl.pem -text > tmp
+check_result $?
 mv tmp caEccCrl.pem
 # install (only needed if working outside wolfssl)
 #cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
 
 # caEcc384Crl
+echo "Step 13"
 openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
+if [ $? -ne 0 ]; then
+    echo "Already revoked CRL number 02, skipping"
+else
+    echo "Revoked CRL 02"
+fi
 
+echo "Step 14"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
+check_result $?
 
 # metadata
+echo "Step 15"
 openssl crl -in caEcc384Crl.pem -text > tmp
+check_result $?
 mv tmp caEcc384Crl.pem
 # install (only needed if working outside wolfssl)
 #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
 
 # cliCrl
+echo "Step 16"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
+check_result $?
 
 # metadata
+echo "Step 17"
 openssl crl -in cliCrl.pem -text > tmp
+check_result $?
 mv tmp cliCrl.pem
 # install (only needed if working outside wolfssl)
 #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
 
 # eccCliCRL
+echo "Step 18"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
+check_result $?
 
 # metadata
+echo "Step 19"
 openssl crl -in eccCliCRL.pem -text > tmp
+check_result $?
 mv tmp eccCliCRL.pem
 # install (only needed if working outside wolfssl)
 #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
 
 # eccSrvCRL
+echo "Step 20"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
+check_result $?
 
 # metadata
+echo "Step 21"
 openssl crl -in eccSrvCRL.pem -text > tmp
+check_result $?
 mv tmp eccSrvCRL.pem
 # install (only needed if working outside wolfssl)
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
 # caEccCrl
+echo "Step 22"
 openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
+check_result $?
 
 # ca-ecc384-cert
+echo "Step 23"
 openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
+check_result $?
 
 exit 0

certs/ecc/wolfssl.cnf

@@ -3,20 +3,21 @@
 default_ca = CA_default
 
 [ CA_default ]
-# Directory and file locations.
+# Directory and file locations relevant to where the script is executing
 dir               = .
-certs             = $dir/certs
+certs             = $dir/../
-new_certs_dir     = $dir/certs
+new_certs_dir     = $dir/../
-database          = $dir/certs/ecc/index.txt
+database          = $dir/../ecc/index.txt
-serial            = $dir/certs/ecc/serial
+serial            = $dir/../ecc/serial
+# This should come from the system disregard local pathing
 RANDFILE          = $dir/private/.rand
 
 # The root key and root certificate.
-private_key       = $dir/certs/ca-ecc-key.pem
+private_key       = $dir/../ca-ecc-key.pem
-certificate       = $dir/certs/ca-ecc-cert.pem
+certificate       = $dir/../ca-ecc-cert.pem
 
 # For certificate revocation lists.
-crlnumber         = $dir/certs/ecc/crlnumber
+crlnumber         = $dir/../ecc/crlnumber
 crl_extensions    = crl_ext
 default_crl_days  = 1000
 

certs/ocsp/renewcerts.sh

@@ -1,11 +1,28 @@
 #!/bin/sh
 
+check_result(){
+    if [ $1 -ne 0 ]; then
+        if [ -n "$2" ]; then
+            echo "Step Failed, Abort"
+        else
+            echo "$2 Failed, Abort"
+        fi
+        exit 1
+    else
+        echo "Step Succeeded"
+    fi
+}
+
+echo "OCSP renew certs Step 1"
 openssl req                \
     -new                   \
     -key  root-ca-key.pem  \
     -out  root-ca-cert.csr \
+    -config ../renewcerts/wolfssl.cnf \
     -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com"
+check_result $? ""
 
+echo "OCSP renew certs Step 2"
 openssl x509                  \
     -req -in root-ca-cert.csr \
     -extfile openssl.cnf      \
@@ -14,33 +31,41 @@ openssl x509                  \
     -signkey root-ca-key.pem  \
     -set_serial 99            \
     -out root-ca-cert.pem
+check_result $? ""
 
 rm root-ca-cert.csr
+echo "OCSP renew certs Step 3"
 openssl x509 -in root-ca-cert.pem -text > tmp.pem
+check_result $? ""
 mv tmp.pem root-ca-cert.pem
 
 # $1 cert, $2 name, $3 ca, $4 extensions, $5 serial
-function update_cert() {
+update_cert() {
-    openssl req           \
+    echo "Updating certificate \"$1-cert.pem\""
-        -new              \
+    openssl req             \
-        -key  $1-key.pem  \
+        -new                \
-        -out  $1-cert.csr \
+        -key  "$1"-key.pem  \
+        -out  "$1"-cert.csr \
+        -config ../renewcerts/wolfssl.cnf \
         -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=$2/emailAddress=info@wolfssl.com"
+    check_result $? "Step 1"
 
-    openssl x509             \
+    openssl x509               \
-        -req -in $1-cert.csr \
+        -req -in "$1"-cert.csr \
-        -extfile openssl.cnf \
+        -extfile openssl.cnf   \
-        -extensions $4       \
+        -extensions "$4"       \
-        -days 1000           \
+        -days 1000             \
-        -CA $3-cert.pem      \
+        -CA "$3"-cert.pem      \
-        -CAkey $3-key.pem    \
+        -CAkey "$3"-key.pem    \
-        -set_serial $5       \
+        -set_serial "$5"       \
-        -out $1-cert.pem
+        -out "$1"-cert.pem
+    check_result $? "Step 2"
 
-    rm $1-cert.csr
+    rm "$1"-cert.csr
-    openssl x509 -in $1-cert.pem -text > $1_tmp.pem
+    openssl x509 -in "$1"-cert.pem -text > "$1"_tmp.pem
-    mv $1_tmp.pem $1-cert.pem
+    check_result $? "Step 3"
-    cat $3-cert.pem >> $1-cert.pem
+    mv "$1"_tmp.pem "$1"-cert.pem
+    cat "$3"-cert.pem >> "$1"-cert.pem
 }
 
 update_cert intermediate1-ca "wolfSSL intermediate CA 1"       root-ca          v3_ca   01

certs/renewcerts.sh

@@ -37,12 +37,33 @@
 ######################## FUNCTIONS SECTION ####################################
 ###############################################################################
 
+#function for restoring a previous configure state
+restore_config(){
+    mv tmp.status config.status
+    mv tmp.options.h wolfssl/options.h
+    make clean
+    make -j 8
+}
+
+check_result(){
+    if [ $1 -ne 0 ]; then
+        echo "Failed at \"$2\", Abort"
+        if [ "$2" = "configure for ntru" ] || \
+           [ "$2" = "make check with ntru" ]; then
+            restore_config
+        fi
+        exit 1
+    else
+        echo "Step Succeeded!"
+    fi
+}
+
 #the function that will be called when we are ready to renew the certs.
-function run_renewcerts(){
+run_renewcerts(){
-    cd certs/
+    cd certs/ || { echo "Couldn't cd to certs directory"; exit 1; }
     echo ""
     #move the custom cnf into our working directory
-    cp renewcerts/wolfssl.cnf wolfssl.cnf
+    cp renewcerts/wolfssl.cnf wolfssl.cnf || exit 1
 
     # To generate these all in sha1 add the flag "-sha1" on appropriate lines
     # That is all lines beginning with:  "openssl req"
@@ -53,339 +74,439 @@ function run_renewcerts(){
     echo "Updating 2048-bit client-uri-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nURI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nURI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -config ./wolfssl.cnf -nodes -out client-cert.csr
-
+    check_result $? "Step 1"
 
     openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions uri -signkey client-key.pem -out client-uri-cert.pem
+    check_result $? "Step 2"
     rm client-cert.csr
 
     openssl x509 -in client-uri-cert.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem client-uri-cert.pem
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     #### update the self-signed (2048-bit) client-relative-uri.pem
     ############################################################
     echo "Updating 2048-bit client-relative-uri.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nRELATIVE_URI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nRELATIVE_URI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -config ./wolfssl.cnf -nodes -out client-cert.csr
+    check_result $? "Step 1"
 
 
     openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions relative_uri -signkey client-key.pem -out client-relative-uri.pem
+    check_result $? "Step 2"
     rm client-cert.csr
 
     openssl x509 -in client-relative-uri.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem client-relative-uri.pem
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     #### update the self-signed (2048-bit) client-cert.pem #####
     ############################################################
     echo "Updating 2048-bit client-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nProgramming-2048\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nProgramming-2048\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -config ./wolfssl.cnf -nodes -out client-cert.csr
+    check_result $? "Step 1"
 
 
     openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key.pem -out client-cert.pem
+    check_result $? "Step 2"
     rm client-cert.csr
 
     openssl x509 -in client-cert.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem client-cert.pem
-
+    echo "End of section"
-
+    echo "---------------------------------------------------------------------"
     ############################################################
     #### update the self-signed (3072-bit) client-cert.pem #####
     ############################################################
     echo "Updating 3072-bit client-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL_3072\nProgramming-3072\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -nodes -out client-cert-3072.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_3072\nProgramming-3072\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -config ./wolfssl.cnf -nodes -out client-cert-3072.csr
+    check_result $? "Step 1"
 
 
     openssl x509 -req -in client-cert-3072.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key-3072.pem -out client-cert-3072.pem
+    check_result $? "Step 2"
     rm client-cert-3072.csr
 
     openssl x509 -in client-cert-3072.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem client-cert-3072.pem
-
+    echo "End of section"
-
+    echo "---------------------------------------------------------------------"
     ############################################################
     #### update the self-signed (1024-bit) client-cert.pem #####
     ############################################################
     echo "Updating 1024-bit client-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL_1024\nProgramming-1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/client-key.pem -nodes -out \1024/client-cert.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_1024\nProgramming-1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ./1024/client-key.pem -config ./wolfssl.cnf -nodes -out ./1024/client-cert.csr
+    check_result $? "Step 1"
 
 
-    openssl x509 -req -in \1024/client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/client-key.pem -out \1024/client-cert.pem
+    openssl x509 -req -in ./1024/client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ./1024/client-key.pem -out ./1024/client-cert.pem
-    rm \1024/client-cert.csr
+    check_result $? "Step 2"
+    rm ./1024/client-cert.csr
 
-    openssl x509 -in \1024/client-cert.pem -text > \1024/tmp.pem
+    openssl x509 -in ./1024/client-cert.pem -text > ./1024/tmp.pem
-    mv \1024/tmp.pem \1024/client-cert.pem
+    check_result $? "Step 3"
+    mv ./1024/tmp.pem ./1024/client-cert.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## update the self-signed ca-cert.pem ##############
     ############################################################
     echo "Updating ca-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e  "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-cert.csr
+    echo -e  "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -config ./wolfssl.cnf -nodes -out ca-cert.csr
+    check_result $? "Step 1"
 
     openssl x509 -req -in ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ca-key.pem -out ca-cert.pem
+    check_result $? "Step 2"
     rm ca-cert.csr
 
     openssl x509 -in ca-cert.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem ca-cert.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## update the self-signed ca-ecc-cert.pem ##########
     ############################################################
     echo "Updating ca-ecc-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e  "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc-key.pem -nodes -out ca-ecc-cert.csr
+    echo -e  "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc-key.pem -config ./wolfssl.cnf -nodes -out ca-ecc-cert.csr
+    check_result $? "Step 1"
 
     openssl x509 -req -in ca-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc-key.pem -out ca-ecc-cert.pem
+    check_result $? "Step 2"
     rm ca-ecc-cert.csr
 
     openssl x509 -in ca-ecc-cert.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem ca-ecc-cert.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## update the self-signed ca-ecc384-cert.pem #######
     ############################################################
     echo "Updating ca-ecc384-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e  "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc384-key.pem -nodes -sha384 -out ca-ecc384-cert.csr
+    echo -e  "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc384-key.pem -config ./wolfssl.cnf -nodes -sha384 -out ca-ecc384-cert.csr
+    check_result $? "Step 1"
 
     openssl x509 -req -in ca-ecc384-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc384-key.pem -sha384 -out ca-ecc384-cert.pem
+    check_result $? "Step 2"
     rm ca-ecc384-cert.csr
 
     openssl x509 -in ca-ecc384-cert.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem ca-ecc384-cert.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ##### update the self-signed (1024-bit) ca-cert.pem ########
     ############################################################
     echo "Updating 1024-bit ca-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e  "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/ca-key.pem -nodes -sha1 -out \1024/ca-cert.csr
+    echo -e  "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ./1024/ca-key.pem -config ./wolfssl.cnf -nodes -sha1 -out ./1024/ca-cert.csr
+    check_result $? "Step 1"
 
-    openssl x509 -req -in \1024/ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/ca-key.pem -out \1024/ca-cert.pem
+    openssl x509 -req -in ./1024/ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ./1024/ca-key.pem -out ./1024/ca-cert.pem
-    rm \1024/ca-cert.csr
+    check_result $? "Step 2"
+    rm ./1024/ca-cert.csr
 
-    openssl x509 -in \1024/ca-cert.pem -text > \1024/tmp.pem
+    openssl x509 -in ./1024/ca-cert.pem -text > ./1024/tmp.pem
-    mv \1024/tmp.pem \1024/ca-cert.pem
+    check_result $? "Step 3"
+    mv ./1024/tmp.pem ./1024/ca-cert.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ###########################################################
     ########## update and sign server-cert.pem ################
     ###########################################################
     echo "Updating server-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -config ./wolfssl.cnf -nodes > server-req.pem
+    check_result $? "Step 1"
 
     openssl x509 -req -in server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+    check_result $? "Step 2"
 
     rm server-req.pem
 
     openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    check_result $? "Step 3"
     openssl x509 -in server-cert.pem -text > srv_tmp.pem
+    check_result $? "Step 4"
     mv srv_tmp.pem server-cert.pem
     cat ca_tmp.pem >> server-cert.pem
     rm ca_tmp.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ###########################################################
     ########## update and sign server-revoked-key.pem #########
     ###########################################################
     echo "Updating server-revoked-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+    echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -config ./wolfssl.cnf -nodes > server-revoked-req.pem
+    check_result $? "Step 1"
 
     openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
-
+    check_result $? "Step 2"
     rm server-revoked-req.pem
 
     openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    check_result $? "Step 3"
     openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+    check_result $? "Step 4"
     mv srv_tmp.pem server-revoked-cert.pem
     cat ca_tmp.pem >> server-revoked-cert.pem
     rm ca_tmp.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ###########################################################
     ########## update and sign server-duplicate-policy.pem ####
     ###########################################################
     echo "Updating server-duplicate-policy.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\ntesting duplicate policy\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > ./test/server-duplicate-policy-req.pem
+    echo -e "US\nMontana\nBozeman\nwolfSSL\ntesting duplicate policy\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -config ./wolfssl.cnf -nodes > ./test/server-duplicate-policy-req.pem
+    check_result $? "Step 1"
 
     openssl x509 -req -in ./test/server-duplicate-policy-req.pem -extfile wolfssl.cnf -extensions policy_test -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > ./test/server-duplicate-policy.pem
-
+    check_result $? "Step 2"
     rm ./test/server-duplicate-policy-req.pem
 
     openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    check_result $? "Step 3"
     openssl x509 -in ./test/server-duplicate-policy.pem -text > srv_tmp.pem
+    check_result $? "Step 4"
     mv srv_tmp.pem ./test/server-duplicate-policy.pem
     cat ca_tmp.pem >> ./test/server-duplicate-policy.pem
     rm ca_tmp.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ###########################################################
     #### update and sign (1024-bit) server-cert.pem ###########
     ###########################################################
     echo "Updating 1024-bit server-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/server-key.pem -nodes -sha1 > \1024/server-req.pem
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ./1024/server-key.pem -config ./wolfssl.cnf -nodes -sha1 > ./1024/server-req.pem
+    check_result $? "Step 1"
 
-    openssl x509 -req -in \1024/server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA \1024/ca-cert.pem -CAkey \1024/ca-key.pem -set_serial 01 > \1024/server-cert.pem
+    openssl x509 -req -in ./1024/server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ./1024/ca-cert.pem -CAkey ./1024/ca-key.pem -set_serial 01 > ./1024/server-cert.pem
+    check_result $? "Step 2"
+    rm ./1024/server-req.pem
 
-    rm \1024/server-req.pem
+    openssl x509 -in ./1024/ca-cert.pem -text > ./1024/ca_tmp.pem
-
+    check_result $? "Step 3"
-    openssl x509 -in \1024/ca-cert.pem -text > \1024/ca_tmp.pem
+    openssl x509 -in ./1024/server-cert.pem -text > ./1024/srv_tmp.pem
-    openssl x509 -in \1024/server-cert.pem -text > \1024/srv_tmp.pem
+    check_result $? "Step 4"
-    mv \1024/srv_tmp.pem \1024/server-cert.pem
+    mv ./1024/srv_tmp.pem ./1024/server-cert.pem
-    cat \1024/ca_tmp.pem >> \1024/server-cert.pem
+    cat ./1024/ca_tmp.pem >> ./1024/server-cert.pem
-    rm \1024/ca_tmp.pem
+    rm ./1024/ca_tmp.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## update and sign the server-ecc-rsa.pem ##########
     ############################################################
     echo "Updating server-ecc-rsa.pem"
     echo ""
-    echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes > server-ecc-req.pem
+    echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -config ./wolfssl.cnf -nodes > server-ecc-req.pem
+    check_result $? "Step 1"
 
     openssl x509 -req -in server-ecc-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem
-
+    check_result $? "Step 2"
     rm server-ecc-req.pem
 
     openssl x509 -in server-ecc-rsa.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem server-ecc-rsa.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ####### update the self-signed client-ecc-cert.pem #########
     ############################################################
     echo "Updating client-ecc-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nOregon\nSalem\nClient ECC\nFast\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -nodes -out client-ecc-cert.csr
+    echo -e "US\nOregon\nSalem\nClient ECC\nFast\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -config ./wolfssl.cnf -nodes -out client-ecc-cert.csr
-
+    check_result $? "Step 1"
 
     openssl x509 -req -in client-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-client-key.pem -out client-ecc-cert.pem
+    check_result $? "Step 2"
     rm client-ecc-cert.csr
 
     openssl x509 -in client-ecc-cert.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem client-ecc-cert.pem
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## update the server-ecc.pem #######################
     ############################################################
     echo "Updating server-ecc.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nWashington\nSeattle\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
+    echo -e "US\nWashington\nSeattle\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -config ./wolfssl.cnf -nodes -out server-ecc.csr
+    check_result $? "Step 1"
 
-
+    openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions server_ecc -CA ca-ecc-cert.pem -CAkey ca-ecc-key.pem -set_serial 03 -out server-ecc.pem
-    openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions server_ecc -CAfile ca-ecc-cert.pem -CAkey ca-ecc-key.pem -out server-ecc.pem
+    check_result $? "Step 2"
     rm server-ecc.csr
 
     openssl x509 -in server-ecc.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem server-ecc.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### update the self-signed server-ecc-comp.pem ##########
     ############################################################
     echo "Updating server-ecc-comp.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nElliptic - comp\nServer ECC-comp\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -nodes -out server-ecc-comp.csr
+    echo -e "US\nMontana\nBozeman\nElliptic - comp\nServer ECC-comp\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -config ./wolfssl.cnf -nodes -out server-ecc-comp.csr
-
+    check_result $? "Step 1"
 
     openssl x509 -req -in server-ecc-comp.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key-comp.pem -out server-ecc-comp.pem
+    check_result $? "Step 2"
     rm server-ecc-comp.csr
 
     openssl x509 -in server-ecc-comp.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem server-ecc-comp.pem
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ############## create the client-ca.pem file ###############
     ############################################################
     echo "Updating client-ca.pem"
     echo ""
     cat client-cert.pem client-ecc-cert.pem > client-ca.pem
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### update the self-signed ecc-privOnlyCert.pem #########
     ############################################################
     echo "Updating ecc-privOnlyCert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e ".\n.\n.\nWR\n.\nDE\n.\n.\n.\n" | openssl req -new -key ecc-privOnlyKey.pem -nodes -out ecc-privOnly.csr
+    echo -e ".\n.\n.\nWR\n.\nDE\n.\n.\n.\n" | openssl req -new -key ecc-privOnlyKey.pem -config ./wolfssl.cnf -nodes -out ecc-privOnly.csr
-
+    check_result $? "Step 1"
 
     openssl x509 -req -in ecc-privOnly.csr -days 1000 -signkey ecc-privOnlyKey.pem -out ecc-privOnlyCert.pem
+    check_result $? "Step 2"
     rm ecc-privOnly.csr
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### update the self-signed test/digsigku.pem   ##########
     ############################################################
     echo "Updating test/digsigku.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr
+    echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -config ./wolfssl.cnf -nodes -sha1 -out digsigku.csr
-
+    check_result $? "Step 1"
 
     openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem
+    check_result $? "Step 2"
     rm digsigku.csr
 
     openssl x509 -in digsigku.pem -text > tmp.pem
+    check_result $? "Step 3"
     mv tmp.pem digsigku.pem
     mv digsigku.pem test/digsigku.pem
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## make .der files from .pem files #################
     ############################################################
     echo "Creating der formatted certs..."
     echo ""
-    openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
+    openssl x509 -inform PEM -in ./1024/client-cert.pem -outform DER -out ./1024/client-cert.der
-    openssl x509 -inform PEM -in \1024/server-cert.pem -outform DER -out \1024/server-cert.der
+    check_result $? "Der Cert 1"
-    openssl x509 -inform PEM -in \1024/ca-cert.pem -outform DER -out \1024/ca-cert.der
+    openssl x509 -inform PEM -in ./1024/server-cert.pem -outform DER -out ./1024/server-cert.der
+    check_result $? "Der Cert 2"
+    openssl x509 -inform PEM -in ./1024/ca-cert.pem -outform DER -out ./1024/ca-cert.der
+    check_result $? "Der Cert 3"
 
     openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
+    check_result $? "Der Cert 4"
     openssl x509 -inform PEM -in ca-ecc-cert.pem -outform DER -out ca-ecc-cert.der
+    check_result $? "Der Cert 5"
     openssl x509 -inform PEM -in ca-ecc384-cert.pem -outform DER -out ca-ecc384-cert.der
+    check_result $? "Der Cert 6"
     openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
+    check_result $? "Der Cert 7"
     openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
+    check_result $? "Der Cert 8"
     openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der
+    check_result $? "Der Cert 9"
     openssl x509 -inform PEM -in server-ecc-rsa.pem -outform DER -out server-ecc-rsa.der
+    check_result $? "Der Cert 10"
     openssl x509 -inform PEM -in server-ecc.pem -outform DER -out server-ecc.der
+    check_result $? "Der Cert 11"
     openssl x509 -inform PEM -in server-ecc-comp.pem -outform DER -out server-ecc-comp.der
-
+    check_result $? "Der Cert 12"
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### update the ecc-rsa-server.p12 file ##################
     ############################################################
     echo "Updating ecc-rsa-server.p12 (password is \"\")"
     echo ""
     echo "" | openssl pkcs12 -des3 -descert -export -in server-ecc-rsa.pem -inkey ecc-key.pem -certfile server-ecc.pem -out ecc-rsa-server.p12 -password stdin
-
+    check_result $? "Step 1"
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### update the test-servercert.p12 file #################
     ############################################################
     echo "Updating test-servercert.p12 (password is \"wolfSSL test\")"
     echo ""
     echo "wolfSSL test" | openssl pkcs12 -des3 -descert -export -in server-cert.pem -inkey server-key.pem -certfile ca-cert.pem -out test-servercert.p12 -password stdin
-
+    check_result $? "Step 1"
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### calling gen-ext-certs.sh           ##################
     ############################################################
     echo "Calling gen-ext-certs.sh"
     echo ""
-    cd ..
+    cd .. || exit 1
     ./certs/test/gen-ext-certs.sh
-    cd ./certs
+    check_result $? "gen-ext-certs.sh"
-
+    cd ./certs || { echo "Couldn't cd to certs directory"; exit 1; }
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### calling gen-badsig.sh              ##################
     ############################################################
     echo "Calling gen-badsig.sh"
     echo ""
-    cd ./test
+    cd ./test || { echo "Failed to switch to dir ./test"; exit 1; }
     ./gen-badsig.sh
-    cd ../
+    check_result $? "gen-badsig.sh"
-
+    cd ../ || exit 1
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## generate ocsp certs        ######################
     ############################################################
@@ -394,50 +515,58 @@ function run_renewcerts(){
 
     # guard against recursive calls to renewcerts.sh
     if [ -d ocsp ]; then
-        cd ./ocsp
+        cd ./ocsp || { echo "Failed to switch to dir ./ocsp"; exit 1; }
-        echo "Execute ./renewcerts.sh..."
+        echo "Execute ocsp/renewcerts.sh..."
         ./renewcerts.sh
-        cd ../
+        check_result $? "renewcerts.sh"
+        cd ../ || exit 1
     else
         echo "Error could not find ocsp directory"
         exit 1
     fi
-
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ###### calling assemble-chains.sh         ##################
     ############################################################
     echo "Calling assemble-chains.sh"
     echo ""
-    cd ./test-pathlen
+    cd ./test-pathlen || { echo "Failed to switch to dir ./test-pathlen";
+                           exit 1; }
     ./assemble-chains.sh
-    cd ../
+    check_result $? "assemble-chains.sh"
-
+    cd ../ || exit 1
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## store DER files as buffers ######################
     ############################################################
     echo "Changing directory to wolfssl root..."
     echo ""
-    cd ../
+    cd ../ || exit 1
     echo "Execute ./gencertbuf.pl..."
     echo ""
     ./gencertbuf.pl
-
+    check_result $? "gencertbuf.pl"
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
     ############################################################
     ########## generate the new crls ###########################
     ############################################################
 
     echo "Change directory to wolfssl/certs"
     echo ""
-    cd certs
+    cd ./certs || { echo "Failed to switch to dir ./certs"; exit 1; }
     echo "We are back in the certs directory"
     echo ""
 
     echo "Updating the crls..."
     echo ""
-    cd crl
+    cd ./crl || { echo "Failed to switch to dir ./crl"; exit 1; }
     echo "changed directory: cd/crl"
     echo ""
     ./gencrls.sh
+    check_result $? "gencrls.sh"
     echo "ran ./gencrls.sh"
     echo ""
 
@@ -446,22 +575,15 @@ function run_renewcerts(){
     echo ""
 
     rm ../wolfssl.cnf
-
+    echo "End of Updates. Everything was successfully updated!"
-}
+    echo "---------------------------------------------------------------------"
-
-#function for restoring a previous configure state
-function restore_config(){
-    mv tmp.status config.status
-    mv tmp.options.h wolfssl/options.h
-    make clean
-    make -j 8
 }
 
 #function for copy and pasting ntru updates
-function move_ntru(){
+move_ntru(){
-    cp ntru-cert.pem certs/ntru-cert.pem
+    cp ntru-cert.pem certs/ntru-cert.pem || exit 1
-    cp ntru-key.raw certs/ntru-key.raw
+    cp ntru-key.raw certs/ntru-key.raw || exit 1
-    cp ntru-cert.der certs/ntru-cert.der
+    cp ntru-cert.der certs/ntru-cert.der || exit 1
 }
 
 ###############################################################################
@@ -469,7 +591,7 @@ function move_ntru(){
 ###############################################################################
 
 #start in root.
-cd ../
+cd ../ || exit 1
 #if HAVE_NTRU already defined && there is no argument
 if grep HAVE_NTRU "wolfssl/options.h" && [ -z "$1" ]
 then
@@ -477,18 +599,27 @@ then
     #run the function to renew the certs
     run_renewcerts
     # run_renewcerts will end in the wolfssl/certs/crl dir, backup to root.
-    cd ../../
+    cd ../ || exit 1
+    CURRDIR=${PWD##*/}
+    if [ "$CURRDIR" = "certs" ]; then
+        cd ../ || exit 1
+    else
+        echo "We are not in the right directory! Abort."
+        exit 1
+    fi
     echo "changed directory to wolfssl root directory."
     echo ""
 
     echo ""
     echo "Enter directory to ed25519 certificate generation example."
     echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
-    read ED25519_DIR
+    read -r ED25519_DIR
     if [ -d "${ED25519_DIR}" ]; then
-        pushd ./certs/ed25519
+        pushd ./certs/ed25519 || { echo "Failed to push certs/ed25519";
-        ./gen-ed25519.sh ${ED25519_DIR}
+                                   exit 1; }
-        popd
+        ./gen-ed25519.sh "${ED25519_DIR}"
+        check_result $? "./gen-ed25519.sh"
+        popd || exit 1
     else
         echo "Unable to find directory ${ED25519_DIR}"
         exit 1
@@ -499,8 +630,13 @@ then
     ############################################################
 
     # We cannot assume that user has certgen and keygen enabled
+    CFLAG_TMP="-DWOLFSSL_STATIC_RSA"
+    export CFLAGS=${CFLAG_TMP}
     ./configure --with-ntru --enable-certgen --enable-keygen
+    check_result $? "configure for ntru"
     make check
+    check_result $? "make check with ntru"
+    export CFLAGS=""
 
     #copy/paste ntru-certs and key to certs/
     move_ntru
@@ -516,10 +652,12 @@ elif [ ! -z "$1" ]; then
         echo ""
         echo "Enter directory to ed25519 certificate generation example."
         echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
-        read ED25519_DIR
+        read -r ED25519_DIR
-        pushd ./certs/ed25519
+        pushd ./certs/ed25519 || { echo "failed to push ./certs/ed25519";
-        ./gen-ed25519.sh ${ED25519_DIR}
+                                   exit 1; }
-        popd
+        ./gen-ed25519.sh "${ED25519_DIR}"
+        check_result $? "./gen-ed25519.sh"
+        popd || exit 1
     #valid argument print out other valid arguments
     elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
         echo ""
@@ -541,18 +679,24 @@ elif [ ! -z "$1" ]; then
 else
     echo "Saving the configure state"
     echo ""
-    cp config.status tmp.status
+    cp config.status tmp.status || exit 1
-    cp wolfssl/options.h tmp.options.h
+    cp wolfssl/options.h tmp.options.h || exit 1
 
     echo "Running make clean"
     echo ""
     make clean
+    check_result $? "make clean"
 
     #attempt to define ntru by configuring with ntru
     echo "Configuring with ntru, enabling certgen and keygen"
     echo ""
+    CFLAG_TMP="-DWOLFSSL_STATIC_RSA"
+    export CFLAGS=${CFLAG_TMP}
     ./configure --with-ntru --enable-certgen --enable-keygen
+    check_result $? "configure for ntru"
     make check
+    check_result $? "make check with ntru"
+    export CFLAGS=""
 
     # check options.h a second time, if the user had
     # ntru installed on their system and in the default
@@ -565,7 +709,14 @@ else
     if grep HAVE_NTRU "wolfssl/options.h"; then
         run_renewcerts
         #run_renewcerts leaves us in wolfssl/certs/crl, backup to root
-        cd ../../
+        cd ../ || exit 1
+        CURRDIR=${PWD##*/}
+        if [ "$CURRDIR" = "certs" ]; then
+            cd ../ || exit 1
+        else
+            echo "We are not in the right directory! Abort."
+            exit 1
+        fi
         echo "changed directory to wolfssl root directory."
         echo ""
 
@@ -576,10 +727,12 @@ else
 
         # restore previous configure state
         restore_config
+        check_result $? "restoring old configuration"
     else
 
         # restore previous configure state
         restore_config
+        check_result $? "restoring old configuration"
 
         echo ""
         echo "ntru is not installed at the default location,"

certs/renewcerts/wolfssl.cnf

@@ -11,13 +11,13 @@ oid_section = new_oids
 tsa_policy1 = 1.2.3.4.1
 tsa_policy2 = 1.2.3.4.5.6
 tsa_policy3 = 1.2.3.4.5.7
-businessCategory=2.5.4.15
+#businessCategory=2.5.4.15
-streetAddress=2.5.4.9
+#streetAddress=2.5.4.9
-stateOrProvinceName=2.5.4.8
+#stateOrProvinceName=2.5.4.8
-countryName=2.5.4.6
+#countryName=2.5.4.6
-jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1
+#jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1
-jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2
+#jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2
-jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3
+#jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3
 
 ####################################################################
 [ ca ]

certs/test-pathlen/assemble-chains.sh

@@ -3,6 +3,14 @@
 # assemble-chains.sh
 # Create certs and assemble all the certificate CA path test cert chains.
 
+check_result(){
+    if [ $1 -ne 0 ]; then
+        echo "$2 Failed, Abort"
+        exit 1
+    else
+        echo "$2 Succeeded!"
+    fi
+}
 
 ###########################################################
 ########## update server-0-ca.pem          ################
@@ -10,180 +18,216 @@
 echo "Updating server-0-ca.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-ca-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-ca-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 100 -sha1 > server-0-ca.pem
+check_result $? "Step 2"
 
 rm server-0-ca-req.pem
 openssl x509 -in server-0-ca.pem -text > ca_tmp.pem
+check_result $? "Step 3"
 mv ca_tmp.pem server-0-ca.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-0-cert.pem        ################
 ###########################################################
 echo "Updating server-0-cert.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-cert-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-cert-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 101 -sha1 > server-0-cert.pem
+check_result $? "Step 2"
 
 rm server-0-cert-req.pem
 openssl x509 -in server-0-cert.pem -text > cert_tmp.pem
+check_result $? "Step 3"
 mv cert_tmp.pem server-0-cert.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-1-ca.pem          ################
 ###########################################################
 echo "Updating server-1-ca.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-ca-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-ca-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 102 -sha1 > server-1-ca.pem
+check_result $? "Step 2"
 
 rm server-1-ca-req.pem
 openssl x509 -in server-1-ca.pem -text > ca_tmp.pem
+check_result $? "Step 3"
 mv ca_tmp.pem server-1-ca.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-1-cert.pem        ################
 ###########################################################
 echo "Updating server-1-cert.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-cert-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-cert-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 105 -sha1 > server-1-cert.pem
+check_result $? "Step 2"
 
 rm server-1-cert-req.pem
 openssl x509 -in server-1-cert.pem -text > cert_tmp.pem
+check_result $? "Step 3"
 mv cert_tmp.pem server-1-cert.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-0-1-ca.pem        ################
 ###########################################################
 echo "Updating server-0-1-ca.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-1-ca-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-1-ca-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-0-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 110 -sha1 > server-0-1-ca.pem
+check_result $? "Step 2"
 
 rm server-0-1-ca-req.pem
 openssl x509 -in server-0-1-ca.pem -text > ca_tmp.pem
+check_result $? "Step 3"
 mv ca_tmp.pem server-0-1-ca.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-0-1-cert.pem      ################
 ###########################################################
 echo "Updating server-0-1-cert.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-1-cert-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-1-cert-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-0-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-1-ca.pem -CAkey ../server-key.pem -set_serial 111 -sha1 > server-0-1-cert.pem
+check_result $? "Step 2"
 
 rm server-0-1-cert-req.pem
 openssl x509 -in server-0-1-cert.pem -text > cert_tmp.pem
+check_result $? "Step 3"
 mv cert_tmp.pem server-0-1-cert.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-1-0-ca.pem        ################
 ###########################################################
 echo "Updating server-1-0-ca.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-0-ca-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-0-ca-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-1-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 103 -sha1 > server-1-0-ca.pem
+check_result $? "Step 2"
 
 rm server-1-0-ca-req.pem
 openssl x509 -in server-1-0-ca.pem -text > ca_tmp.pem
+check_result $? "Step 3"
 mv ca_tmp.pem server-1-0-ca.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-1-0-cert.pem      ################
 ###########################################################
 echo "Updating server-1-0-cert.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-0-cert-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-0-cert-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-1-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-0-ca.pem -CAkey ../server-key.pem -set_serial 104 -sha1 > server-1-0-cert.pem
+check_result $? "Step 2"
 
 rm server-1-0-cert-req.pem
 openssl x509 -in server-1-0-cert.pem -text > cert_tmp.pem
+check_result $? "Step 3"
 mv cert_tmp.pem server-1-0-cert.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-127-ca.pem        ################
 ###########################################################
 echo "Updating server-127-ca.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-127-ca-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-127-ca-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-127-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_127 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-127-ca.pem
+check_result $? "Step 2"
 
 rm server-127-ca-req.pem
 openssl x509 -in server-127-ca.pem -text > ca_tmp.pem
+check_result $? "Step 3"
 mv ca_tmp.pem server-127-ca.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-127-cert.pem      ################
 ###########################################################
 echo "Updating server-127-cert.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-127-cert-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-127-cert-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-127-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-127-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-127-cert.pem
+check_result $? "Step 2"
 
 rm server-127-cert-req.pem
 openssl x509 -in server-127-cert.pem -text > cert_tmp.pem
+check_result $? "Step 3"
 mv cert_tmp.pem server-127-cert.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-128-ca.pem        ################
 ###########################################################
 echo "Updating server-128-ca.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-128-ca-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-128-ca-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-128-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_128 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-128-ca.pem
+check_result $? "Step 2"
 
 rm server-128-ca-req.pem
 openssl x509 -in server-128-ca.pem -text > ca_tmp.pem
+check_result $? "Step 3"
 mv ca_tmp.pem server-128-ca.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## update server-128-cert.pem      ################
 ###########################################################
 echo "Updating server-128-cert.pem"
 echo ""
 #pipe the following arguments to openssl req...
-echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-128-cert-req.pem
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-128-cert-req.pem
+check_result $? "Step 1"
 
 openssl x509 -req -in server-128-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-128-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-128-cert.pem
+check_result $? "Step 2"
 
 rm server-128-cert-req.pem
 openssl x509 -in server-128-cert.pem -text > cert_tmp.pem
+check_result $? "Step 3"
 mv cert_tmp.pem server-128-cert.pem
-
+echo "End of Section"
-
+echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## Assemble Chains                 ################
 ###########################################################

certs/test/gen-testcerts.sh

@@ -1,130 +1,163 @@
 #!/bin/sh
+check_result() {
+    if [ $1 -ne 0 ]; then
+        echo "Step Failed, Abort"
+        exit 1
+    else
+        echo "Step Succeeded!"
+    fi
+}
 
 # Args: 1=FileName, 2=CN, 3=AltName, 4=CA
-function build_test_cert_conf {
+build_test_cert_conf() {
-	echo "# Generated openssl conf" 					 > $1.conf
+	echo "# Generated openssl conf" 					 > "$1".conf
-	echo "" 											>> $1.conf
+	echo "" 											>> "$1".conf
-	echo "[ ca ]" 										>> $1.conf
+	echo "[ ca ]" 										>> "$1".conf
-	echo "default_ca = CA_default"						>> $1.conf
+	echo "default_ca = CA_default"						>> "$1".conf
-	echo "[ CA_default ]"								>> $1.conf
+	echo "[ CA_default ]"								>> "$1".conf
-	echo "certificate     = ../ca-cert.pem"				>> $1.conf
+	echo "certificate     = ../ca-cert.pem"				>> "$1".conf
-	echo "database        = ./index.txt"				>> $1.conf
+	echo "database        = ./index.txt"				>> "$1".conf
-	echo "new_certs_dir   = ./certs"					>> $1.conf
+	echo "new_certs_dir   = ./certs"					>> "$1".conf
-	echo "private_key     = ./private/cakey.pem"		>> $1.conf
+	echo "private_key     = ./private/cakey.pem"		>> "$1".conf
-	echo "serial          = ./serial"					>> $1.conf
+	echo "serial          = ./serial"					>> "$1".conf
-	echo "default_md      = sha256"						>> $1.conf
+	echo "default_md      = sha256"						>> "$1".conf
-	echo "default_days    = 1000"						>> $1.conf
+	echo "default_days    = 1000"						>> "$1".conf
-	echo "policy          = default_ca_policy"			>> $1.conf
+	echo "policy          = default_ca_policy"			>> "$1".conf
-	echo "" 											>> $1.conf
+	echo "" 											>> "$1".conf
-	echo "[ default_ca_policy ]"						>> $1.conf
+	echo "[ default_ca_policy ]"						>> "$1".conf
-	echo "commonName              = supplied"			>> $1.conf
+	echo "commonName              = supplied"			>> "$1".conf
-	echo "stateOrProvinceName     = supplied"			>> $1.conf
+	echo "stateOrProvinceName     = supplied"			>> "$1".conf
-	echo "countryName             = supplied"			>> $1.conf
+	echo "countryName             = supplied"			>> "$1".conf
-	echo "emailAddress            = supplied"			>> $1.conf
+	echo "emailAddress            = supplied"			>> "$1".conf
-	echo "organizationName        = optional"			>> $1.conf
+	echo "organizationName        = optional"			>> "$1".conf
-	echo "organizationalUnitName  = optional"			>> $1.conf
+	echo "organizationalUnitName  = optional"			>> "$1".conf
-	echo "" 											>> $1.conf
+	echo "" 											>> "$1".conf
-	echo "[ req ]" 										>> $1.conf
+	echo "[ req ]" 										>> "$1".conf
-	echo "prompt = no"									>> $1.conf
+	echo "prompt = no"									>> "$1".conf
-	echo "default_bits        = 2048" 					>> $1.conf
+	echo "default_bits        = 2048" 					>> "$1".conf
-	echo "distinguished_name  = req_distinguished_name" >> $1.conf
+	echo "distinguished_name  = req_distinguished_name" >> "$1".conf
-	echo "req_extensions      = req_ext" 				>> $1.conf
-	if [ -n "$4" ]; then
-		echo "basicConstraints=CA:true,pathlen:0"       >> $1.conf
-		echo "" 										>> $1.conf
-	fi
-	echo "" 											>> $1.conf
-	echo "[ req_distinguished_name ]" 					>> $1.conf
-	echo "C = US" 										>> $1.conf
-	echo "ST = Montana" 								>> $1.conf
-	echo "L = Bozeman" 									>> $1.conf
-	echo "OU = Engineering" 							>> $1.conf
-	echo "CN = $2"  									>> $1.conf
-	echo "emailAddress = info@wolfssl.com" 				>> $1.conf
-	echo "" 											>> $1.conf
-	echo "[ req_ext ]" 									>> $1.conf
 	if [ -n "$3" ]; then
-		if [[ "$3" != *"DER"* ]]; then
+		echo "req_extensions      = req_ext" 			>> "$1".conf
-			echo "subjectAltName = @alt_names"			>> $1.conf
+	fi
-			echo "[alt_names]"							>> $1.conf
+	if [ -n "$4" ]; then
-			echo "DNS.1 = $3"							>> $1.conf
+		echo "basicConstraints=CA:true,pathlen:0"       >> "$1".conf
+		echo "" 										>> "$1".conf
+	fi
+	echo "" 											>> "$1".conf
+	echo "[ req_distinguished_name ]" 					>> "$1".conf
+	echo "C = US" 										>> "$1".conf
+	echo "ST = Montana" 								>> "$1".conf
+	echo "L = Bozeman" 									>> "$1".conf
+	echo "OU = Engineering" 							>> "$1".conf
+	echo "CN = $2"  									>> "$1".conf
+	echo "emailAddress = info@wolfssl.com" 				>> "$1".conf
+	echo "" 											>> "$1".conf
+	if [ -n "$3" ]; then
+		echo "[ req_ext ]" 								>> "$1".conf
+		if [ "$3" != *"DER"* ]; then
+			echo "subjectAltName = @alt_names"			>> "$1".conf
+			echo "[alt_names]"							>> "$1".conf
+			echo "DNS.1 = $3"							>> "$1".conf
 		else
-			echo "subjectAltName = $3" 					>> $1.conf
+			echo "subjectAltName = $3" 					>> "$1".conf
 		fi
 	fi
 }
 
 # Args: 1=FileName
-function generate_test_cert {
+generate_test_cert() {
-	rm $1.der
+	rm "$1".der
-	rm $1.pem
+	rm "$1".pem
 
 	echo "step 1 create configuration"
-	build_test_cert_conf $1 $2 $3
+	build_test_cert_conf "$1" "$2" "$3"
+	check_result $?
 
 	echo "step 2 create csr"
-	openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf
+	openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf
+	check_result $?
 
 	echo "step 3 check csr"
-	openssl req -text -noout -in $1.csr
+	openssl req -text -noout -in "$1".csr
+	check_result $?
 
 	echo "step 4 create cert"
-	openssl x509 -req -days 1000 -sha256 -in $1.csr -signkey ../server-key.pem \
+	if [ "$3" = "" ]; then
-	             -out $1.pem -extensions req_ext -extfile $1.conf
+		openssl x509 -req -days 1000 -sha256 \
-	rm $1.conf
+	                 -in "$1".csr -signkey ../server-key.pem \
-	rm $1.csr
+	                 -out "$1".pem -extfile "$1".conf
+	else
+		openssl x509 -req -days 1000 -sha256 \
+	                 -in "$1".csr -signkey ../server-key.pem \
+	                 -out "$1".pem -extensions req_ext -extfile "$1".conf
+	fi
+	check_result $?
+	rm "$1".conf
+	rm "$1".csr
 
 	if [ -n "$4" ]; then
 		echo "step 5 generate crl"
 		mkdir ../crl/demoCA
 		touch ../crl/demoCA/index.txt
-	    echo "01" > ../crl/crlnumber
+		echo "01" > ../crl/crlnumber
-		openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem
+		openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \
-		rm ../crl/$1Crl.pem
+		           -out crl.revoked -keyfile ../server-key.pem -cert "$1".pem
+		check_result $?
+		rm ../crl/"$1"Crl.pem
 		openssl crl -in crl.revoked -text > tmp.pem
-		mv tmp.pem ../crl/$1Crl.pem
+		check_result $?
+		mv tmp.pem ../crl/"$1"Crl.pem
 		rm crl.revoked
 		rm -rf ../crl/demoCA
 		rm ../crl/crlnumber*
 	fi
 
 	echo "step 6 add cert text information to pem"
-	openssl x509 -inform pem -in $1.pem -text > tmp.pem
+	openssl x509 -inform pem -in "$1".pem -text > tmp.pem
-	mv tmp.pem $1.pem
+	check_result $?
+	mv tmp.pem "$1".pem
 
 	echo "step 7 make binary der version"
-	openssl x509 -inform pem -in $1.pem -outform der -out $1.der
+	openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
+	check_result $?
 }
 
-function generate_expired_certs {
+generate_expired_certs() {
-	rm $1.der
+	rm "$1".der
-	rm $1.pem
+	rm "$1".pem
 
 	mkdir -p certs
 	touch ./index.txt
 	echo 1000 > ./serial
 
 	echo "step 1 create configuration"
-	build_test_cert_conf $1 www.wolfssl.com 0 $3
+	build_test_cert_conf "$1" www.wolfssl.com 0 "$3"
+	check_result $?
 
 	echo "step 2 create csr"
-	openssl req -new -sha256 -out $1.csr -key $2 -config $1.conf
+	openssl req -new -sha256 -out "$1".csr -key "$2" -config "$1".conf
+	check_result $?
 
 	echo "step 3 check csr"
-	openssl req -text -noout -in $1.csr
+	openssl req -text -noout -in "$1".csr
+	check_result $?
 
 	echo "step 4 create cert"
-	openssl ca -selfsign -config $1.conf -keyfile $2 -in $1.csr -out $1.pem \
+	openssl ca -config ../renewcerts/wolfssl.cnf -selfsign -config "$1".conf \
-		-startdate 201807310000Z -enddate 201808300000Z -batch
+		       -keyfile "$2" -in "$1".csr -out "$1".pem \
-	rm $1.conf
+		       -startdate 201807310000Z -enddate 201808300000Z -batch
-	rm $1.csr
+	check_result $?
+	rm "$1".conf
+	rm "$1".csr
 
 	echo "step 5 add cert text information to pem"
-	openssl x509 -inform pem -in $1.pem -text > tmp.pem
+	openssl x509 -inform pem -in "$1".pem -text > tmp.pem
-	mv tmp.pem $1.pem
+	check_result $?
+	mv tmp.pem "$1".pem
 
 	echo "step 7 make binary der version"
-	openssl x509 -inform pem -in $1.pem -outform der -out $1.der
+	openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
+	check_result $?
 
 	rm -rf certs
 	rm ./index.txt*
@@ -138,10 +171,12 @@ generate_test_cert server-goodcn localhost "" 1
 generate_test_cert server-goodalt www.nomatch.com localhost 1
 
 # Generate Good CN=*localhost, Alt=None
-generate_test_cert server-goodcnwild *localhost "" 1
+# Surround "*localhost" with quotes to prevent shell expansion to wildcard
+generate_test_cert server-goodcnwild "*localhost" "" 1
 
 # Generate Good CN=www.nomatch.com, Alt=*localhost
-generate_test_cert server-goodaltwild www.nomatch.com *localhost 1
+# Surround "*localhost" with quotes to prevent shell expansion to wildcard
+generate_test_cert server-goodaltwild www.nomatch.com "*localhost" 1
 
 # Generate Bad CN=localhost\0h, Alt=None
 # DG: Have not found a way to properly encode null in common name

examples/server/server.c

@@ -1110,7 +1110,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
 #ifdef HAVE_NTRU
     if (useNtruKey) {
-        if (SSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
+        if (wolfSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
                                 != WOLFSSL_SUCCESS)
             err_sys_ex(runWithErrors, "can't load ntru key file, "
                     "Please run from wolfSSL home dir");