global fixes for shellcheck warnings SC2027, SC2069, SC2154, SC2141, SC3014, SC3037 (all true positives). note, does not fix SC2057 in ocsp-stapling.test, which is addressed by PR #5174 .

certs/intermediate/genintcerts.sh

@@ -189,11 +189,11 @@ create_cert() {
     mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem
 }
 
-if [ "$1" == "clean" ]; then
+if [ "$1" = "clean" ]; then
     echo "Cleaning temp files"
     cleanup_files
 fi
-if [ "$1" == "cleanall" ]; then
+if [ "$1" = "cleanall" ]; then
     echo "Cleaning all files"
     rm -f ./certs/intermediate/*.pem
     rm -f ./certs/intermediate/*.der

scripts/ocsp.test

@@ -37,7 +37,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then
 
     if [ $RESULT -eq 0 ]; then
         # client test against the server
-        echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server"
+        echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N -v d -S $server"
         ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server
         GL_RESULT=$?
         [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
@@ -62,7 +62,7 @@ fi
 
 if [ $RESULT -eq 0 ]; then
     # client test against the server
-    echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N"
+    echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N"
     ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N
     GR_RESULT=$?
     [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"

scripts/openssl.test

@@ -321,11 +321,11 @@ do_wolfssl_client() {
     if [ "$version" != "5" -a "$version" != "" ]
     then
         echo "#"
-        echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl"
+        echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
         $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
     else
         echo "#"
-        echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl"
+        echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
         # do all versions
         $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
     fi
@@ -451,10 +451,10 @@ esac
 wolf_ciphers=`$WOLFSSL_CLIENT -e`
 # get wolfssl supported versions
 wolf_versions=`$WOLFSSL_CLIENT -V`
-wolf_versions="$wolf_versions:5" #5 will test without -v flag
+wolf_versions="${wolf_versions}:5" #5 will test without -v flag
 
-OIFS=$IFS # store old separator to reset
-IFS=$'\:' # set delimiter
+OIFS="$IFS" # store old separator to reset
+IFS=: # set delimiter
 for version in $wolf_versions
 do
     case $version in
@@ -466,7 +466,7 @@ do
         ;;
     esac
 done
-IFS=$OIFS #restore separator
+IFS="$OIFS" #restore separator
 
 #
 # Start OpenSSL servers
@@ -552,8 +552,8 @@ case $openssl_nodhe in
 esac
 
 # Check suites to determine support in wolfSSL
-OIFS=$IFS # store old separator to reset
-IFS=$'\:' # set delimiter
+OIFS="$IFS" # store old separator to reset
+IFS=: # set delimiter
 for wolfSuite in $wolf_ciphers; do
     case $wolfSuite in
     *ECDHE-RSA-*)
@@ -589,7 +589,7 @@ for wolfSuite in $wolf_ciphers; do
         wolf_rsa=yes
     esac
 done
-IFS=$OIFS #restore separator
+IFS="$OIFS" #restore separator
 
 openssl_ciphers=`$OPENSSL ciphers ALL 2>&1`
 case $openssl_ciphers in
@@ -744,8 +744,8 @@ do
     check_server_ready
 done
 
-OIFS=$IFS # store old separator to reset
-IFS=$'\:' # set delimiter
+OIFS="$IFS" # store old separator to reset
+IFS=: # set delimiter
 set -f # no globbing
 
 wolf_temp_cases_total=0
@@ -1173,7 +1173,7 @@ do
     open_temp_cases_tested=0
     wolfdowngrade="$version"
 done
-IFS=$OIFS #restore separator
+IFS="$OIFS" #restore separator
 
 do_cleanup
 

scripts/openssl_srtp.test

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Test WolfSSL/OpenSSL srtp interoperability
 #
 # TODO: add OpenSSL client with WolfSSL server
@@ -59,7 +59,7 @@ start_openssl_server() {
 
     server_output_file=/tmp/openssl_srtp_out
 
-    # hackish but OpenSSL doesn't work if input is feeded before handshaking and
+    # hackish but OpenSSL doesn't work if input is fed before handshaking and
     # the wolfSSL client needs a reply to stop
     (sleep 1;echo -n "I hear you fa shizzle...") | \
         ${OPENSSL} s_server \

scripts/resume.test

@@ -74,7 +74,7 @@ do_test() {
     esac
 
     remove_ready_file
-    echo "./examples/server/server -r -R "$ready_file" -p $resume_port"
+    echo "./examples/server/server -r -R \"$ready_file\" -p $resume_port"
     ./examples/server/server -r -R "$ready_file" -p $resume_port &
     server_pid=$!
 

scripts/sniffer-testsuite.test

@@ -102,7 +102,7 @@ then
 fi
 
 # TLS v1.3 sniffer test X25519
-if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x22519 == yes
+if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes
 then
     ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
 

scripts/tls13.test

@@ -38,7 +38,7 @@ server_out_file="$(pwd)/wolfssl_tls13_server_out$$"
 # Client output
 client_out_file="$(pwd)/wolfssl_tls13_client_out$$"
 
-echo "ready file "$ready_file""
+echo "ready file \"$ready_file\""
 
 create_port() {
     while [ ! -s "$ready_file" ]; do
@@ -262,7 +262,7 @@ if [ "$early_data" = "yes" ]; then
              tee "$server_out_file") &
         server_pid=$!
         create_port
-        ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file"
+        ./examples/client/client -v 4 -r -0 -p $port >"$client_out_file" 2>&1
         RESULT=$?
         cat "$client_out_file"
         remove_ready_file

scripts/unit.test.in

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
+if [ -n "$NETWORK_UNSHARE_HELPER" ]; then
     exec "${NETWORK_UNSHARE_HELPER}" "@builddir@/tests/unit.test" "$@" || exit $?
 elif [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"