From 21db484f50ec70974941b6efccd301d0d09d3932 Mon Sep 17 00:00:00 2001 From: Elms Date: Tue, 8 Jun 2021 18:42:30 -0700 Subject: [PATCH 1/2] tests: fix test scripts for paths with spaces --- scripts/crl-revoked.test | 18 ++--- scripts/external.test | 2 +- .../ocsp-stapling-with-ca-as-responder.test | 40 +++++------ scripts/ocsp-stapling.test | 72 +++++++++---------- scripts/ocsp.test | 6 +- scripts/openssl.test | 42 +++++------ scripts/pkcallbacks.test | 12 ++-- scripts/psk.test | 20 +++--- scripts/resume.test | 12 ++-- scripts/tls13.test | 60 ++++++++-------- scripts/trusted_peer.test | 62 ++++++++-------- 11 files changed, 173 insertions(+), 173 deletions(-) diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test index 46d511a1c..483c62223 100755 --- a/scripts/crl-revoked.test +++ b/scripts/crl-revoked.test @@ -29,9 +29,9 @@ server_pid=$no_pid ready_file=`pwd`/wolfssl_crl_ready$$ remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "removing existing ready file" - rm $ready_file + rm "$ready_file" fi } @@ -70,12 +70,12 @@ run_test() { # starts the server on crl_port, -R generates ready file to be used as a # mutex lock, -c loads the revoked certificate. We capture the processid # into the variable server_pid - ./examples/server/server -R $ready_file -p $crl_port \ + ./examples/server/server -R "$ready_file" -p $crl_port \ -c ${CERT_DIR}/server-revoked-cert.pem \ -k ${CERT_DIR}/server-revoked-key.pem & server_pid=$! - while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do echo -e "waiting for ready file..." sleep 0.1 counter=$((counter+ 1)) @@ -84,7 +84,7 @@ run_test() { # sleep for an additional 0.1 to mitigate race on write/read of $ready_file: sleep 0.1 - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "found ready file, starting client..." else echo -e "NO ready file ending test..." @@ -92,7 +92,7 @@ run_test() { fi # get created port 0 ephemeral port - crl_port="$(cat $ready_file)" + crl_port="$(cat "$ready_file")" # starts client on crl_port and captures the output from client capture_out=$(./examples/client/client -p $crl_port 2>&1) @@ -147,18 +147,18 @@ run_hashdir_test() { # starts the server on crl_port, -R generates ready file to be used as a # mutex lock, -c loads the revoked certificate. We capture the processid # into the variable server_pid - ./examples/server/server -R $ready_file -p $crl_port \ + ./examples/server/server -R "$ready_file" -p $crl_port \ -c ${CERT_DIR}/server-revoked-cert.pem \ -k ${CERT_DIR}/server-revoked-key.pem & server_pid=$! - while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do echo -e "waiting for ready file..." sleep 0.1 counter=$((counter+ 1)) done # get created port 0 ephemeral port - crl_port="$(cat $ready_file)" + crl_port="$(cat "$ready_file")" # starts client on crl_port and captures the output from client capture_out=$(./examples/client/client -p $crl_port -9 2>&1) diff --git a/scripts/external.test b/scripts/external.test index e8826b245..b794c73c2 100755 --- a/scripts/external.test +++ b/scripts/external.test @@ -34,7 +34,7 @@ if [ $? -ne 0 ]; then fi # is our desired server there? - ${SCRIPT_DIR}/ping.test $server 2 + "${SCRIPT_DIR}"/ping.test $server 2 RESULT=$? [ $RESULT -ne 0 ] && exit 0 diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test index 0991b4569..8e6309469 100755 --- a/scripts/ocsp-stapling-with-ca-as-responder.test +++ b/scripts/ocsp-stapling-with-ca-as-responder.test @@ -43,7 +43,7 @@ CERT_DIR="certs/ocsp" ready_file="${WORKSPACE}"/wolf_ocsp_s1_readyF$$ ready_file2="${WORKSPACE}"/wolf_ocsp_s1_readyF2$$ -printf '%s\n' "ready files: $ready_file $ready_file2" +printf '%s\n' "ready files: \"$ready_file\" \"$ready_file2\"" test_cnf="ocsp_s_w_ca_a_r.cnf" @@ -51,7 +51,7 @@ wait_for_readyFile(){ counter=0 - while [ ! -s $1 -a "$counter" -lt 20 ]; do + while [ ! -s "$1" -a "$counter" -lt 20 ]; do if [[ -n "${2-}" ]]; then if ! kill -0 $2 2>&-; then echo "pid $2 for port ${3-} exited before creating ready file. bailing..." @@ -63,19 +63,19 @@ wait_for_readyFile(){ counter=$((counter+ 1)) done - if test -e $1; then + if test -e "$1"; then echo -e "found ready file, starting client..." else - echo -e "NO ready file at $1 -- ending test..." + echo -e "NO ready file at \"$1\" -- ending test..." exit 1 fi } remove_single_rF(){ - if test -e $1; then - printf '%s\n' "removing ready file: $1" - rm $1 + if test -e "$1"; then + printf '%s\n' "removing ready file: \"$1\"" + rm "$1" fi } @@ -135,13 +135,13 @@ create_new_cnf() { } remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then printf '%s\n' "removing ready file" - rm $ready_file + rm "$ready_file" fi - if test -e $ready_file2; then - printf '%s\n' "removing ready file: $ready_file2" - rm $ready_file2 + if test -e "$ready_file2"; then + printf '%s\n' "removing ready file: \"$ready_file2\"" + rm "$ready_file2" fi } @@ -197,10 +197,10 @@ port2=$(get_first_free_port $((port1 + 1))) # create a port to use with openssl ocsp responder -./examples/server/server -R $ready_file -p $port1 & +./examples/server/server -R "$ready_file" -p $port1 & wolf_pid=$! -wait_for_readyFile $ready_file $wolf_pid $port1 -if [ ! -f $ready_file ]; then +wait_for_readyFile "$ready_file" $wolf_pid $port1 +if [ ! -f "$ready_file" ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 else @@ -240,10 +240,10 @@ sleep 0.1 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem \ - -k certs/ocsp/server1-key.pem -R $ready_file2 \ + -k certs/ocsp/server1-key.pem -R "$ready_file2" \ -p $port2 & wolf_pid2=$! -wait_for_readyFile $ready_file2 $wolf_pid2 $port2 +wait_for_readyFile "$ready_file2" $wolf_pid2 $port2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ -p $port2 RESULT=$? @@ -252,12 +252,12 @@ printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED CERT -remove_single_rF $ready_file2 +remove_single_rF "$ready_file2" ./examples/server/server -c certs/ocsp/server2-cert.pem \ - -k certs/ocsp/server2-key.pem -R $ready_file2 \ + -k certs/ocsp/server2-key.pem -R "$ready_file2" \ -p $port2 & wolf_pid2=$! -wait_for_readyFile $ready_file2 $wolf_pid2 $port2 +wait_for_readyFile "$ready_file2" $wolf_pid2 $port2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ -p $port2 RESULT=$? diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 7a1583138..bf7cc2233 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -60,7 +60,7 @@ ln -s ../examples CERT_DIR="./certs/ocsp" ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$ ready_file2="$WORKSPACE"/wolf_ocsp_s1_readyF2$$ -printf '%s\n' "ready file: $ready_file" +printf '%s\n' "ready file: \"$ready_file\"" test_cnf="ocsp_s1.cnf" @@ -68,7 +68,7 @@ wait_for_readyFile(){ counter=0 - while [ ! -s $1 -a "$counter" -lt 20 ]; do + while [ ! -s "$1" -a "$counter" -lt 20 ]; do if [[ -n "${2-}" ]]; then if ! kill -0 $2 2>&-; then echo "pid $2 for port ${3-} exited before creating ready file. bailing..." @@ -80,19 +80,19 @@ wait_for_readyFile(){ counter=$((counter+ 1)) done - if test -e $1; then + if test -e "$1"; then echo -e "found ready file, starting client..." else - echo -e "NO ready file at $1 -- ending test..." + echo -e "NO ready file at \"$1\" -- ending test..." exit 1 fi } remove_single_rF(){ - if test -e $1; then - printf '%s\n' "removing ready file: $1" - rm $1 + if test -e "$1"; then + printf '%s\n' "removing ready file: \"$1\"" + rm "$1" fi } @@ -148,17 +148,17 @@ create_new_cnf() { CURR_LOC="$PWD" printf '%s\n' "echo now in $CURR_LOC" ./renewcerts-for-test.sh $test_cnf - cd $WORKSPACE + cd "$WORKSPACE" } remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then printf '%s\n' "removing ready file" - rm $ready_file + rm "$ready_file" fi - if test -e $ready_file2; then - printf '%s\n' "removing ready file: $ready_file2" - rm $ready_file2 + if test -e "$ready_file2"; then + printf '%s\n' "removing ready file: \"$ready_file2\"" + rm "$ready_file2" fi } @@ -227,11 +227,11 @@ port3=$(get_first_free_port $((port2 + 1))) # test interop fail case ready_file=$PWD/wolf_ocsp_readyF$$ -printf '%s\n' "ready file: $ready_file" -./examples/server/server -b -p $port1 -o -R $ready_file & +printf '%s\n' "ready file: \"$ready_file\"" +./examples/server/server -b -p $port1 -o -R "$ready_file" & wolf_pid=$! -wait_for_readyFile $ready_file $wolf_pid $port1 -if [ ! -f $ready_file ]; then +wait_for_readyFile "$ready_file" $wolf_pid $port1 +if [ ! -f "$ready_file" ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 else @@ -239,10 +239,10 @@ else echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1 | tee /dev/stderr | fgrep -q 'self signed certificate in certificate chain' if [ $? -neq 0 ]; then printf '%s\n' "Expected verification error from s_client is missing." - remove_single_rF $ready_file + remove_single_rF "$ready_file" exit 1 fi - remove_single_rF $ready_file + remove_single_rF "$ready_file" wait $wolf_pid if [ $? -ne 1 ]; then printf '%s\n' "wolfSSL server unexpected fail value" @@ -252,10 +252,10 @@ fi # create a port to use with openssl ocsp responder -./examples/server/server -b -p $port2 -R $ready_file & +./examples/server/server -b -p $port2 -R "$ready_file" & wolf_pid2=$! -wait_for_readyFile $ready_file $wolf_pid2 $port2 -if [ ! -f $ready_file ]; then +wait_for_readyFile "$ready_file" $wolf_pid2 $port2 +if [ ! -f "$ready_file" ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 else @@ -307,10 +307,10 @@ sleep 0.1 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT -./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ +./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -p $port3 & wolf_pid3=$! -wait_for_readyFile $ready_file2 $wolf_pid3 $port3 +wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 @@ -318,11 +318,11 @@ printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED CERT -remove_single_rF $ready_file2 -./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ +remove_single_rF "$ready_file2" +./examples/server/server -c certs/ocsp/server2-cert.pem -R "$ready_file2" \ -k certs/ocsp/server2-key.pem -p $port3 & wolf_pid3=$! -wait_for_readyFile $ready_file2 $wolf_pid3 $port3 +wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 sleep 0.1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3 RESULT=$? @@ -335,12 +335,12 @@ printf '%s\n\n' "Test successfully REVOKED!" if [ $? -ne 0 ]; then printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------" # client test against our own server - GOOD CERT - remove_single_rF $ready_file2 - ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ + remove_single_rF "$ready_file2" + ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -v 4 \ -p $port3 & wolf_pid3=$! - wait_for_readyFile $ready_file2 $wolf_pid3 $port3 + wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ -p $port3 RESULT=$? @@ -349,12 +349,12 @@ if [ $? -ne 0 ]; then printf '%s\n\n' "------------- TEST CASE 4 SHOULD PASS --------------------" # client test against our own server, must staple - GOOD CERT - remove_single_rF $ready_file2 - ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ + remove_single_rF "$ready_file2" + ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -v 4 \ -p $port3 & wolf_pid3=$! - wait_for_readyFile $ready_file2 $wolf_pid3 $port3 + wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ -p $port3 RESULT=$? @@ -363,12 +363,12 @@ if [ $? -ne 0 ]; then printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ------------------" # client test against our own server - REVOKED CERT - remove_single_rF $ready_file2 - ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ + remove_single_rF "$ready_file2" + ./examples/server/server -c certs/ocsp/server2-cert.pem -R "$ready_file2" \ -k certs/ocsp/server2-key.pem -v 4 \ -p $port3 & wolf_pid3=$! - wait_for_readyFile $ready_file2 $wolf_pid3 $port3 + wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ -p $port3 RESULT=$? diff --git a/scripts/ocsp.test b/scripts/ocsp.test index 74231b404..e89ecbe77 100755 --- a/scripts/ocsp.test +++ b/scripts/ocsp.test @@ -27,7 +27,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test" # is our desired server there? - ${SCRIPT_DIR}/ping.test $server 2 + "${SCRIPT_DIR}/ping.test" $server 2 RESULT=$? if [ $RESULT -ne 0 ]; then GL_UNREACHABLE=1 @@ -35,7 +35,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then if [ $RESULT -eq 0 ]; then # client test against the server - ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N -v d -S $server + ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server GL_RESULT=$? [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" else @@ -54,7 +54,7 @@ ${SCRIPT_DIR}/ping.test $server 2 RESULT=$? if [ $RESULT -eq 0 ]; then # client test against the server - ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N + ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N GR_RESULT=$? [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" else diff --git a/scripts/openssl.test b/scripts/openssl.test index d3e9e50ca..354d7938c 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -161,11 +161,11 @@ start_openssl_server() { if [ "$cert_file" != "" ] then - echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe - $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & + echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe + $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & else - echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe - $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & + echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe + $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & fi server_pid=$! # wait to see if s_server successfully starts before continuing @@ -229,8 +229,8 @@ start_wolfssl_server() { echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..." echo "#" - echo "# $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL" - $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL & + echo "# $WOLFSSL_SERVER -p $server_port "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" -g -v d -x -i $psk $crl -l ALL" + $WOLFSSL_SERVER -p $server_port "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" -g -v d -x -i $psk $crl -l ALL & server_pid=$! # wait to see if server successfully starts before continuing sleep 0.1 @@ -316,13 +316,13 @@ do_wolfssl_client() { if [ "$version" != "5" -a "$version" != "" ] then echo "#" - echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl" - $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl + echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl" + $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl else echo "#" - echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl" + echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl" # do all versions - $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl + $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl fi client_result=$? @@ -370,12 +370,12 @@ do_openssl_client() { if [ "$tls13_cipher" = "" ] then echo "#" - echo "# $OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" - echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" + echo "# $OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" + echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" else echo "#" - echo "# $OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" - echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" + echo "# $OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" + echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" fi client_result=$? @@ -407,7 +407,7 @@ command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but echo -e "\nTesting for _build directory as part of distcheck, different paths" currentDir=`pwd` -if [ $currentDir = *"_build" ] +if [ "$currentDir" = *"_build" ] then echo -e "_build directory detected, moving a directory back" cd .. @@ -479,7 +479,7 @@ esac if [ "$wolf_certs" != "" ] then # Check if ECC certificates supported in wolfSSL - wolf_ecc=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/ca-ecc-cert.pem 2>&1` + wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/ca-ecc-cert.pem" 2>&1` case $wolf_ecc in *"ca file"*) wolf_ecc="" @@ -488,7 +488,7 @@ then ;; esac # Check if Ed25519 certificates supported in wolfSSL - wolf_ed25519=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/root-ed25519.pem 2>&1` + wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1` case $wolf_ed25519 in *"ca file"*) wolf_ed25519="" @@ -497,7 +497,7 @@ then ;; esac # Check if Ed25519 certificates supported in OpenSSL - openssl_ed25519=`$OPENSSL s_client -cert ${CERT_DIR}/ed25519/client-ed25519.pem -key ${CERT_DIR}/ed25519/client-ed25519-priv.pem 2>&1` + openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1` case $openssl_ed25519 in *"unable to load"*) wolf_ed25519="" @@ -506,7 +506,7 @@ then ;; esac # Check if Ed448 certificates supported in wolfSSL - wolf_ed448=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed448/root-ed448.pem 2>&1` + wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1` case $wolf_ed448 in *"ca file"*) wolf_ed448="" @@ -515,7 +515,7 @@ then ;; esac # Check if Ed448 certificates supported in OpenSSL - openssl_ed448=`$OPENSSL s_client -cert ${CERT_DIR}/ed448/client-ed448.pem -key ${CERT_DIR}/ed448/client-ed448-priv.pem 2>&1` + openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1` case $openssl_ed448 in *"unable to load"*) wolf_ed448="" @@ -757,7 +757,7 @@ do # double check that can actually do a sslv3 connection using # client-cert.pem to send but any file with EOF works - $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ${CERT_DIR}/client-cert.pem + $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < "${CERT_DIR}/client-cert.pem" sslv3_sup=$? if [ $sslv3_sup != 0 ] then diff --git a/scripts/pkcallbacks.test b/scripts/pkcallbacks.test index a614741e6..49095e179 100755 --- a/scripts/pkcallbacks.test +++ b/scripts/pkcallbacks.test @@ -27,9 +27,9 @@ server_pid=$no_pid ready_file=`pwd`/wolfssl_pk_ready$$ remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "removing existing ready file" - rm $ready_file + rm "$ready_file" fi } @@ -79,16 +79,16 @@ run_test() { # starts the server on pk_port, -R generates ready file to be used as a # mutex lock, -P does pkcallbacks. We capture the processid # into the variable server_pid - ./examples/server/server -P -R $ready_file -p $pk_port & + ./examples/server/server -P -R "$ready_file" -p $pk_port & server_pid=$! - while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do echo -e "waiting for ready file..." sleep 0.1 counter=$((counter+ 1)) done - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "found ready file, starting client..." else echo -e "NO ready file ending test..." @@ -99,7 +99,7 @@ run_test() { sleep 0.1 # get created port 0 ephemeral port - pk_port=`cat $ready_file` + pk_port=`cat "$ready_file"` # starts client on pk_port with pkcallbacks, captures the output from client capture_out=$(./examples/client/client -P -p $pk_port 2>&1) diff --git a/scripts/psk.test b/scripts/psk.test index e0dc81708..d264b0a75 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -25,23 +25,23 @@ counter=0 # per source tree ready_file=`pwd`/wolfssl_psk_ready$$ -echo "ready file $ready_file" +echo "ready file \"$ready_file\"" create_port() { - while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do echo -e "waiting for ready file..." sleep 0.1 counter=$((counter+ 1)) done - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "found ready file, starting client..." # sleep for an additional 0.1 to mitigate race on write/read of $ready_file: sleep 0.1 # get created port 0 ephemeral port - port=`cat $ready_file` + port=`cat "$ready_file"` else echo -e "NO ready file ending test..." do_cleanup @@ -49,9 +49,9 @@ create_port() { } remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "removing existing ready file" - rm $ready_file + rm "$ready_file" fi } @@ -87,7 +87,7 @@ fi # Usual psk server / psk client. This use case is tested in # tests/unit.test and is used here for just checking if PSK is enabled port=0 -./examples/server/server -s -R $ready_file -p $port & +./examples/server/server -s -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -s -p $port @@ -110,7 +110,7 @@ if [ $? -ne 0 ]; then # tests/unit.test and is used here for just checking if cipher suite # is available (one case for example is with disable-asn) port=0 - ./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & + ./examples/server/server -R "$ready_file" -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & server_pid=$! create_port ./examples/client/client -p $port @@ -126,7 +126,7 @@ if [ $? -ne 0 ]; then # psk server with non psk client port=0 - ./examples/server/server -j -R $ready_file -p $port & + ./examples/server/server -j -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -p $port @@ -142,7 +142,7 @@ if [ $? -ne 0 ]; then # check fail if no auth, psk server with non psk client echo "Checking fail when not sending peer cert" port=0 - ./examples/server/server -j -R $ready_file -p $port & + ./examples/server/server -j -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -x -p $port diff --git a/scripts/resume.test b/scripts/resume.test index a523c5168..f811e34b2 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -29,9 +29,9 @@ ready_file=`pwd`/wolfssl_resume_ready$$ echo "ready file $ready_file" remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "removing existing ready file" - rm $ready_file + rm "$ready_file" fi } @@ -69,16 +69,16 @@ do_test() { esac remove_ready_file - ./examples/server/server -r -R $ready_file -p $resume_port & + ./examples/server/server -r -R "$ready_file" -p $resume_port & server_pid=$! - while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do echo -e "waiting for ready file..." sleep 0.1 counter=$((counter+ 1)) done - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "found ready file, starting client..." else echo -e "NO ready file ending test..." @@ -90,7 +90,7 @@ do_test() { sleep 0.1 # get created port 0 ephemeral port - resume_port=`cat $ready_file` + resume_port=`cat "$ready_file"` capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1) client_result=$? diff --git a/scripts/tls13.test b/scripts/tls13.test index 0a6881def..3c09db2ae 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -30,10 +30,10 @@ server_out_file=`pwd`/wolfssl_tls13_server_out$$ # Client output client_out_file=`pwd`/wolfssl_tls13_client_out$$ -echo "ready file $ready_file" +echo "ready file "$ready_file"" create_port() { - while [ ! -s $ready_file ]; do + while [ ! -s "$ready_file" ]; do if [ "$counter" -gt 50 ]; then break fi @@ -42,14 +42,14 @@ create_port() { counter=$((counter+ 1)) done - if [ -e $ready_file ]; then + if [ -e "$ready_file" ]; then echo -e "found ready file, starting client..." # sleep for an additional 0.1 to mitigate race on write/read of $ready_file: sleep 0.1 # get created port 0 ephemeral port - port=`cat $ready_file` + port=`cat "$ready_file"` else echo -e "NO ready file ending test..." do_cleanup @@ -57,9 +57,9 @@ create_port() { } remove_ready_file() { - if [ -e $ready_file ]; then + if [ -e "$ready_file" ]; then echo -e "removing existing ready file" - rm $ready_file + rm "$ready_file" fi } @@ -73,17 +73,17 @@ do_cleanup() { server_pid=$no_pid fi remove_ready_file - if [ -e $client_file ]; then + if [ -e "$client_file" ]; then echo -e "removing existing client file" - rm $client_file + rm "$client_file" fi - if [ -e $server_out_file ]; then + if [ -e "$server_out_file" ]; then echo -e "removing existing server output file" - rm $server_out_file + rm "$server_out_file" fi - if [ -e $client_out_file ]; then + if [ -e "$client_out_file" ]; then echo -e "removing existing client output file" - rm $client_out_file + rm "$client_out_file" fi } @@ -108,10 +108,10 @@ fi # Usual TLS v1.3 server / TLS v1.3 client. echo -e "\n\nTLS v1.3 server with TLS v1.3 client" port=0 -./examples/server/server -v 4 -R $ready_file -p $port & +./examples/server/server -v 4 -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -v 4 -p $port | tee $client_file +./examples/client/client -v 4 -p $port | tee "$client_file" RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -124,7 +124,7 @@ echo "" # TLS 1.3 cipher suites server / client. echo -e "\n\nTLS v1.3 cipher suite mismatch" port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 & +./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-CHACHA20-POLY1305-SHA256 & server_pid=$! create_port ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 @@ -146,7 +146,7 @@ if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then # TLS 1.3 mutual auth required but client doesn't send certificates. echo -e "\n\nTLS v1.3 mutual auth fail" port=0 - ./examples/server/server -v 4 -F -R $ready_file -p $port & + ./examples/server/server -v 4 -F -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -v 4 -x -p $port @@ -167,7 +167,7 @@ if [ $? -ne 0 ]; then # TLS 1.3 server / TLS 1.2 client. echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" port=0 - ./examples/server/server -v 4 -R $ready_file -p $port & + ./examples/server/server -v 4 -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -v 3 -p $port @@ -184,7 +184,7 @@ if [ $? -ne 0 ]; then # TLS 1.2 server / TLS 1.3 client. echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" port=0 - ./examples/server/server -v 3 -R $ready_file -p $port & + ./examples/server/server -v 3 -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -v 4 -p $port @@ -215,7 +215,7 @@ if [ $? -ne 0 ]; then port=0 SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" - ./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port & + ./examples/server/server -v d -l $SERVER_CS -R "$ready_file" -p $port & server_pid=$! create_port ./examples/client/client -v d -l $CLIENT_CS -p $port @@ -246,17 +246,17 @@ fi if [ "$early_data" = "yes" ]; then echo -e "\n\nTLS v1.3 Early Data - session ticket" port=0 - (./examples/server/server -v 4 -r -0 -R $ready_file -p $port 2>&1 | \ - tee $server_out_file) & + (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ + tee "$server_out_file") & server_pid=$! create_port - ./examples/client/client -v 4 -r -0 -p $port 2>&1 >$client_out_file + ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file" RESULT=$? - cat $client_out_file + cat "$client_out_file" remove_ready_file - grep 'Session Ticket' $client_out_file + grep 'Session Ticket' "$client_out_file" session_ticket=$? - early_data_cnt=`grep 'Early Data' $server_out_file | wc -l` + early_data_cnt=`grep 'Early Data' "$server_out_file" | wc -l` if [ $session_ticket -eq 0 -a $early_data_cnt -ne 4 ]; then RESULT=1 fi @@ -272,8 +272,8 @@ fi if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then echo -e "\n\nTLS v1.3 Early Data - PSK" port=0 - (./examples/server/server -v 4 -s -0 -R $ready_file -p $port 2>&1 | \ - tee $server_out_file) & + (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ + tee "$server_out_file") & server_pid=$! create_port ./examples/client/client -v 4 -s -0 -p $port @@ -283,14 +283,14 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then # wait for the server to quit and write output wait $server_pid - early_data_cnt=`grep 'Early Data' $server_out_file | wc -l` + early_data_cnt=`grep 'Early Data' "$server_out_file" | wc -l` if [ $early_data_cnt -ne 3 -a $early_data_cnt -ne 5 ]; then echo echo "Server out file" - cat $server_out_file + cat "$server_out_file" echo echo "Found lines" - grep 'Early Data' $server_out_file + grep 'Early Data' "$server_out_file" echo -e "\n\nToo few 'Early Data' lines - $early_data_cnt" RESULT=1 fi diff --git a/scripts/trusted_peer.test b/scripts/trusted_peer.test index 82e61ef8c..d38c3d771 100755 --- a/scripts/trusted_peer.test +++ b/scripts/trusted_peer.test @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # trusted_peer.test # copyright wolfSSL 2016 @@ -36,23 +36,23 @@ combined_cert=`pwd`/certs/client_combined.pem wrong_ca=`pwd`/certs/wolfssl-website-ca.pem wrong_cert=`pwd`/certs/server-revoked-cert.pem -echo "ready file $ready_file" +echo "ready file \"$ready_file\"" create_port() { - while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do echo -e "waiting for ready file..." sleep 0.1 counter=$((counter+ 1)) done - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "found ready file, starting client..." # sleep for an additional 0.1 to mitigate race on write/read of $ready_file: sleep 0.1 # get created port 0 ephemeral port - port=`cat $ready_file` + port=`cat "$ready_file"` else echo -e "NO ready file ending test..." do_cleanup @@ -60,9 +60,9 @@ create_port() { } remove_ready_file() { - if test -e $ready_file; then + if test -e "$ready_file"; then echo -e "removing existing ready file" - rm $ready_file + rm "$ready_file" fi } @@ -89,7 +89,7 @@ trap do_trap INT TERM # Look for if RSA and/or ECC is enabled and adjust certs/keys ciphers=`./examples/client/client -e` -if [[ $ciphers != *"RSA"* ]]; then +if [[ "$ciphers" != *"RSA"* ]]; then if [[ $ciphers == *"ECDSA"* ]]; then client_cert=`pwd`/certs/client-ecc-cert.pem client_ca=`pwd`/certs/server-ecc.pem @@ -107,7 +107,7 @@ fi # CRL list not set up for tests crl_test=`./examples/client/client -h` -if [[ $crl_test == *"-C "* ]]; then +if [[ "$crl_test" == *"-C "* ]]; then echo "test not set up to run with CRL" exit 0 fi @@ -118,10 +118,10 @@ echo "Checking built with trusted peer certs " echo "-----------------------------------------------------" port=0 remove_ready_file -./examples/server/server -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $client_ca -p $port +./examples/client/client -A "$client_ca" -p $port RESULT=$? remove_ready_file # if fail here then is a settings issue so return 0 @@ -136,10 +136,10 @@ echo "" echo "Server and Client relying on trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $wrong_ca -E $server_cert -c $client_cert -p $port +./examples/client/client -A "$wrong_ca" -E "$server_cert" -c "$client_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -153,10 +153,10 @@ echo "" echo "Server relying on trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $client_ca -c $client_cert -p $port +./examples/client/client -A "$client_ca" -c "$client_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -170,10 +170,10 @@ echo "" echo "Client relying on trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $wrong_ca -E $server_cert -p $port +./examples/client/client -A "$wrong_ca" -E "$server_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -187,10 +187,10 @@ echo "" echo "Client fall through to loaded CAs" echo "-----------------------------------------------------" port=0 -./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $client_ca -E $wrong_cert -p $port +./examples/client/client -A "$client_ca" -E "$wrong_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -206,10 +206,10 @@ if [[ $wrong_ca != *"ecc"* ]]; then echo "Client wrong CA and wrong trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $wrong_ca -E $wrong_cert -p $port +./examples/client/client -A "$wrong_ca" -E "$wrong_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -224,10 +224,10 @@ fi echo "Server wrong CA and wrong trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -A $wrong_ca -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -A "$wrong_ca" -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $client_ca -p $port +./examples/client/client -A "$client_ca" -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -241,10 +241,10 @@ echo "" echo "Server fall through to loaded CAs" echo "-----------------------------------------------------" port=0 -./examples/server/server -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port & +./examples/server/server -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $client_ca -p $port +./examples/client/client -A "$client_ca" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -259,25 +259,25 @@ echo "Server loading multiple trusted peer certs" echo "Test two success cases and one fail case" echo "-----------------------------------------------------" port=0 -cat $client_cert $client_ca > $combined_cert -./examples/server/server -i -A $wrong_ca -E $combined_cert -c $server_cert -k $server_key -R $ready_file -p $port & +cat "$client_cert" "$client_ca" > "$combined_cert" +./examples/server/server -i -A "$wrong_ca" -E "$combined_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A $client_ca -c $client_cert -k $client_key -p $port +./examples/client/client -A "$client_ca" -c "$client_cert" -k "$client_key" -p $port RESULT=$? if [ $RESULT -ne 0 ]; then echo -e "\nServer load multiple trusted peer certs failed!" do_cleanup exit 1 fi -./examples/client/client -A $client_ca -c $client_ca -k $ca_key -p $port +./examples/client/client -A "$client_ca" -c "$client_ca" -k "$ca_key" -p $port RESULT=$? if [ $RESULT -ne 0 ]; then echo -e "\nServer load multiple trusted peer certs failed!" do_cleanup exit 1 fi -./examples/client/client -A $client_ca -c $wrong_cert -k $client_key -p $port +./examples/client/client -A "$client_ca" -c "$wrong_cert" -k "$client_key" -p $port RESULT=$? if [ $RESULT -eq 0 ]; then echo -e "\nServer load multiple trusted peer certs failed!" @@ -286,7 +286,7 @@ if [ $RESULT -eq 0 ]; then fi do_cleanup # kill PID of server running in infinite loop -rm $combined_cert +rm "$combined_cert" remove_ready_file echo "" From 9ae021d2cb9b6fe429b464b2a5b4c9f71c333194 Mon Sep 17 00:00:00 2001 From: Elms Date: Mon, 14 Jun 2021 12:01:01 -0700 Subject: [PATCH 2/2] tests: server example doesn't like empty string params But it's ok with them at the end --- scripts/openssl.test | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/openssl.test b/scripts/openssl.test index 354d7938c..b6d109042 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -229,8 +229,8 @@ start_wolfssl_server() { echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..." echo "#" - echo "# $WOLFSSL_SERVER -p $server_port "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" -g -v d -x -i $psk $crl -l ALL" - $WOLFSSL_SERVER -p $server_port "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" -g -v d -x -i $psk $crl -l ALL & + echo "# $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\"" + $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" & server_pid=$! # wait to see if server successfully starts before continuing sleep 0.1