[gnutls-devel] [PATCH 2/4] tests: suite: cleanup shell usage

Alon Bar-Lev alon.barlev at gmail.com
Sun Jun 21 02:00:03 CEST 2015


Add quotes for most usages of variables.

Added ${} for variables.

Cleanup indentation to be consistent with other tests.

Fix separate builddir issues.

Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
 configure.ac                         |   2 +-
 tests/suite/certs/create-chain.sh    | 145 +++--
 tests/suite/chain                    |  68 +--
 tests/suite/crl-test                 |  20 +-
 tests/suite/eagain                   |  10 +-
 tests/suite/invalid-cert             |  13 +-
 tests/suite/testcompat-common        |  45 +-
 tests/suite/testcompat-main-openssl  | 992 +++++++++++++++++------------------
 tests/suite/testcompat-main-polarssl | 526 +++++++++----------
 tests/suite/testcompat-openssl       |  18 +-
 tests/suite/testcompat-polarssl      |   6 +-
 tests/suite/testdane                 |  62 +--
 tests/suite/testpkcs11               | 702 ++++++++++++-------------
 tests/suite/testpkcs11.pkcs15        |  41 +-
 tests/suite/testpkcs11.sc-hsm        |  49 +-
 tests/suite/testpkcs11.softhsm       |  85 ++-
 tests/suite/testrandom               |  58 +-
 tests/suite/testrng                  | 128 ++---
 tests/suite/testsrn                  |  78 +--
 19 files changed, 1517 insertions(+), 1531 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0cbba41..3701889 100644
--- a/configure.ac
+++ b/configure.ac
@@ -89,7 +89,7 @@ if test "$use_cxx" != "no"; then
   AC_LANG_POP(C++)
 fi
 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
-AM_CONDITIONAL(WANT_TEST_SUITE, [test -f tests/suite/mini-eagain2.c])
+AM_CONDITIONAL(WANT_TEST_SUITE, [test -f "${srcdir}/tests/suite/mini-eagain2.c"])
 
 dnl Detect windows build
 use_accel=yes
diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh
index 11add61..53f6087 100755
--- a/tests/suite/certs/create-chain.sh
+++ b/tests/suite/certs/create-chain.sh
@@ -1,93 +1,92 @@
 #!/bin/sh
 
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../../src/certtool$EXEEXT}
+CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}"
 OUTPUT=out
 TEMPLATE=tmpl
 
-NUM=$1
+NUM="$1"
 
-if test "$NUM" = "";then
-	echo "usage: $0 number"
-	exit 1
+if test "${NUM}" = "";then
+  echo "usage: $0 number"
+  exit 1
 fi
 
-LAST=`expr $NUM - 1`
+LAST=`expr ${NUM} - 1`
 
-rm -rf $OUTPUT
-mkdir -p $OUTPUT
+rm -rf "${OUTPUT}"
+mkdir -p "${OUTPUT}"
 
 counter=0
-while test $counter -lt $NUM; do
-	if test $counter = $LAST;then
-		name="server-$counter"
-	else
-		name="CA-$counter"
-	fi
-	serial=$counter
+while test ${counter} -lt ${NUM}; do
+  if test ${counter} = ${LAST};then
+    name="server-${counter}"
+  else
+    name="CA-${counter}"
+  fi
+  serial="${counter}"
 
-	
-	$CERTTOOL --generate-privkey >$OUTPUT/$name.key 2>/dev/null
-	if test $counter = 0;then
-	# ROOT CA
-		echo "cn = $name" >$TEMPLATE
-		echo "serial = $serial" >>$TEMPLATE
-		echo "ca" >>$TEMPLATE
-		echo "expiration_days = -1" >>$TEMPLATE
-		echo "cert_signing_key" >>$TEMPLATE
-		echo "ocsp_signing_key" >>$TEMPLATE
-		echo "crl_signing_key" >>$TEMPLATE
-		$CERTTOOL --generate-self-signed --load-privkey $OUTPUT/$name.key --outfile \
-			$OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
+  
+  "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
+  if test ${counter} = 0;then
+  # ROOT CA
+    echo "cn = ${name}" >"${TEMPLATE}"
+    echo "serial = ${serial}" >>"${TEMPLATE}"
+    echo "ca" >>"${TEMPLATE}"
+    echo "expiration_days = -1" >>"${TEMPLATE}"
+    echo "cert_signing_key" >>"${TEMPLATE}"
+    echo "ocsp_signing_key" >>"${TEMPLATE}"
+    echo "crl_signing_key" >>"${TEMPLATE}"
+    "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
+      "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
 
-		echo "serial = $serial" >$TEMPLATE
-		echo "expiration_days = -1" >>$TEMPLATE
-		$CERTTOOL --generate-crl --load-ca-privkey $OUTPUT/$name.key --load-ca-certificate $OUTPUT/$name.crt --outfile \
-			$OUTPUT/$name.crl --template $TEMPLATE 2>/dev/null
-	else
-		if test $counter = $LAST;then
-		# END certificate
-			echo "cn = $name" >$TEMPLATE
-			echo "dns_name = localhost" >>$TEMPLATE
-			echo "expiration_days = -1" >>$TEMPLATE
-			echo "signing_key" >>$TEMPLATE
-			echo "encryption_key" >>$TEMPLATE
-			echo "ocsp_signing_key" >>$TEMPLATE
-			$CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
-				--load-ca-certificate $OUTPUT/$prev_name.crt \
-				--load-ca-privkey $OUTPUT/$prev_name.key \
-				--outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
-		else
-		# intermediate CA
-			echo "cn = $name" >$TEMPLATE
-			echo "serial = $serial" >>$TEMPLATE
-			echo "ca" >>$TEMPLATE
-			echo "expiration_days = -1" >>$TEMPLATE
-			echo "ocsp_signing_key" >>$TEMPLATE
-			echo "cert_signing_key" >>$TEMPLATE
-			echo "signing_key" >>$TEMPLATE
-			$CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
-				--load-ca-certificate $OUTPUT/$prev_name.crt \
-				--load-ca-privkey $OUTPUT/$prev_name.key \
-				--outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
-		fi
-	fi
+    echo "serial = ${serial}" >"${TEMPLATE}"
+    echo "expiration_days = -1" >>"${TEMPLATE}"
+    "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
+      "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
+  else
+    if test ${counter} = ${LAST};then
+    # END certificate
+      echo "cn = ${name}" >"${TEMPLATE}"
+      echo "dns_name = localhost" >>"${TEMPLATE}"
+      echo "expiration_days = -1" >>"${TEMPLATE}"
+      echo "signing_key" >>"${TEMPLATE}"
+      echo "encryption_key" >>"${TEMPLATE}"
+      echo "ocsp_signing_key" >>"${TEMPLATE}"
+      "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+        --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+        --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+        --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+    else
+    # intermediate CA
+      echo "cn = ${name}" >"${TEMPLATE}"
+      echo "serial = ${serial}" >>"${TEMPLATE}"
+      echo "ca" >>"${TEMPLATE}"
+      echo "expiration_days = -1" >>"${TEMPLATE}"
+      echo "ocsp_signing_key" >>"${TEMPLATE}"
+      echo "cert_signing_key" >>"${TEMPLATE}"
+      echo "signing_key" >>"${TEMPLATE}"
+      "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+        --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+        --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+        --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+    fi
+  fi
 
 
-	counter=`expr $counter + 1`
-	prev_name=$name
+  counter=`expr ${counter} + 1`
+  prev_name=${name}
 done
 
-counter=`expr $NUM - 1`
-while test $counter -ge 0; do
-	if test $counter = $LAST;then
-		name="server-$counter"
-	else
-		name="CA-$counter"
-	fi
+counter=`expr ${NUM} - 1`
+while test ${counter} -ge 0; do
+  if test ${counter} = ${LAST};then
+    name="server-${counter}"
+  else
+    name="CA-${counter}"
+  fi
 
-	cat $OUTPUT/$name.crt >> $OUTPUT/chain
-	
-	counter=`expr $counter - 1`
+  cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
+  
+  counter=`expr ${counter} - 1`
 done
 
diff --git a/tests/suite/chain b/tests/suite/chain
index f1967c9..4f00320 100755
--- a/tests/suite/chain
+++ b/tests/suite/chain
@@ -20,7 +20,7 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-CERTTOOL=../../../src/certtool
+CERTTOOL="../../../src/certtool"
 
 SUCCESS=" 1 4 7 12 15 16 17 18 24 26 27 30 33 56 57 62 63 "
 FAILURE=" 2 3 5 6 8 9 10 11 13 14 19 20 21 22 23 25 28 29 31 32 54 55 58 59 60 61 "
@@ -33,41 +33,41 @@ mkdir -p chains
 RET=0
 
 i=1
-while test -d X509tests/test$i; do
-    find X509tests/test$i -name *.crl -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --crl-info --inder --infile > chains/chain$i.pem  2>/dev/null
-    find X509tests/test$i -name E*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
-    if test "$i" -gt 1; then
-	find X509tests/test$i -name I*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
-    fi
-    find X509tests/test$i -name T*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
-    $CERTTOOL -e --infile chains/chain$i.pem > out 2>&1
-    rc=$?
-    if test $rc != 0 && test $rc != 1; then
-	echo "Chain $i FATAL failure."
-	RET=1
+while test -d X509tests/test${i}; do
+  find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem  2>/dev/null
+  find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+  if test "${i}" -gt 1; then
+    find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+  fi
+  find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+  "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
+  rc=$?
+  if test $rc != 0 && test $rc != 1; then
+    echo "Chain ${i} FATAL failure."
+    RET=1
+  else
+    if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
+        echo "Chain ${i} verification was skipped due to known bug."
+    elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
+      if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+        echo "Chain ${i} verification failure UNEXPECTED."
+        RET=1
+      else
+        echo "Chain ${i} verification success as expected."
+      fi
+    elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
+      if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+        echo "Chain ${i} verification failure as expected."
+      else
+        echo "Chain ${i} verification success UNEXPECTED. "
+        RET=1
+      fi
     else
-	if echo "$KNOWN_BUGS" | grep " $i " > /dev/null 2>&1; then
-		echo "Chain $i verification was skipped due to known bug."
-	elif echo "$SUCCESS" | grep " $i " > /dev/null 2>&1; then
-	    if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
-		echo "Chain $i verification failure UNEXPECTED."
-		RET=1
-	    else
-		echo "Chain $i verification success as expected."
-	    fi
-	elif echo "$FAILURE" | grep " $i " >/dev/null 2>&1; then
-	    if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
-		echo "Chain $i verification failure as expected."
-	    else
-		echo "Chain $i verification success UNEXPECTED. "
-		RET=1
-	    fi
-	else
-	    echo "Chain $i unclassified."
-	fi
+      echo "Chain ${i} unclassified."
     fi
-    i=`expr $i + 1`
+  fi
+  i=`expr ${i} + 1`
 done
 rm -f out
 
-exit $RET
+exit ${RET}
diff --git a/tests/suite/crl-test b/tests/suite/crl-test
index de51bde..228f74e 100755
--- a/tests/suite/crl-test
+++ b/tests/suite/crl-test
@@ -20,29 +20,29 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-srcdir=${srcdir:-.}
-DIFF=${DIFF:-diff}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+srcdir="${srcdir:-.}"
+DIFF="${DIFF:-diff}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 rm -f tmp-long.pem
-$VALGRIND $CERTTOOL --crl-info --inder --infile $srcdir/crl/long.crl --outfile tmp-long.pem
+${VALGRIND} "${CERTTOOL}" --crl-info --inder --infile "${srcdir}/crl/long.crl" --outfile tmp-long.pem
 rc=$?
 
 # We're done.
-if test "$rc" != "0"; then
+if test "${rc}" != "0"; then
   echo "CRL decoding failed 1!"
-  exit $rc
+  exit ${rc}
 fi
 
-$DIFF $srcdir/crl/long.pem tmp-long.pem || $DIFF --strip-trailing-cr $srcdir/crl/long.pem tmp-long.pem
+${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem
 rc=$?
 
-if test "$rc" != "0"; then
+if test "${rc}" != "0"; then
   echo "CRL decoding failed 2!"
-  exit $rc
+  exit ${rc}
 fi
 
 rm -f tmp-long.pem
diff --git a/tests/suite/eagain b/tests/suite/eagain
index ba95b95..d05bab9 100755
--- a/tests/suite/eagain
+++ b/tests/suite/eagain
@@ -21,23 +21,23 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 srcdir="${srcdir:-.}"
-SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
+SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
 PORT="${PORT:-5445}"
 
 
-$SERV -p $PORT --echo --priority "NORMAL:+ANON-DH" --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+$SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
 pid=$!
 
 sleep 2
 
 ./eagain-cli
 if [ $? != 0 ];then
-	exit 1
+  exit 1
 fi
 
 if [ "$pid" != "" ];then
-kill $pid
-wait
+  kill $pid
+  wait
 fi
 
 exit 0
diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert
index ec8e265..a9e1f5e 100755
--- a/tests/suite/invalid-cert
+++ b/tests/suite/invalid-cert
@@ -20,19 +20,18 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
-$VALGRIND $CERTTOOL --certificate-info --inder --infile $srcdir/invalid-cert.der 2>/dev/null
-
+${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null
 rc=$?
 
 # We're done.
-if test "$rc" != "1"; then
-  exit $rc
+if test "${rc}" != "1"; then
+  exit ${rc}
 fi
 
 exit 0
diff --git a/tests/suite/testcompat-common b/tests/suite/testcompat-common
index 2eda62b..b4181e7 100644
--- a/tests/suite/testcompat-common
+++ b/tests/suite/testcompat-common
@@ -1,5 +1,3 @@
-#!/bin/sh
-
 # Copyright (C) 2014 Red Hat, Inc.
 # All rights reserved.
 #
@@ -29,33 +27,32 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem
-DSA_KEY=$srcdir/../dsa/dsa.1024.pem
-
-RSA_CERT=$srcdir/../certs/cert-rsa-2432.pem
-RSA_KEY=$srcdir/../certs/rsa-2432.pem
+DSA_CERT="${srcdir}/../dsa/cert.dsa.1024.pem"
+DSA_KEY="${srcdir}/../dsa/dsa.1024.pem"
 
-CA_CERT=$srcdir/../../doc/credentials/x509/ca.pem
-CLI_CERT=$srcdir/../../doc/credentials/x509/clicert.pem
-CLI_KEY=$srcdir/../../doc/credentials/x509/clikey.pem
+RSA_CERT="${srcdir}/../certs/cert-rsa-2432.pem"
+RSA_KEY="${srcdir}/../certs/rsa-2432.pem"
 
-CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem
-ECC224_CERT=$srcdir/../certs/cert-ecc.pem
-ECC224_KEY=$srcdir/../certs/ecc.pem
+CA_CERT="${srcdir}/../../doc/credentials/x509/ca.pem"
+CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert.pem"
+CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey.pem"
 
-ECC256_CERT=$srcdir/../certs/cert-ecc256.pem
-ECC256_KEY=$srcdir/../certs/ecc256.pem
+CA_ECC_CERT="${srcdir}/../certs/ca-cert-ecc.pem"
+ECC224_CERT="${srcdir}/../certs/cert-ecc.pem"
+ECC224_KEY="${srcdir}/../certs/ecc.pem"
 
-ECC521_CERT=$srcdir/../certs/cert-ecc521.pem
-ECC521_KEY=$srcdir/../certs/ecc521.pem
+ECC256_CERT="${srcdir}/../certs/cert-ecc256.pem"
+ECC256_KEY="${srcdir}/../certs/ecc256.pem"
 
-ECC384_CERT=$srcdir/../certs/cert-ecc384.pem
-ECC384_KEY=$srcdir/../certs/ecc384.pem
+ECC521_CERT="${srcdir}/../certs/cert-ecc521.pem"
+ECC521_KEY="${srcdir}/../certs/ecc521.pem"
 
-SERV_CERT=$srcdir/../../doc/credentials/x509/cert-rsa.pem
-SERV_KEY=$srcdir/../../doc/credentials/x509/key-rsa.pem
-SERV_DSA_CERT=$srcdir/../../doc/credentials/x509/cert-dsa.pem
-SERV_DSA_KEY=$srcdir/../../doc/credentials/x509/key-dsa.pem
+ECC384_CERT="${srcdir}/../certs/cert-ecc384.pem"
+ECC384_KEY="${srcdir}/../certs/ecc384.pem"
 
-SERV_PSK=$srcdir/../../doc/credentials/psk-passwd.txt 
+SERV_CERT="${srcdir}/../../doc/credentials/x509/cert-rsa.pem"
+SERV_KEY="${srcdir}/../../doc/credentials/x509/key-rsa.pem"
+SERV_DSA_CERT="${srcdir}/../../doc/credentials/x509/cert-dsa.pem"
+SERV_DSA_KEY="${srcdir}/../../doc/credentials/x509/key-dsa.pem"
 
+SERV_PSK="${srcdir}/../../doc/credentials/psk-passwd.txt"
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index 977706b..bac6026 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -31,39 +31,39 @@
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 srcdir="${srcdir:-.}"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 unset RETCODE
 if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 if test "${WINDIR}" != "";then
   exit 77
 fi 
 
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
 
-PORT="${PORT:-$RPORT}"
+PORT="${PORT:-${RPORT}}"
 
 SERV=openssl
 OPENSSL_CLI="openssl"
 
 if test -f /etc/debian_version;then
-        DEBIAN=1
+  DEBIAN=1
 fi
 
-echo "Compatibility checks using "`$SERV version`
-$SERV version|grep -e 1\.0 >/dev/null 2>&1
+echo "Compatibility checks using "`${SERV} version`
+${SERV} version|grep -e 1\.0 >/dev/null 2>&1
 SV=$?
-if test $SV != 0;then
+if test ${SV} != 0;then
   echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
   exit 77
 fi
 
-$SERV version|grep -e 1\.0\.1 >/dev/null 2>&1
+${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1
 SV2=$?
 
-. ./testcompat-common
+. "${srcdir}/testcompat-common"
 
 echo "#################################################"
 echo "# Client mode tests (gnutls cli-openssl server) #"
@@ -71,288 +71,281 @@ echo "#################################################"
 
 for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
 do
+  if ! test -z "${ADD}";then
+    echo ""
+    echo "** Modifier: ${ADD}"
+  fi
+
+  if test "${DEBIAN}" != 1;then
+
+    # It seems debian disabled SSL 3.0 completely on openssl
+
+    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+    PID=$!
+    wait_server ${PID}
+
+    # Test SSL 3.0 with RSA ciphersuite
+    echo "Checking SSL 3.0 with RSA..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    # Test SSL 3.0 with DHE-RSA ciphersuite
+    echo "Checking SSL 3.0 with DHE-RSA..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    # Test SSL 3.0 with DHE-DSS ciphersuite
+    echo "Checking SSL 3.0 with DHE-DSS..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+
+    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 &
+    PID=$!
+    wait_server ${PID}
+
+    echo "Checking SSL 3.0 with RSA-RC4-MD5..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+  fi
+
+  if test "${FIPS}" != 1;then
+    #-cipher RSA-NULL
+    launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+    PID=$!
+    wait_server ${PID}
+
+    # Test TLS 1.0 with RSA-NULL ciphersuite
+    echo "Checking TLS 1.0 with RSA-NULL..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+  fi
+
+  #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA 
+  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+  PID=$!
+  wait_server ${PID}
+
+  # Test TLS 1.0 with RSA ciphersuite
+  echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  # Test TLS 1.0 with DHE-RSA ciphersuite
+  echo "Checking TLS 1.0 with DHE-RSA..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  # Test TLS 1.0 with DHE-RSA ciphersuite
+  echo "Checking TLS 1.0 with ECDHE-RSA..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  # Test TLS 1.0 with DHE-DSS ciphersuite
+  echo "Checking TLS 1.0 with DHE-DSS..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  kill ${PID}
+  wait
+
+  if test "${FIPS}" != 1;then
+
+    #-cipher ECDHE-ECDSA-AES128-SHA
+    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+    PID=$!
+    wait_server ${PID}
+
+    # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+    echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+  fi
+
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+  PID=$!
+  wait_server ${PID}
+
+  # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+  echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  kill ${PID}
+  wait
+
+  if test "${FIPS}" != 1;then
+    #-cipher ECDHE-ECDSA-AES128-SHA
+    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+    PID=$!
+    wait_server ${PID}
+
+    # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+    echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+  fi
+
+  #-cipher PSK
+  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+  PID=$!
+  wait_server ${PID}
+
+  echo "Checking TLS 1.0 with PSK..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  kill ${PID}
+  wait
+
+  if test ${SV2} = 0;then
+    # Tests requiring openssl 1.0.1 - TLS 1.2
+    #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA 
+    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+    PID=$!
+    wait_server ${PID}
+
+    echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    echo "Checking TLS 1.2 with DHE-RSA..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    echo "Checking TLS 1.2 with ECDHE-RSA..."
+    "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    echo "Checking TLS 1.2 with DHE-DSS..."
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+
+    if test "${FIPS}" != 1;then
+      #-cipher ECDHE-ECDSA-AES128-SHA
+      launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+      PID=$!
+      wait_server ${PID}
+
+      echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+      ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+        fail ${PID} "Failed"
+
+      kill ${PID}
+      wait
+    fi
+
+    #-cipher ECDHE-ECDSA-AES128-SHA
+    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+    PID=$!
+    wait_server ${PID}
+
+    echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+      fail ${PID} "Failed"
+
+    kill ${PID}
+    wait
+
+    if test "${FIPS}" != 1;then
+      #-cipher ECDHE-ECDSA-AES128-SHA
+      launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+      PID=$!
+      wait_server ${PID}
+
+      echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+      ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+        fail ${PID} "Failed"
+
+      kill ${PID}
+      wait
+    fi #FIPS
+  fi #SV2
+
+  #-cipher PSK
+  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem  -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+  PID=$!
+  wait_server ${PID}
+
+  echo "Checking TLS 1.2 with PSK..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  kill ${PID}
+  wait
+
+  launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
+
+  # Test DTLS 1.0 with RSA ciphersuite
+  echo "Checking DTLS 1.0 with RSA..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  kill ${PID}
+  wait
+
+  launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+  PID=$!
+  wait_server ${PID}
+
+  # Test DTLS 1.0 with DHE-RSA ciphersuite
+  echo "Checking DTLS 1.0 with DHE-RSA..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
+
+  kill ${PID}
+  wait
+
+  launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+  PID=$!
+  wait_server ${PID}
+
+  # Test DTLS 1.0 with DHE-DSS ciphersuite
+  echo "Checking DTLS 1.0 with DHE-DSS..."
+  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+    fail ${PID} "Failed"
 
-if ! test -z "$ADD";then
-echo ""
-echo "** Modifier: $ADD"
-fi
-
-if test "$DEBIAN" != 1;then
-
-# It seems debian disabled SSL 3.0 completely on openssl
-
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test SSL 3.0 with RSA ciphersuite
-echo "Checking SSL 3.0 with RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-# Test SSL 3.0 with DHE-RSA ciphersuite
-echo "Checking SSL 3.0 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-# Test SSL 3.0 with DHE-DSS ciphersuite
-echo "Checking SSL 3.0 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher RC4-MD5 &
-PID=$!
-wait_server $PID
-
-echo "Checking SSL 3.0 with RSA-RC4-MD5..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA$ADD" --insecure </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-fi
-
-if test "$FIPS" != 1;then
-#-cipher RSA-NULL
-launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with RSA-NULL ciphersuite
-echo "Checking TLS 1.0 with RSA-NULL..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-fi
-
-#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA 
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with RSA ciphersuite
-echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-# Test TLS 1.0 with DHE-RSA ciphersuite
-echo "Checking TLS 1.0 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-# Test TLS 1.0 with DHE-RSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-# Test TLS 1.0 with DHE-DSS ciphersuite
-echo "Checking TLS 1.0 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-fi
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-fi
-
-#-cipher PSK
-launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.0 with PSK..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK$ADD" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-if test $SV2 = 0;then
-# Tests requiring openssl 1.0.1 - TLS 1.2
-#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA 
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.2 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.2 with ECDHE-RSA..."
-$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-echo "Checking TLS 1.2 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-fi
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-fi #FIPS
-
-fi #SV2
-
-#-cipher PSK
-launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1_2 -keyform pem -certform pem  -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with PSK..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test DTLS 1.0 with RSA ciphersuite
-echo "Checking DTLS 1.0 with RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test DTLS 1.0 with DHE-RSA ciphersuite
-echo "Checking DTLS 1.0 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test DTLS 1.0 with DHE-DSS ciphersuite
-echo "Checking DTLS 1.0 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
-  fail $PID "Failed"
-
-kill $PID
-wait
-
+  kill ${PID}
+  wait
 done
 
 echo "Client mode tests were successfully completed"
@@ -360,303 +353,300 @@ echo ""
 echo "###############################################"
 echo "# Server mode tests (gnutls server-openssl cli#"
 echo "###############################################"
-SERV="../../src/gnutls-serv$EXEEXT -q"
+SERV="../../src/gnutls-serv${EXEEXT} -q"
 
 # Note that openssl s_client does not return error code on failure
 
 for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
 do
+  if ! test -z "${ADD}";then
+    echo ""
+    echo "** Modifier: ${ADD}"
+  fi
 
-if ! test -z "$ADD";then
-echo ""
-echo "** Modifier: $ADD"
-fi
-
-if test "$DEBIAN" != 1;then
+  if test "${DEBIAN}" != 1;then
 
-echo "Check SSL 3.0 with RSA ciphersuite"
-launch_server $$  --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+    echo "Check SSL 3.0 with RSA ciphersuite"
+    launch_server $$  --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+    wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
-$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
+    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-echo "Check SSL 3.0 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+    echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-echo "Check SSL 3.0 with DHE-DSS ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-wait_server $PID
+    echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
 
-kill $PID
-wait
+    kill ${PID}
+    wait
+  fi
 
-fi
+  #TLS 1.0
 
-#TLS 1.0
+  # This test was disabled because it doesn't work as expected with openssl 1.0.0d
+  #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+  #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+  #wait_server ${PID}
+  #
+  #${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+  #  fail ${PID} "Failed"
+  #
+  #kill ${PID}
+  #wait
 
-# This test was disabled because it doesn't work as expected with openssl 1.0.0d
-#echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
-#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-#wait_server $PID
-#
-#$OPENSSL_CLI s_client  -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-#  fail $PID "Failed"
-#
-#kill $PID
-#wait
+  if test "${FIPS}" != 1;then
+    echo "Check TLS 1.0 with RSA-NULL ciphersuite"
+    launch_server $$  --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-if test "$FIPS" != 1;then
-echo "Check TLS 1.0 with RSA-NULL ciphersuite"
-launch_server $$  --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+    ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-$OPENSSL_CLI s_client -cipher NULL-SHA -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    kill ${PID}
+    wait
+  fi
 
-kill $PID
-wait
-fi
+  echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-echo "Check TLS 1.0 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+  kill ${PID}
+  wait
 
-kill $PID
-wait
+  echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-echo "Check TLS 1.0 with DHE-DSS ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-wait_server $PID
+  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+  kill ${PID}
+  wait
 
-kill $PID
-wait
+  echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  #-cipher ECDHE-RSA-AES128-SHA 
+  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
-#-cipher ECDHE-RSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+  kill ${PID}
+  wait
 
-kill $PID
-wait
+  if test "${FIPS}" != 1;then
+    echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+    wait_server ${PID}
 
-if test "$FIPS" != 1;then
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    #-cipher ECDHE-ECDSA-AES128-SHA 
+    ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    kill ${PID}
+    wait
+  fi
 
-kill $PID
-wait
-fi
+  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+  #-cipher ECDHE-ECDSA-AES128-SHA 
+  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+  kill ${PID}
+  wait
 
-kill $PID
-wait
+  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+  #-cipher ECDHE-ECDSA-AES128-SHA 
+  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+  kill ${PID}
+  wait
 
-kill $PID
-wait
+  if test "${FIPS}" != 1;then
+    echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+    wait_server ${PID}
 
-if test "$FIPS" != 1;then
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    #-cipher ECDHE-ECDSA-AES128-SHA 
+    ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    kill ${PID}
+    wait
+  fi
 
-kill $PID
-wait
-fi
-
-echo "Check TLS 1.0 with PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  echo "Check TLS 1.0 with PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-#-cipher PSK-AES128-SHA 
-$OPENSSL_CLI  s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \
-  fail $PID "Failed"
+  #-cipher PSK-AES128-SHA 
+  ${OPENSSL_CLI}  s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+    fail ${PID} "Failed"
 
-kill $PID
-wait
+  kill ${PID}
+  wait
 
-if test $SV2 = 0;then
+  if test ${SV2} = 0;then
 
-echo "Check TLS 1.2 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+    echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-echo "Check TLS 1.2 with DHE-DSS ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-wait_server $PID
+    echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+    echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+    wait_server ${PID}
 
-#-cipher ECDHE-RSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    #-cipher ECDHE-RSA-AES128-SHA 
+    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-if test "$FIPS" != 1;then
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    if test "${FIPS}" != 1;then
+      echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+      launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+      wait_server ${PID}
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+      #-cipher ECDHE-ECDSA-AES128-SHA 
+      ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+        fail ${PID} "Failed"
 
-kill $PID
-wait
-fi
+      kill ${PID}
+      wait
+    fi
 
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+    wait_server ${PID}
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    #-cipher ECDHE-ECDSA-AES128-SHA 
+    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+    wait_server ${PID}
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
+    #-cipher ECDHE-ECDSA-AES128-SHA 
+    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+      fail ${PID} "Failed"
 
-kill $PID
-wait
+    kill ${PID}
+    wait
 
-if test "$FIPS" != 1;then
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    if test "${FIPS}" != 1;then
+      echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+      launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+      wait_server ${PID}
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$OPENSSL_CLI s_client  -host localhost -tls1_2 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
-
-kill $PID
-wait
-fi
+      #-cipher ECDHE-ECDSA-AES128-SHA 
+      ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+        fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+      kill ${PID}
+      wait
+    fi
 
-#-cipher PSK-AES128-SHA 
-$OPENSSL_CLI  s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \
-  fail $PID "Failed"
+    echo "Check TLS 1.2 with PSK ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+    wait_server ${PID}
 
-kill $PID
-wait
+    #-cipher PSK-AES128-SHA 
+    ${OPENSSL_CLI}  s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+      fail ${PID} "Failed"
 
-fi #SV2
+    kill ${PID}
+    wait
 
-# DTLS
-echo "Check DTLS 1.0 with RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  fi #SV2
 
+  # DTLS
+  echo "Check DTLS 1.0 with RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
 
-kill $PID
-wait
+  ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
+  kill ${PID}
+  wait
 
-echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
 
+  echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
 
-$OPENSSL_CLI s_client  -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
 
-kill $PID
-wait
+  ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
+  kill ${PID}
+  wait
 
-echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --udp --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-wait_server $PID
 
+  echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-$OPENSSL_CLI s_client  -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-  fail $PID "Failed"
 
-kill $PID
-wait
+  ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+    fail ${PID} "Failed"
 
+  kill ${PID}
+  wait
 done
 
 exit 0
diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl
index a6df66c..74261b0 100755
--- a/tests/suite/testcompat-main-polarssl
+++ b/tests/suite/testcompat-main-polarssl
@@ -11,9 +11,9 @@
 # Redistribution and use in source and binary forms, with or without modification,
 # are permitted provided that the following conditions are met:
 #
-# 1. Redistributions of source code must retain the above copyright notice, this 
+# 1. Redistributions of source code must retain the above copyright notice, this
 # list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# 2. Redistributions in binary form must reproduce the above copyright notice,
 # this list of conditions and the following disclaimer in the documentation and/or
 # other materials provided with the distribution.
 # 3. Neither the name of the copyright holder nor the names of its contributors may
@@ -23,7 +23,7 @@
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
 # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
@@ -31,386 +31,386 @@
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 srcdir="${srcdir:-.}"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 LOGFILE=polarssl.log
 unset RETCODE
 if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 if test "${WINDIR}" != "";then
   exit 77
-fi 
-
-. $srcdir/../scripts/common.sh
-
-PORT="${PORT:-$RPORT}"
-if test -x /usr/bin/mbedtls_ssl_client2;then
-POLARSSL_CLI="/usr/bin/mbedtls_ssl_client2"
-else
-POLARSSL_CLI="/usr/libexec/mbedtls/ssl_client2"
 fi
 
-TXT=`$CLI --priority NORMAL --list|grep SECP224`
-if test -z $TEXT;then
-	ALL_CURVES=0
+. "${srcdir}/../scripts/common.sh"
+
+PORT="${PORT:-${RPORT}}"
+TXT=`"${CLI}" --priority NORMAL --list|grep SECP224`
+if test -z "${TXT}";then
+  ALL_CURVES=0
 else
-	ALL_CURVES=1
+  ALL_CURVES=1
 fi
 
 
 echo "Compatibility checks using polarssl"
 
-if ! test -x $POLARSSL_CLI;then
+for POLARSSL_CLI in \
+    /usr/bin/polarssl_ssl_client2 \
+    /usr/bin/mbedtls_ssl_client2 \
+    /usr/libexec/mbedtls/ssl_client2 \
+    ""; do
+  test -x "${POLARSSL_CLI}" && break
+done
+
+if test -z "${POLARSSL_CLI}";then
   echo "PolarSSL is required for this test to run"
   exit 77
 fi
 
-$POLARSSL_CLI >/dev/null 2>&1
+"${POLARSSL_CLI}" >/dev/null 2>&1
 if test $? = 0;then
   echo "PolarSSL 1.3.x is required for the tests to run"
   exit 77
 fi
 
 
-. ./testcompat-common
+. "${srcdir}/testcompat-common"
 
 echo ""
 echo "##################################################"
 echo "# Server mode tests (gnutls server-polarssl cli) #"
 echo "##################################################"
-SERV="../../src/gnutls-serv$EXEEXT -q"
+SERV="../../src/gnutls-serv${EXEEXT} -q"
 
-rm -f $LOGFILE
+rm -f "${LOGFILE}"
 
 for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
 do
+  if ! test -z "${ADD}";then
+    echo ""
+    echo "** Modifier: ${ADD}"
+  fi
 
-if ! test -z "$ADD";then
-echo ""
-echo "** Modifier: $ADD"
-fi
-
-# SSL 3.0 is disabled in debian's polarssl
-if test 0 = 1;then
-echo "Check SSL 3.0 with RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
-
-$POLARSSL_CLI server_port=$PORT server_name=localhost max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  # SSL 3.0 is disabled in debian's polarssl
+  if test 0 = 1;then
+    echo "Check SSL 3.0 with RSA ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-kill $PID
-wait
+    "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+      fail ${PID} "Failed"
 
-echo "Check SSL 3.0 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+    kill ${PID}
+    wait
 
-$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+    echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    wait_server ${PID}
 
-kill $PID
-wait
+    "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+      fail ${PID} "Failed"
 
-# No DSS for polarssl
-#echo "Check SSL 3.0 with DHE-DSS ciphersuite"
-#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-#wait_server $PID
+    kill ${PID}
+    wait
 
-#$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-#  fail $PID "Failed"
-#
-#kill $PID
-#wait
-fi
+    # No DSS for polarssl
+    #echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+    #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+    #wait_server ${PID}
 
-#TLS 1.0
+    #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    #  fail ${PID} "Failed"
+    #
+    #kill ${PID}
+    #wait
+  fi
 
-echo "Check TLS 1.0 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  #TLS 1.0
 
-$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-#echo "Check TLS 1.0 with DHE-DSS ciphersuite"
-#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-#wait_server $PID
+  kill ${PID}
+  wait
 
-#$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-#  fail $PID "Failed"
+  #echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+  #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  #wait_server ${PID}
 
-#kill $PID
-#wait
+  #"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+  #  fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  #kill ${PID}
+  #wait
 
-#-cipher ECDHE-RSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-RSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with DHE-PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with DHE-PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with RSA-PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher RSA-PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with RSA-PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher RSA-PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-if test $ALL_CURVES = 1;then
-	echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
-	wait_server $PID
+  kill ${PID}
+  wait
 
-	#-cipher ECDHE-ECDSA-AES128-SHA 
-	$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-	  fail $PID "Failed"
+  if test ${ALL_CURVES} = 1;then
+    echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+    wait_server ${PID}
 
-	  kill $PID
-	  wait
-fi
+    #-cipher ECDHE-ECDSA-AES128-SHA
+    "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+      fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    kill ${PID}
+    wait
+  fi
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-#echo "Check TLS 1.2 with DHE-DSS ciphersuite"
-#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
-#wait_server $PID
-#
-#$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-#  fail $PID "Failed"
-#
-#kill $PID
-#wait
+  kill ${PID}
+  wait
 
-echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  #echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+  #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
+  #wait_server ${PID}
+  #
+  #"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+  #  fail ${PID} "Failed"
+  #
+  #kill ${PID}
+  #wait
 
-#-cipher ECDHE-RSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-RSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-if test $ALL_CURVES = 1;then
-	echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
-	wait_server $PID
+  kill ${PID}
+  wait
 
-	#-cipher ECDHE-ECDSA-AES128-SHA 
-	$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-	  fail $PID "Failed"
+  if test ${ALL_CURVES} = 1;then
+    echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+    wait_server ${PID}
 
-	  kill $PID
-	  wait
-fi
+    #-cipher ECDHE-ECDSA-AES128-SHA
+    "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+      fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+    kill ${PID}
+    wait
+  fi
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher ECDHE-ECDSA-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher ECDHE-ECDSA-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with DHE-PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with DHE-PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
-echo "Check TLS 1.2 with RSA-PSK ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+  kill ${PID}
+  wait
 
-#-cipher RSA-PSK-AES128-SHA 
-$POLARSSL_CLI  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-  fail $PID "Failed"
+  echo "Check TLS 1.2 with RSA-PSK ciphersuite"
+  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+  wait_server ${PID}
 
-kill $PID
-wait
+  #-cipher RSA-PSK-AES128-SHA
+  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+    fail ${PID} "Failed"
 
+  kill ${PID}
+  wait
 done
 
-rm -f $LOGFILE
+rm -f "${LOGFILE}"
 
 exit 0
diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl
index f99c812..f82f00e 100755
--- a/tests/suite/testcompat-openssl
+++ b/tests/suite/testcompat-openssl
@@ -30,23 +30,25 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+srcdir="${srcdir:-.}"
+
 if ! test -x /usr/bin/openssl;then
-    echo "You need openssl to run this test"
-    exit 77
+  echo "You need openssl to run this test"
+  exit 77
 fi
 
 /usr/bin/openssl version|grep fips >/dev/null 2>&1
 if test $? = 0;then
-	export FIPS=1
+  export FIPS=1
 else
-	export FIPS=0
+  export FIPS=0
 fi
 
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
-if test "$TSTAMP" != "1158969600"; then
-    echo "You need datefudge to run this test"
-    exit 77
+if test "${TSTAMP}" != "1158969600"; then
+  echo "You need datefudge to run this test"
+  exit 77
 fi
 
-datefudge "2012-09-2" ./testcompat-main-openssl
+datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl"
diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl
index 3e78deb..fcaf99b 100755
--- a/tests/suite/testcompat-polarssl
+++ b/tests/suite/testcompat-polarssl
@@ -30,9 +30,11 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+srcdir="${srcdir:-.}"
+
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
-if test "$TSTAMP" != "1158969600"; then
+if test "${TSTAMP}" != "1158969600"; then
     echo "You need datefudge to run this test"
     exit 77
 fi
@@ -43,4 +45,4 @@ if test $? = 0;then
     exit 77
 fi
 
-datefudge "2012-09-2" ./testcompat-main-polarssl
+datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl"
diff --git a/tests/suite/testdane b/tests/suite/testdane
index 714a582..2ec50dc 100755
--- a/tests/suite/testdane
+++ b/tests/suite/testdane
@@ -19,64 +19,64 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 srcdir="${srcdir:-.}"
-DANETOOL="${DANETOOL:-../../src/danetool$EXEEXT}"
+DANETOOL="${DANETOOL:-../../src/danetool${EXEEXT}}"
 unset RETCODE
 
 # Unfortunately it is extremely fragile and fails 99% of the
 # time.
 if test "${WINDIR}" != "";then
   exit 77
-fi 
+fi
 
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
 
 # Fine hosts
 
 echo ""
 echo "*** Testing good HTTPS hosts ***"
-# www.vulcano.cl dane.nox.su 
+# www.vulcano.cl dane.nox.su
 HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org"
-HOSTS="$HOSTS nohats.ca"
-for i in $HOSTS;do
-echo -n "$i: "
+HOSTS="${HOSTS} nohats.ca"
+for host in ${HOSTS};do
+  echo -n "${host}: "
 
-$DANETOOL --check $i >/dev/null 2>&1
-if [ $? != 0 ];then
-	echo "Error checking $i"
-	exit 1
-fi
-echo "ok"
+  "${DANETOOL}" --check "${host}" >/dev/null 2>&1
+  if [ $? != 0 ];then
+    echo "Error checking ${host}"
+    exit 1
+  fi
+  echo "ok"
 done
 
 echo ""
 echo "*** Testing good SMTP hosts ***"
 #HOSTS="dougbarton.us nlnetlabs.nl"
 HOSTS="nlnetlabs.nl"
-for i in $HOSTS;do
-echo -n "$i: "
+for host in ${HOSTS};do
+  echo -n "${host}: "
 
-$DANETOOL --check $i --port 25 >/dev/null 2>&1
-if [ $? != 0 ];then
-	echo "Error checking $i"
-	exit 1
-fi
-echo "ok"
+  "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1
+  if [ $? != 0 ];then
+    echo "Error checking ${host}"
+    exit 1
+  fi
+  echo "ok"
 done
 
 echo ""
 echo "*** Testing bad HTTPS hosts ***"
 # Not ok
-# used to work: dane-broken.rd.nic.fr 
+# used to work: dane-broken.rd.nic.fr
 HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com"
-HOSTS="$HOSTS bad-sig.dane.verisignlabs.com"
-for i in $HOSTS;do
-echo -n "$i: "
-$DANETOOL --check $i >/dev/null 2>&1
-if [ $? = 0 ];then
-	echo "Checking $i should have failed"
-	exit 1
-fi
-echo "ok"
+HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com"
+for host in ${HOSTS};do
+  echo -n "${host}: "
+  "${DANETOOL}" --check "${host}" >/dev/null 2>&1
+  if [ $? = 0 ];then
+    echo "Checking ${host} should have failed"
+    exit 1
+  fi
+  echo "ok"
 done
 
 
diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11
index 2a4b88f..b301cc3 100755
--- a/tests/suite/testpkcs11
+++ b/tests/suite/testpkcs11
@@ -19,57 +19,57 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 srcdir="${srcdir:-.}"
-P11TOOL="${P11TOOL:-../../src/p11tool$EXEEXT}"
-CERTTOOL="${CERTTOOL:-../../src/certtool$EXEEXT}"
+P11TOOL="${P11TOOL:-../../src/p11tool${EXEEXT}}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff -b -B}"
-SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 RETCODE=0
 
 if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
+  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
 fi
 
-TMPFILE=$srcdir/testpkcs11.debug
+TMPFILE="testpkcs11.debug"
 CERTTOOL_PARAM="--stdout-info"
 
 if test "${WINDIR}" != "";then
   exit 77
 fi 
 
-P11TOOL="$VALGRIND $P11TOOL --batch"
+P11TOOL="${VALGRIND} ${P11TOOL} --batch"
 
-. $srcdir/../scripts/common.sh
+. ${srcdir}/../scripts/common.sh
 
-PORT="${PORT:-$RPORT}"
+PORT="${PORT:-${RPORT}}"
 
-rm -f $TMPFILE
+rm -f "${TMPFILE}"
 
 exit_error () {
-	echo "Check $TMPFILE for additional debugging information"
-	echo ""
-	echo ""
-	tail $TMPFILE
-	exit 1
+  echo "Check ${TMPFILE} for additional debugging information"
+  echo ""
+  echo ""
+  tail "${TMPFILE}"
+  exit 1
 }
 
 # $1: token
 # $2: PIN
 # $3: filename
-# $srcdir/pkcs11-certs/client.key
+# ${srcdir}/pkcs11-certs/client.key
 write_privkey () {
-	export GNUTLS_PIN=$2
-
-	filename=$3
-	token=$1
-	echo -n "* Writing a client private key... "
-	$P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client2 --load-privkey "$filename" "$token" >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  export GNUTLS_PIN="$2"
+  filename="$3"
+  token="$1"
+
+  echo -n "* Writing a client private key... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 
 }
 
@@ -77,18 +77,18 @@ write_privkey () {
 # $2: PIN
 # $3: filename
 write_serv_privkey () {
-	export GNUTLS_PIN=$2
-
-	filename=$3
-	token=$1
-	echo -n "* Writing the server private key... "
-	$P11TOOL $ADDITIONAL_PARAM --login --write --label serv-key --load-privkey "$filename" "$token" >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  export GNUTLS_PIN="$2"
+  filename="$3"
+  token="$1"
+
+  echo -n "* Writing the server private key... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 
 }
 
@@ -96,18 +96,18 @@ write_serv_privkey () {
 # $2: PIN
 # $3: filename
 write_serv_cert () {
-	export GNUTLS_PIN=$2
-
-	filename=$3
-	token=$1
-	echo -n "* Writing the server certificate... "
-	$P11TOOL $ADDITIONAL_PARAM --login --write --no-mark-private --label serv-cert --load-certificate "$filename" "$token" >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  export GNUTLS_PIN="$2"
+  filename="$3"
+  token="$1"
+
+  echo -n "* Writing the server certificate... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 
 }
 
@@ -115,282 +115,282 @@ write_serv_cert () {
 # $2: PIN
 # $3: bits
 generate_rsa_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-	bits=$3
-
-	echo -n "* Generating RSA private key ($bits)... "
-	$P11TOOL $ADDITIONAL_PARAM --login --id 000102030405 --label gnutls-client --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit 1
-	fi
+  export GNUTLS_PIN="$2"
+  token="$1"
+  bits="$3"
+
+  echo -n "* Generating RSA private key ("${bits}")... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit 1
+  fi
 }
 
 # $1: token
 # $2: PIN
 # $3: bits
 generate_temp_rsa_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-	bits=$3
-
-	echo -n "* Generating RSA private key ($bits)... "
-	$P11TOOL $ADDITIONAL_PARAM --login --label temp-rsa-$bits --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1
-	if test $? = 0;then
-		RETCODE=0
-		echo ok
-	else
-		echo failed
-		RETCODE=1
-	fi
-
-#	if test $RETCODE = 0;then
-#		echo -n "* Testing private key flags... "
-#		$P11TOOL $ADDITIONAL_PARAM --login --list-keys "$token;object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>$TMPFILE
-#		if test $? != 0;then
-#			echo failed
-#			exit_error
-#		fi
+  export GNUTLS_PIN="$2"
+  token="$1"
+  bits="$3"
+
+  echo -n "* Generating RSA private key ("${bits}")... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    RETCODE=0
+    echo ok
+  else
+    echo failed
+    RETCODE=1
+  fi
+
+#  if test ${RETCODE} = 0;then
+#    echo -n "* Testing private key flags... "
+#    ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}"
+#    if test $? != 0;then
+#      echo failed
+#      exit_error
+#    fi
 #
-#		grep CKA_WRAP tmp-client-2.pub >>$TMPFILE 2>&1
-#		if test $? != 0;then
-#			echo "failed (no CKA_WRAP)"
-#			exit_error
-#		else
-#			echo ok
-#		fi
-#	fi
+#    grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1
+#    if test $? != 0;then
+#      echo "failed (no CKA_WRAP)"
+#      exit_error
+#    else
+#      echo ok
+#    fi
+#  fi
 }
 
 # $1: token
 # $2: PIN
 delete_temp_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-	type=$3
+  export GNUTLS_PIN="$2"
+  token="$1"
+  type="$3"
 
-	test "$RETCODE" = "0" || return
+  test "${RETCODE}" = "0" || return
 
-	echo -n "* Deleting private key... "
-	$P11TOOL $ADDITIONAL_PARAM --login --delete "$token;object=temp-$type;object-type=private" >>$TMPFILE 2>&1
+  echo -n "* Deleting private key... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1
 
-	if test $? != 0;then
-		echo failed
-		RETCODE=1
-		return
-	fi
+  if test $? != 0;then
+    echo failed
+    RETCODE=1
+    return
+  fi
 
-	RETCODE=0
-	echo ok
+  RETCODE=0
+  echo ok
 }
 
 # $1: token
 # $2: PIN
 # $3: bits
 export_pubkey_of_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-	bits=$3
-
-	echo -n "* Exporting public key of generated private key... "
-	$P11TOOL $ADDITIONAL_PARAM --login --export-pubkey "$token;object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo failed
-		exit 1
-	fi
-
-	$DIFF tmp-client.pub tmp-client-2.pub
-	if test $? != 0;then
-		echo keys differ
-		exit 1
-	fi
-
-	echo ok
+  export GNUTLS_PIN="$2"
+  token="$1"
+  bits="$3"
+
+  echo -n "* Exporting public key of generated private key... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo failed
+    exit 1
+  fi
+
+  ${DIFF} tmp-client.pub tmp-client-2.pub
+  if test $? != 0;then
+    echo keys differ
+    exit 1
+  fi
+
+  echo ok
 }
 
 # $1: token
 # $2: PIN
 change_id_of_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-
-	echo -n "* Change the CKA_ID of generated private key... "
-	$P11TOOL $ADDITIONAL_PARAM --login --set-id "01a1b103" "$token;object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo failed
-		exit_error
-	fi
-
-	$P11TOOL $ADDITIONAL_PARAM --login --list-privkeys "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo "ID didn't change"
-		exit_error
-	fi
-
-	echo ok
+  export GNUTLS_PIN="$2"
+  token="$1"
+
+  echo -n "* Change the CKA_ID of generated private key... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo failed
+    exit_error
+  fi
+
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo "ID didn't change"
+    exit_error
+  fi
+
+  echo ok
 }
 
 # $1: token
 # $2: PIN
 change_label_of_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-
-	echo -n "* Change the CKA_LABEL of generated private key... "
-	$P11TOOL $ADDITIONAL_PARAM --login --set-label "new-label" "$token;object=gnutls-client;object-type=private" >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo failed
-		exit_error
-	fi
-
-	$P11TOOL $ADDITIONAL_PARAM --login --list-privkeys "$token;object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo "label didn't change"
-		exit_error
-	fi
-
-	$P11TOOL $ADDITIONAL_PARAM --login --set-label "gnutls-client" "$token;object=new-label;object-type=private" >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo failed
-		exit_error
-	fi
-
-	echo ok
+  export GNUTLS_PIN="$2"
+  token="$1"
+
+  echo -n "* Change the CKA_LABEL of generated private key... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo failed
+    exit_error
+  fi
+
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo "label didn't change"
+    exit_error
+  fi
+
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo failed
+    exit_error
+  fi
+
+  echo ok
 }
 
 # $1: token
 # $2: PIN
 # $3: bits
 generate_temp_ecc_privkey () {
-	export GNUTLS_PIN=$2
-	token=$1
-	bits=$3
-
-	echo -n "* Generating ECC private key ($bits)... "
-	$P11TOOL $ADDITIONAL_PARAM --login --label temp-ecc-$bits --generate-ecc --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1
-	if test $? = 0;then
-		RETCODE=0
-		echo ok
-	else
-		echo failed
-		RETCODE=1
-	fi
+  export GNUTLS_PIN="$2"
+  token="$1"
+  bits="$3"
+
+  echo -n "* Generating ECC private key (${bits})... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    RETCODE=0
+    echo ok
+  else
+    echo failed
+    RETCODE=1
+  fi
 }
 
 # $1: token
 # $2: PIN
-# $3: cakey: $srcdir/pkcs11-certs/ca.key
-# $4: cacert: $srcdir/pkcs11-certs/ca.crt
+# $3: cakey: ${srcdir}/pkcs11-certs/ca.key
+# $4: cacert: ${srcdir}/pkcs11-certs/ca.crt
 #
 # Tests writing a certificate which corresponds to the given key,
 # as well as the CA certificate, and tries to export them.
 write_certificate_test () {
-	export GNUTLS_PIN=$2
-	token=$1
-	cakey=$3
-	cacert=$4
-	pubkey=$5
-
-	echo -n "* Generating client certificate... "
-	$CERTTOOL $CERTTOOL_PARAM $ADDITIONAL_PARAM  --generate-certificate --load-ca-privkey "$cakey"  --load-ca-certificate "$cacert"  \
-	--template $srcdir/pkcs11-certs/client-tmpl --load-privkey "$token;object=gnutls-client;object-type=private" \
-	--load-pubkey "$pubkey" --outfile tmp-client.crt >>$TMPFILE 2>&1
-
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
-
-	echo -n "* Writing client certificate... "
-	$P11TOOL $ADDITIONAL_PARAM --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "$token" >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
-
-	echo -n "* Checking whether ID was correctly set... "
-	$P11TOOL $ADDITIONAL_PARAM --login --list-certs "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo "ID was not set on copy"
-		exit_error
-	fi
-	echo ok
-
-	echo -n "* Writing certificate of client's CA... "
-	$P11TOOL $ADDITIONAL_PARAM --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1
-	ret=$?
-	if test $ret != 0;then
-		$P11TOOL $ADDITIONAL_PARAM --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1
-		ret=$?
-	fi
-
-	if test $ret = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
-
-	echo -n "* Testing certificate flags... "
-	$P11TOOL $ADDITIONAL_PARAM --login --list-all-certs "$token;object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>$TMPFILE
-	if test $? != 0;then
-		echo failed
-		exit_error
-	fi
-
-	grep CKA_TRUSTED tmp-client-2.pub >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo "failed (no CKA_TRUSTED)"
-		#exit_error
-	fi
-
-	grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>$TMPFILE 2>&1
-	if test $? != 0;then
-		echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
-		#exit_error
-	fi
-
-	echo ok
-
-
-	echo -n "* Trying to obtain back the cert... "
-	$P11TOOL $ADDITIONAL_PARAM --export "$token;object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>$TMPFILE 2>&1
-	$DIFF crt1.tmp $srcdir/pkcs11-certs/ca.crt
-	if test $? != 0;then
-		echo "failed. Exported certificate differs (crt1.tmp)!"
-		exit_error
-	fi
-	rm -f crt1.tmp
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
-
-	echo -n "* Trying to obtain the full chain... "
-	$P11TOOL $ADDITIONAL_PARAM --login --export-chain "$token;object=gnutls-client;object-type=cert"|$CERTTOOL $CERTTOOL_PARAM  -i --outfile crt1.tmp >>$TMPFILE 2>&1
-
-	cat tmp-client.crt $srcdir/pkcs11-certs/ca.crt|$CERTTOOL $CERTTOOL_PARAM  -i >crt2.tmp
-	$DIFF crt1.tmp crt2.tmp
-	if test $? != 0;then
-		echo "failed. Exported certificate chain differs!"
-		exit_error
-	fi
-	rm -f crt1.tmp crt2.tmp
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  export GNUTLS_PIN="$2"
+  token="$1"
+  cakey="$3"
+  cacert="$4"
+  pubkey="$5"
+
+  echo -n "* Generating client certificate... "
+  "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM}  --generate-certificate --load-ca-privkey "${cakey}"  --load-ca-certificate "${cacert}"  \
+  --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
+  --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1
+
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
+
+  echo -n "* Writing client certificate... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
+
+  echo -n "* Checking whether ID was correctly set... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo "ID was not set on copy"
+    exit_error
+  fi
+  echo ok
+
+  echo -n "* Writing certificate of client's CA... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+  ret=$?
+  if test ${ret} != 0;then
+    ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+    ret=$?
+  fi
+
+  if test ${ret} = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
+
+  echo -n "* Testing certificate flags... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}"
+  if test $? != 0;then
+    echo failed
+    exit_error
+  fi
+
+  grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo "failed (no CKA_TRUSTED)"
+    #exit_error
+  fi
+
+  grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1
+  if test $? != 0;then
+    echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
+    #exit_error
+  fi
+
+  echo ok
+
+
+  echo -n "* Trying to obtain back the cert... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+  ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt"
+  if test $? != 0;then
+    echo "failed. Exported certificate differs (crt1.tmp)!"
+    exit_error
+  fi
+  rm -f crt1.tmp
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
+
+  echo -n "* Trying to obtain the full chain... "
+  ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM}  -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+
+  cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM}  -i >crt2.tmp
+  ${DIFF} crt1.tmp crt2.tmp
+  if test $? != 0;then
+    echo "failed. Exported certificate chain differs!"
+    exit_error
+  fi
+  rm -f crt1.tmp crt2.tmp
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 }
 
 
@@ -402,39 +402,39 @@ write_certificate_test () {
 #
 # Tests using a certificate and key pair using gnutls-serv and gnutls-cli.
 use_certificate_test () {
-	export GNUTLS_PIN=$2
-	token=$1
-	certfile=$3
-	keyfile=$4
-	cafile=$5
-	txt=$6
-
-	echo -n "* Using PKCS #11 with gnutls-cli ($txt)... "
-	# start server
-	launch_pkcs11_server $$ "$ADDITIONAL_PARAM" --echo --priority NORMAL --x509certfile="$certfile" \
-		--x509keyfile="$keyfile" --x509cafile="$cafile" \
-		--require-client-cert >>$TMPFILE 2>&1 &
-
-	PID=$!
-	wait_server $PID
-
-	# connect to server using SC
-	$VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 && \
-		fail $PID "Connection should have failed!"
-
-	$VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$certfile" \
-	--x509keyfile="$keyfile" --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 || \
-		fail $PID "Connection (with files) should have succeeded!"
-
-	$VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$token;object=gnutls-client;object-type=cert" \
-		--x509keyfile="$token;object=gnutls-client;object-type=private" \
-		--x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 || \
-		fail $PID "Connection (with SC) should have succeeded!"
-
-	kill $PID
-	wait
-
-	echo ok
+  export GNUTLS_PIN="$2"
+  token="$1"
+  certfile="$3"
+  keyfile="$4"
+  cafile="$5"
+  txt="$6"
+
+  echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
+  # start server
+  launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+    --x509keyfile="$keyfile" --x509cafile="${cafile}" \
+    --require-client-cert >>"${TMPFILE}" 2>&1 &
+
+  PID=$!
+  wait_server ${PID}
+
+  # connect to server using SC
+  ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \
+    fail ${PID} "Connection should have failed!"
+
+  ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
+  --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+    fail ${PID} "Connection (with files) should have succeeded!"
+
+  ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
+    --x509keyfile="${token};object=gnutls-client;object-type=private" \
+    --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+    fail ${PID} "Connection (with SC) should have succeeded!"
+
+  kill ${PID}
+  wait
+
+  echo ok
 }
 
 
@@ -443,65 +443,65 @@ echo "Testing PKCS11 support"
 
 # erase SC
 
-type=$1
+type="$1"
 
-if test -z "$type";then
-	echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
-	if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then
-		echo "assuming 'softhsm'"
-		echo ""
-		type=softhsm
-	else
-		exit 1
-	fi
+if test -z "${type}";then
+  echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
+  if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then
+    echo "assuming 'softhsm'"
+    echo ""
+    type=softhsm
+  else
+    exit 1
+  fi
 
 fi
 
-. $srcdir/testpkcs11.$type
+. "${srcdir}/testpkcs11.${type}"
 
 export GNUTLS_PIN=12345678
 export GNUTLS_SO_PIN=00000000
 
-init_card $GNUTLS_PIN $GNUTLS_SO_PIN
+init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
 
 # find token name
-TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
 
-echo "* Token: $TOKEN"
-if test x"$TOKEN" = x;then
-	echo "Could not find generated token"
-	exit_error
+echo "* Token: ${TOKEN}"
+if test "x${TOKEN}" = x;then
+  echo "Could not find generated token"
+  exit_error
 fi
 
 #write a given privkey
-write_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/client.key"
+write_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/client.key"
 
-generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 256
-delete_temp_privkey $TOKEN $GNUTLS_PIN ecc-256
+generate_temp_ecc_privkey "${TOKEN}" "${GNUTLS_PIN}" 256
+delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" ecc-256
 
-generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 384
-delete_temp_privkey $TOKEN $GNUTLS_PIN ecc-384
+generate_temp_ecc_privkey "${TOKEN}" "${GNUTLS_PIN}" 384
+delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" ecc-384
 
-generate_temp_rsa_privkey $TOKEN $GNUTLS_PIN 2048
-delete_temp_privkey $TOKEN $GNUTLS_PIN rsa-2048
+generate_temp_rsa_privkey "${TOKEN}" "${GNUTLS_PIN}" 2048
+delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" rsa-2048
 
-generate_rsa_privkey $TOKEN $GNUTLS_PIN 1024
-change_id_of_privkey $TOKEN $GNUTLS_PIN
-export_pubkey_of_privkey $TOKEN $GNUTLS_PIN
-change_label_of_privkey $TOKEN $GNUTLS_PIN
+generate_rsa_privkey "${TOKEN}" "${GNUTLS_PIN}" 1024
+change_id_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
+export_pubkey_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
+change_label_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
 
-write_certificate_test $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/ca.key" "$srcdir/pkcs11-certs/ca.crt" tmp-client.pub
+write_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/ca.key" "${srcdir}/pkcs11-certs/ca.crt" tmp-client.pub
 
-write_serv_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.key"
-write_serv_cert $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.crt"
+write_serv_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.key"
+write_serv_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.crt"
 
-use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert;object-type=cert" "$TOKEN;object=serv-key;object-type=private" "$srcdir/pkcs11-certs/ca.crt" "full URLs"
+use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;object-type=cert" "${TOKEN};object=serv-key;object-type=private" "${srcdir}/pkcs11-certs/ca.crt" "full URLs"
 
-use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert" "$TOKEN;object=serv-key" "$srcdir/pkcs11-certs/ca.crt" "abbrv URLs"
+use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs"
 
-if test $RETCODE = 0;then
-	echo "* All smart cards tests succeeded"
+if test ${RETCODE} = 0;then
+  echo "* All smart cards tests succeeded"
 fi
-rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub $TMPFILE
+rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}"
 
 exit 0
diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15
index d72163b..59c535e 100644
--- a/tests/suite/testpkcs11.pkcs15
+++ b/tests/suite/testpkcs11.pkcs15
@@ -20,27 +20,26 @@
 
 
 init_card () {
-	PIN=$1
-	PUK=$2
+  PIN="$1"
+  PUK="$2"
 
-	echo -n "* Erasing smart card... "
-	pkcs15-init -E >$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		cat $TMPFILE
-		exit_error
-	fi
+  echo -n "* Erasing smart card... "
+  pkcs15-init -E >"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    cat "${TMPFILE}"
+    exit_error
+  fi
 
-	echo -n "* Initializing smart card... "
-	pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin $PIN --pin $PIN --puk $PUK --label "GnuTLS-Test" >$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		cat $TMPFILE
-		exit_error
-	fi
+  echo -n "* Initializing smart card... "
+  pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    cat "${TMPFILE}"
+    exit_error
+  fi
 }
-
diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm
index 03b86a4..26ce485 100644
--- a/tests/suite/testpkcs11.sc-hsm
+++ b/tests/suite/testpkcs11.sc-hsm
@@ -20,32 +20,31 @@
 
 
 init_card () {
-	PIN=$1
-	PUK=3537363231383830
-	export GNUTLS_SO_PIN=$PUK
+  PIN="$1"
+  PUK=3537363231383830
+  export GNUTLS_SO_PIN="${PUK}"
 
-	echo -n "* Erasing smart card... "
-	sc-hsm-tool --initialize --so-pin $PUK --pin $PIN --label=GnuTLS-Test >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  echo -n "* Erasing smart card... "
+  sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 
-	echo -n "* Initializing smart card... "
-	TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
-	if test -z "$TOKEN";then
-		echo "Could not find initialized card"
-		exit_error
-	fi
+  echo -n "* Initializing smart card... "
+  TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+  if test -z "${TOKEN}";then
+    echo "Could not find initialized card"
+    exit_error
+  fi
 
-	$P11TOOL $ADDITIONAL_PARAM --initialize "$TOKEN" --set-so-pin $PUK --set-pin $PIN --label "GnuTLS-Test" >>$TMPFILE 2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 }
-
diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm
index c58dde1..b444e62 100755
--- a/tests/suite/testpkcs11.softhsm
+++ b/tests/suite/testpkcs11.softhsm
@@ -19,57 +19,56 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 if test -f /usr/lib64/pkcs11/libsofthsm2.so;then
-	ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
+  ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
 else
-	if test -f /usr/lib/softhsm/libsofthsm.so;then
-		ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
-	else
-		ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
-	fi
+  if test -f /usr/lib/softhsm/libsofthsm.so;then
+    ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
+  else
+    ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
+  fi
 fi
 
 init_card () {
-	PIN=$1
-	PUK=$2
+  PIN="$1"
+  PUK="$2"
 
-	if test -x "/usr/bin/softhsm2-util";then
-		export SOFTHSM2_CONF="softhsm-testpkcs11.config"
-		SOFTHSM_TOOL="/usr/bin/softhsm2-util"
-		$SOFTHSM_TOOL --version|grep "2.0.0b1" >/dev/null 2>&1
-		if test $? = 0;then
-			echo "softhsm2-util 2.0.0b1 is broken"
-			exit 77
-		fi
-	fi
+  if test -x "/usr/bin/softhsm2-util";then
+    export SOFTHSM2_CONF="softhsm-testpkcs11.config"
+    SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+    ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1
+    if test $? = 0;then
+      echo "softhsm2-util 2.0.0b1 is broken"
+      exit 77
+    fi
+  fi
 
-	if test -x "/usr/bin/softhsm";then
-		export SOFTHSM_CONF="softhsm-testpkcs11.config"
-		SOFTHSM_TOOL="/usr/bin/softhsm"
-	fi
+  if test -x "/usr/bin/softhsm";then
+    export SOFTHSM_CONF="softhsm-testpkcs11.config"
+    SOFTHSM_TOOL="/usr/bin/softhsm"
+  fi
 
-	if test -z "$SOFTHSM_TOOL";then
-		echo "Could not find softhsm(2) tool"
-		exit 77
-	fi
+  if test -z "${SOFTHSM_TOOL}";then
+    echo "Could not find softhsm(2) tool"
+    exit 77
+  fi
 
-	if test -z "$SOFTHSM_CONF";then
-		rm -rf ./softhsm-testpkcs11.db
-		mkdir -p ./softhsm-testpkcs11.db
-		echo "objectstore.backend = file" > $SOFTHSM2_CONF
-		echo "directories.tokendir = ./softhsm-testpkcs11.db" >> $SOFTHSM2_CONF
-	else
-		rm -rf ./softhsm-testpkcs11.db
-		echo "0:./softhsm-testpkcs11.db" > $SOFTHSM_CONF
-	fi
+  if test -z "${SOFTHSM_CONF}";then
+    rm -rf ./softhsm-testpkcs11.db
+    mkdir -p ./softhsm-testpkcs11.db
+    echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+    echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
+  else
+    rm -rf ./softhsm-testpkcs11.db
+    echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
+  fi
 
 
-	echo -n "* Initializing smart card... "
-	$SOFTHSM_TOOL --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1
-	if test $? = 0;then
-		echo ok
-	else
-		echo failed
-		exit_error
-	fi
+  echo -n "* Initializing smart card... "
+  ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit_error
+  fi
 }
-
diff --git a/tests/suite/testrandom b/tests/suite/testrandom
index e682375..894b2e9d 100755
--- a/tests/suite/testrandom
+++ b/tests/suite/testrandom
@@ -20,10 +20,10 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 counter=0
@@ -32,58 +32,58 @@ file=test.out
 counter=0
 
 echo "Testing verification with randomly generated certificates..."
-while [ $counter -lt 400 ]
+while [ ${counter} -lt 400 ]
 do
-  $srcdir/x509random.pl > $srcdir/$file
-  $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file --outfile $srcdir/$file.pem >/dev/null 2>&1
+  "${srcdir}/x509random.pl" > "${file}"
+  ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1
   if test $? != 0;then
-  	continue
+    continue
   fi
 
-  cat $srcdir/$file.pem $srcdir/../certs/ca-cert-ecc.pem > $srcdir/$file-chain.pem
+  cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem"
 
-  $VALGRIND $CERTTOOL -e --infile $srcdir/$file-chain.pem >/dev/null 2>&1
+  ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1
   ret=$?
-  if [ $ret != 1 ];then
-  	echo "Succeeded verification with $file-chain.pem!"
-  	exit 1
+  if [ ${ret} != 1 ];then
+    echo "Succeeded verification with ${file}-chain.pem!"
+    exit 1
   fi
-  rm -f $srcdir/$file.pem $srcdir/$file-chain.pem
+  rm -f "${file}.pem" "${file}-chain.pem"
 
-  counter=`expr $counter + 1`
+  counter=`expr ${counter} + 1`
 done
 
 
 echo "Testing with randomly generated certificates..."
-while [ $counter -lt 200 ]
+while [ ${counter} -lt 200 ]
 do
-  $srcdir/x509random.pl > $srcdir/$file
-  $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file >/dev/null
+  "${srcdir}/x509random.pl" > "${file}"
+  ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null
   ret=$?
-  if [ $ret != 0 -a $ret != 1 ];then
-  	echo "Unknown exit code with $file"
-  	exit 1
+  if [ ${ret} != 0 -a ${ret} != 1 ];then
+    echo "Unknown exit code with ${file}"
+    exit 1
   fi
 
-  counter=`expr $counter + 1`
+  counter=`expr ${counter} + 1`
 done
 
 counter=0
 
 echo "Testing with random ASN.1 data..."
-while [ $counter -lt 200 ]
+while [ ${counter} -lt 200 ]
 do
-  $srcdir/asn1random.pl > $srcdir/$file
-  $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file >/dev/null 2>/dev/null
+  "${srcdir}/asn1random.pl" > "${file}"
+  ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null
   ret=$?
-  if [ $ret != 0 -a $ret != 1 ];then
-  	echo "Unknown exit code with $file"
-  	exit 1
+  if [ ${ret} != 0 -a ${ret} != 1 ];then
+    echo "Unknown exit code with ${file}"
+    exit 1
   fi
 
-  counter=`expr $counter + 1`
+  counter=`expr ${counter} + 1`
 done
 
-rm -f $srcdir/$file
+rm -f "${file}"
 
 exit 0
diff --git a/tests/suite/testrng b/tests/suite/testrng
index c780cf4..16fb4d5 100755
--- a/tests/suite/testrng
+++ b/tests/suite/testrng
@@ -29,7 +29,7 @@ VERSION=`dieharder -l|grep version|cut -d ' ' -f 6`
 if test "$1" = "full";then
   OPTIONS="-a"
 else
-  if test "$VERSION" = "2.28.1";then
+  if test "${VERSION}" = "2.28.1";then
     OPTIONS="-d 5"
     OPTIONS2="-d 10"
   else
@@ -42,122 +42,122 @@ OUTFILE=rng.log
 RNGFILE=rng.out
 RNGFILE2=rng2.out
 
-rm -f $OUTFILE
-rm -f $RNGFILE
-rm -f $RNGFILE2
+rm -f "${OUTFILE}"
+rm -f "${RNGFILE}"
+rm -f "${RNGFILE2}"
 
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
 
 
 RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1`
 
-if test -z "$RINPUTNO";then
-	echo "Cannot determine dieharder option for raw file input, assuming 201"
-	RINPUTNO=201
+if test -z "${RINPUTNO}";then
+  echo "Cannot determine dieharder option for raw file input, assuming 201"
+  RINPUTNO=201
 fi
 
 echo ""
 echo "Testing nonce PRNG"
 
-./rng nonce 64 $RNGFILE
-./rng nonce 64 $RNGFILE2
-cmp $RNGFILE $RNGFILE2  >/dev/null 2>&1
+./rng nonce 64 "${RNGFILE}"
+./rng nonce 64 "${RNGFILE2}"
+cmp "${RNGFILE}" "${RNGFILE2}"  >/dev/null 2>&1
 ret=$?
 
-if test $ret = 0;then
-	echo "numbers are repeated in nonce!"
-	exit 1
+if test ${ret} = 0;then
+  echo "numbers are repeated in nonce!"
+  exit 1
 fi
 
-./rng nonce 100000000 $RNGFILE
+./rng nonce 100000000 "${RNGFILE}"
 
-dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
-if ! test -z "$OPTIONS2";then
-	dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}";then
+  dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
 fi
-grep FAILED $OUTFILE >/dev/null 2>&1
+grep FAILED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "$ret" = "0";then
-	echo "test failed for nonce"
-	exit 1
+if test "${ret}" = "0";then
+  echo "test failed for nonce"
+  exit 1
 fi
 
-grep PASSED $OUTFILE >/dev/null 2>&1
+grep PASSED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "$ret" != "0";then
-	echo "could not run dieharder test?"
-	exit 1
+if test "${ret}" != "0";then
+  echo "could not run dieharder test?"
+  exit 1
 fi
 
-cat $OUTFILE
-rm -f $OUTFILE
+cat "${OUTFILE}"
+rm -f "${OUTFILE}"
 echo ""
 echo "Testing key PRNG"
 
-./rng key 64 $RNGFILE
-./rng key 64 $RNGFILE2
-cmp $RNGFILE $RNGFILE2 >/dev/null 2>&1
+./rng key 64 "${RNGFILE}"
+./rng key 64 "${RNGFILE2}"
+cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1
 ret=$?
 
-if test $ret = 0;then
-	echo "numbers are repeated in nonce!"
-	exit 1
+if test ${ret} = 0;then
+  echo "numbers are repeated in nonce!"
+  exit 1
 fi
 
-./rng key 100000000 $RNGFILE
+./rng key 100000000 "${RNGFILE}"
 
-dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
-if ! test -z "$OPTIONS2";then
-	dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}";then
+  dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
 fi
-grep FAILED $OUTFILE >/dev/null 2>&1 
+grep FAILED "${OUTFILE}" >/dev/null 2>&1 
 ret=$?
 
 
-if test "$ret" = "0";then
-	echo "test failed for key"
-	exit 1
+if test "${ret}" = "0";then
+  echo "test failed for key"
+  exit 1
 fi
 
-grep PASSED $OUTFILE >/dev/null 2>&1
+grep PASSED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "$ret" != "0";then
-	echo "could not run dieharder test?"
-	exit 1
+if test "${ret}" != "0";then
+  echo "could not run dieharder test?"
+  exit 1
 fi
 
-cat $OUTFILE
-rm -f $OUTFILE
+cat "${OUTFILE}"
+rm -f "${OUTFILE}"
 echo ""
 echo "Testing /dev/zero PRNG"
-dd if=/dev/zero of=$RNGFILE bs=4 count=10000000 >/dev/null 2>&1
+dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1
 
-dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
-if ! test -z "$OPTIONS2";then
-	dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}";then
+  dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
 fi
-grep PASSED $OUTFILE >/dev/null 2>&1 
+grep PASSED "${OUTFILE}" >/dev/null 2>&1 
 ret=$?
 
-if test "$ret" = "0";then
-	echo "test succeeded for /dev/zero!!!"
-	exit 1
+if test "${ret}" = "0";then
+  echo "test succeeded for /dev/zero!!!"
+  exit 1
 fi
 
-grep FAILED $OUTFILE >/dev/null 2>&1
+grep FAILED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "$ret" != "0";then
-	echo "could not run dieharder test?"
-	exit 1
+if test "${ret}" != "0";then
+  echo "could not run dieharder test?"
+  exit 1
 fi
 
-cat $OUTFILE
-rm -f $OUTFILE
-rm -f $RNGFILE
-rm -f $RNGFILE2
+cat "${OUTFILE}"
+rm -f "${OUTFILE}"
+rm -f "${RNGFILE}"
+rm -f "${RNGFILE2}"
 
 exit 0
diff --git a/tests/suite/testsrn b/tests/suite/testsrn
index 826bb4a..783ed9d 100755
--- a/tests/suite/testsrn
+++ b/tests/suite/testsrn
@@ -21,79 +21,79 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 srcdir="${srcdir:-.}"
-SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 unset RETCODE
 
 if test "${WINDIR}" != "";then
   exit 77
 fi 
 
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
 
-PORT="${PORT:-$RPORT}"
+PORT="${PORT:-${RPORT}}"
 
 echo "Checking Safe renegotiation"
 
-launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
 PID=$!
-wait_server $PID
+wait_server ${PID}
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "0. Renegotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "0. Renegotiation should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "1. Safe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "1. Safe rehandshake should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "2. Unsafe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "2. Unsafe rehandshake should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "3. Unsafe negotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "3. Unsafe negotiation should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail $PID "4. Unsafe renegotiation should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail ${PID} "4. Unsafe renegotiation should have failed!"
 
 
-kill $PID
+kill ${PID}
 wait
 
-launch_server $$  --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+launch_server $$  --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
 PID=$!
-wait_server $PID
+wait_server ${PID}
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "5. Safe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "5. Safe rehandshake should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "6. Unsafe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "6. Unsafe rehandshake should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail $PID "7. Unsafe negotiation should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail ${PID} "7. Unsafe negotiation should have failed!"
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail $PID "8. Unsafe renegotiation should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail ${PID} "8. Unsafe renegotiation should have failed!"
 
-kill $PID
+kill ${PID}
 wait
 
-launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
 PID=$!
-wait_server $PID
+wait_server ${PID}
 
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail $PID "9. Initial connection should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail ${PID} "9. Initial connection should have failed!"
 
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "10. Unsafe connection should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "10. Unsafe connection should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "11. Unsafe negotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "11. Unsafe negotiation should have succeeded!"
 
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail $PID "12. Unsafe renegotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail ${PID} "12. Unsafe renegotiation should have succeeded!"
 
-kill $PID
+kill ${PID}
 wait
 
 exit 0
-- 
2.3.6




More information about the Gnutls-devel mailing list