scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.

scripts/crl-revoked.test

@@ -1,15 +1,15 @@
-#!/bin/bash
+#!/bin/sh
 
 #crl.test
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 revocation_code="-361"

scripts/include.am

@@ -24,12 +24,17 @@ dist_noinst_SCRIPTS+= scripts/crl-revoked.test
 scripts/crl-revoked.log: scripts/resume.log
 endif
 
+# arrange to serialize ocsp.test, ocsp-stapling.test, ocsp-stapling-with-ca-as-responder.test, ocsp-stapling2.test, and testsuite,
+# to help mitigate port conflicts among them.
+# note that unit.test is gated on testsuite in Makefile.am, which is also helpful for these purposes.
+
 if BUILD_OCSP_STAPLING
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test
-scripts/ocsp-stapling.log: tests/unit.log
+if !BUILD_OCSP_STAPLING_V2
+testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log
+endif
 scripts/ocsp-stapling.log: scripts/ocsp.log
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test
-scripts/ocsp-stapling-with-ca-as-responder.log: tests/unit.log
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log
 endif
@@ -38,12 +43,11 @@ if BUILD_OCSP_STAPLING_V2
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test
 
 if BUILD_OCSP_STAPLING
-scripts/ocsp-stapling2.log: tests/unit.log
+testsuite/testsuite.log: scripts/ocsp-stapling2.log
 scripts/ocsp-stapling2.log: scripts/ocsp.log
 scripts/ocsp-stapling2.log: scripts/ocsp-stapling.log
 scripts/ocsp-stapling2.log: scripts/ocsp-stapling-with-ca-as-responder.log
 else
-scripts/ocsp-stapling2.log: tests/unit.log
 scripts/ocsp-stapling2.log: scripts/ocsp.log
 endif
 

scripts/ocsp-stapling-with-ca-as-responder.test

@@ -3,13 +3,13 @@
 # ocsp-stapling-with-ca-as-responder.test
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 if [[ -z "${RETRIES_REMAINING-}" ]]; then
@@ -39,7 +39,6 @@ ln -s ../examples
 CERT_DIR="certs/ocsp"
 
 
-resume_port=0
 ready_file="${WORKSPACE}"/wolf_ocsp_s1_readyF$$
 ready_file2="${WORKSPACE}"/wolf_ocsp_s1_readyF2$$
 printf '%s\n' "ready files:  $ready_file $ready_file2"
@@ -190,8 +189,9 @@ get_first_free_port() {
     return 0
 }
 
-base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024))
+base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
 port1=$(get_first_free_port $base_port)
+port2=$(get_first_free_port $((port1 + 1)))
 
 
 # create a port to use with openssl ocsp responder
@@ -240,7 +240,7 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
 # client test against our own server - GOOD CERT
 ./examples/server/server -c certs/ocsp/server1-cert.pem \
                          -k certs/ocsp/server1-key.pem -R $ready_file2 \
-                         -p $resume_port &
+                         -p $port2 &
 wait_for_readyFile $ready_file2
 CLI_PORT=`cat $ready_file2`
 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
@@ -254,7 +254,7 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
 remove_single_rF $ready_file2
 ./examples/server/server -c certs/ocsp/server2-cert.pem \
                          -k certs/ocsp/server2-key.pem -R $ready_file2 \
-                         -p $resume_port &
+                         -p $port2 &
 wait_for_readyFile $ready_file2
 CLI_PORT=`cat $ready_file2`
 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \

scripts/ocsp-stapling.test

@@ -3,6 +3,8 @@
 # ocsp-stapling.test
 # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
 
+# Note, this script makes connection(s) to the public Internet.
+
 if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
@@ -29,7 +31,6 @@ cd "$WORKSPACE" || exit $?
 ln -s ../examples
 
 CERT_DIR="./certs/ocsp"
-resume_port=0
 ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$
 ready_file2="$WORKSPACE"/wolf_ocsp_s1_readyF2$$
 printf '%s\n' "ready file:  $ready_file"
@@ -191,9 +192,10 @@ get_first_free_port() {
     return 0
 }
 
-base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024))
+base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
 port1=$(get_first_free_port $base_port)
 port2=$(get_first_free_port $((port1 + 1)))
+port3=$(get_first_free_port $((port2 + 1)))
 
 
 # test interop fail case
@@ -279,7 +281,7 @@ sleep 0.1
 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
 # client test against our own server - GOOD CERT
 ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-                         -k certs/ocsp/server1-key.pem -p $resume_port &
+                         -k certs/ocsp/server1-key.pem -p $port3 &
 wait_for_readyFile $ready_file2
 CLI_PORT=`cat $ready_file2`
 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
@@ -291,7 +293,7 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
 # client test against our own server - REVOKED CERT
 remove_single_rF $ready_file2
 ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-                         -k certs/ocsp/server2-key.pem -p $resume_port &
+                         -k certs/ocsp/server2-key.pem -p $port3 &
 wait_for_readyFile $ready_file2
 sleep 0.1
 CLI_PORT=`cat $ready_file2`
@@ -309,7 +311,7 @@ if [ $? -ne 0 ]; then
     remove_single_rF $ready_file2
     ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
                              -k certs/ocsp/server1-key.pem -v 4 \
-                             -p $resume_port &
+                             -p $port3 &
     wait_for_readyFile $ready_file2
     CLI_PORT=`cat $ready_file2`
     ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
@@ -323,7 +325,7 @@ if [ $? -ne 0 ]; then
     remove_single_rF $ready_file2
     ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
                              -k certs/ocsp/server2-key.pem -v 4 \
-                             -p $resume_port &
+                             -p $port3 &
     wait_for_readyFile $ready_file2
     CLI_PORT=`cat $ready_file2`
     ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \

scripts/ocsp-stapling2.test

@@ -4,13 +4,13 @@
 # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 if [[ -z "${RETRIES_REMAINING-}" ]]; then
@@ -40,7 +40,6 @@ ln -s ../examples
 CERT_DIR="certs/ocsp"
 
 
-resume_port=0
 ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$
 ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$
 ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$
@@ -219,7 +218,7 @@ get_first_free_port() {
     return 0
 }
 
-base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024))
+base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
 port1=$(get_first_free_port $base_port)
 port2=$(get_first_free_port $((port1 + 1)))
 port3=$(get_first_free_port $((port2 + 1)))
@@ -334,7 +333,7 @@ printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW"
 #remove_single_rF $ready_file5
 #./examples/server/server -c certs/ocsp/server3-cert.pem \
 #                         -k certs/ocsp/server3-key.pem -R $ready_file5 \
-#                         -p $resume_port &
+#                         -p $port5 &
 #wait_for_readyFile $ready_file5
 #CLI_PORT=`cat $ready_file5`
 #./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \

scripts/ocsp.test

@@ -2,6 +2,8 @@
 
 # ocsp.test
 
+# Note, this script makes connection(s) to the public Internet.
+
 server=www.globalsign.com
 ca=certs/external/ca-globalsign-root.pem
 

scripts/openssl.test

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 #openssl.test
 
@@ -8,13 +8,13 @@ if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
 fi
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 echo "WOLFSSL_OPENSSL_TEST set, running test..."

scripts/pkcallbacks.test

@@ -1,15 +1,15 @@
-#!/bin/bash
+#!/bin/sh
 
 #pkcallbacks.test
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 exit_code=1

scripts/psk.test

@@ -1,16 +1,16 @@
-#!/bin/bash
+#!/bin/sh
 
 # psk.test
 # copyright wolfSSL 2016
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 # getting unique port is modeled after resume.test script

scripts/resume.test

@@ -1,15 +1,15 @@
-#!/bin/bash
+#!/bin/sh
 
 #resume.test
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 # need a unique resume port since may run the same time as testsuite

scripts/sniffer-testsuite.test

@@ -1,15 +1,15 @@
-#!/bin/bash
+#!/bin/sh
 
 #sniffer-testsuite.test
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 # ./configure --enable-sniffer [--enable-session-ticket]

scripts/tls13.test

@@ -1,16 +1,16 @@
-#!/bin/bash
+#!/bin/sh
 
 # tls13.test
 # copyright wolfSSL 2016
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 # getting unique port is modeled after resume.test script

scripts/trusted_peer.test

@@ -1,16 +1,16 @@
-#!/bin/bash
+#!/bin/sh
 
 # trusted_peer.test
 # copyright wolfSSL 2016
 
 # if we can, isolate the network namespace to eliminate port collisions.
-if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
     bwrap_path="$(command -v bwrap)"
-    if [[ -n "$bwrap_path" ]]; then
+    if [ -n "$bwrap_path" ]; then
         export AM_BWRAPPED=yes
         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
-        unset AM_BWRAPPED
     fi
+    unset AM_BWRAPPED
 fi
 
 # getting unique port is modeled after resume.test script