From 5ab92be10a4f5930faaa31afa3b58393d8f8231e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 1 Jul 2024 17:01:28 +0100 Subject: [PATCH] Use variable for data_files path in ssl-opt.sh Signed-off-by: David Horstmann --- tests/ssl-opt.sh | 1366 +++++++++++++++++++++++----------------------- 1 file changed, 684 insertions(+), 682 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b7bcd13ee3..1cc1115e0a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -29,6 +29,8 @@ if ! cd "$(dirname "$0")"; then exit 125 fi +DATA_FILES_PATH=../framework/data_files + # default values, can be overridden by the environment : ${P_SRV:=../programs/ssl/ssl_server2} : ${P_CLI:=../programs/ssl/ssl_client2} @@ -60,12 +62,12 @@ guess_config_name() { : ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} : ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} -: ${EARLY_DATA_INPUT:=../framework/data_files/tls13_early_data.txt} +: ${EARLY_DATA_INPUT:="$DATA_FILES_PATH/tls13_early_data.txt"} -O_SRV="$OPENSSL s_server -www -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key" +O_SRV="$OPENSSL s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client" -G_SRV="$GNUTLS_SERV --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key" -G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile ../framework/data_files/test-ca_cat12.crt" +G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" +G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" TCP_CLIENT="$PERL scripts/tcp_client.pl" # alternative versions of OpenSSL and GnuTLS (no default path) @@ -97,10 +99,10 @@ if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then fi if [ -n "${OPENSSL_NEXT:-}" ]; then - O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key" - O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key" + O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" + O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " - O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile ../framework/data_files/test-ca_cat12.crt" + O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" else O_NEXT_SRV=false @@ -111,7 +113,7 @@ else fi if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then - G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key" + G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV" else G_NEXT_SRV=false @@ -119,7 +121,7 @@ else fi if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then - G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile ../framework/data_files/test-ca_cat12.crt" + G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" else G_NEXT_CLI=false @@ -1704,7 +1706,7 @@ run_test() { # Check if test uses files case "$SRV_CMD $CLI_CMD" in - *../framework/data_files/*) + *$DATA_FILES_PATH/*) requires_config_enabled MBEDTLS_FS_IO;; esac @@ -1823,7 +1825,7 @@ run_test_memory_after_hanshake_with_mfl() run_test "Handshake memory usage (MFL $1)" \ "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ "$P_CLI debug_level=3 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ 0 \ -F "handshake_memory_check $MEMORY_USAGE_LIMIT" @@ -1842,7 +1844,7 @@ run_tests_memory_after_hanshake() run_test "Handshake memory usage initial (MFL 16384 - default)" \ "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ "$P_CLI debug_level=3 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ 0 \ -F "handshake_memory_get MEMORY_USAGE_MFL_16K" @@ -2115,7 +2117,7 @@ requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ "$P_SRV force_version=tls12 auth_mode=required" \ - "$P_CLI crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest" \ + "$P_CLI crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ 0 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C @@ -2126,7 +2128,7 @@ requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ - "$P_SRV crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ "$P_CLI force_version=tls12" \ 0 @@ -2140,8 +2142,8 @@ requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ "$P_SRV force_version=tls12\ - key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=../framework/data_files/server2.crt" \ + key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key.enc key_pwd2=PolarSSLTest crt_file2=$DATA_FILES_PATH/server2.crt" \ "$P_CLI" \ 0 @@ -2159,8 +2161,8 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "CA callback on server" \ "$P_SRV force_version=tls12 auth_mode=required" \ - "$P_CLI ca_callback=1 debug_level=3 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -c "use CA callback for X.509 CRT verification" \ -s "Verifying peer X.509 certificate... ok" \ @@ -2173,10 +2175,10 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key" \ - "$P_CLI key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ + "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ + "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ -c "key type: Opaque" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ @@ -2192,10 +2194,10 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-RSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key" \ - "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key" \ + "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ -c "key type: Opaque" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ @@ -2209,10 +2211,10 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for client authentication: DHE-RSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key" \ - "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key" \ + "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ -c "key type: Opaque" \ @@ -2228,8 +2230,8 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ "$P_CLI force_version=tls12" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2244,8 +2246,8 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDH-" \ "$P_SRV auth_mode=required key_opaque=1\ - crt_file=../framework/data_files/server5.ku-ka.crt\ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdh,none" \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ "$P_CLI force_version=tls12" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2260,8 +2262,8 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=rsa-decrypt,none \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ debug_level=1" \ "$P_CLI force_version=tls12" \ 1 \ @@ -2277,8 +2279,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=ecdh,none \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ debug_level=1" \ "$P_CLI force_version=tls12" \ 1 \ @@ -2292,8 +2294,8 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=rsa-decrypt,none \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ debug_level=1" \ "$P_CLI force_version=tls12" \ 1 \ @@ -2308,8 +2310,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=ecdh,none \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ debug_level=1" \ "$P_CLI force_version=tls12" \ 1 \ @@ -2322,8 +2324,8 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdh,none \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none \ debug_level=1" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 1 \ @@ -2338,9 +2340,9 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 key_opaque=1 crt_file=../framework/data_files/server7.crt \ - key_file=../framework/data_files/server7.key key_opaque_algs=ecdh,none \ - crt_file2=../framework/data_files/server5.crt key_file2=../framework/data_files/server5.key \ + "$P_SRV force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ + key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdh,none \ + crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ key_opaque_algs2=ecdsa-sign,none" \ "$P_CLI force_version=tls12" \ 0 \ @@ -2357,9 +2359,9 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server7.crt \ - key_file=../framework/data_files/server7.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=../framework/data_files/server5.crt key_file2=../framework/data_files/server5.key \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ + key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \ + crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ key_opaque_algs2=ecdh,none debug_level=3" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ 0 \ @@ -2376,10 +2378,10 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=../framework/data_files/server2-sha256.crt \ - key_file2=../framework/data_files/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ + crt_file2=$DATA_FILES_PATH/server2-sha256.crt \ + key_file2=$DATA_FILES_PATH/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2454,8 +2456,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-RSA" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ "$P_CLI force_version=tls12" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2470,8 +2472,8 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: DHE-RSA" \ - "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2518,10 +2520,10 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ - "$P_CLI crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ + "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "key types: Opaque, none" \ -s "got ciphersuites in common, but none of them usable" \ @@ -2535,10 +2537,10 @@ requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque keys for server authentication: RSA keys with different algs" \ - "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pss,none \ - crt_file2=../framework/data_files/server4.crt \ - key_file2=../framework/data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ + "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none \ + crt_file2=$DATA_FILES_PATH/server4.crt \ + key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ "$P_CLI force_version=tls12" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2555,10 +2557,10 @@ requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=../framework/data_files/server4.crt \ - key_file2=../framework/data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ + crt_file2=$DATA_FILES_PATH/server4.crt \ + key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ @@ -2575,10 +2577,10 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ - "$P_CLI key_opaque=1 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ + "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ + "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ -c "key type: Opaque" \ -c "Verifying peer X.509 certificate... ok" \ @@ -2596,10 +2598,10 @@ requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque key for client/server authentication: ECDHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ -c "key type: Opaque" \ -c "Verifying peer X.509 certificate... ok" \ @@ -2615,10 +2617,10 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for client/server authentication: DHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "key type: Opaque" \ @@ -2710,8 +2712,8 @@ requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ requires_hash_alg SHA_256 run_test "Single supported algorithm sending: openssl client" \ "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$O_CLI -cert ../framework/data_files/server6.crt \ - -key ../framework/data_files/server6.key" \ + "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ + -key $DATA_FILES_PATH/server6.key" \ 0 # Tests for certificate verification callback @@ -2738,19 +2740,19 @@ run_test "Context-specific CRT verification callback" \ # Tests for SHA-1 support requires_hash_alg SHA_1 run_test "SHA-1 forbidden by default in server certificate" \ - "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ 1 \ -c "The certificate is signed with an unacceptable hash" requires_hash_alg SHA_1 run_test "SHA-1 explicitly allowed in server certificate" \ - "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ "$P_CLI force_version=tls12 allow_sha1=1" \ 0 run_test "SHA-256 allowed by default in server certificate" \ - "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2-sha256.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2-sha256.crt" \ "$P_CLI force_version=tls12 allow_sha1=0" \ 0 @@ -2758,7 +2760,7 @@ requires_hash_alg SHA_1 requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ - "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha1.crt" \ + "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ 1 \ -s "The certificate is signed with an unacceptable hash" @@ -2766,14 +2768,14 @@ requires_hash_alg SHA_1 requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 explicitly allowed in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ - "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha1.crt" \ + "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ 0 requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "SHA-256 allowed by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ - "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha256.crt" \ + "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha256.crt" \ 0 # Tests for datagram packing @@ -5739,8 +5741,8 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: no trailing bytes" \ - "$P_SRV crt_file=../framework/data_files/server5-der0.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der0.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5748,8 +5750,8 @@ run_test "DER format: no trailing bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with a trailing zero byte" \ - "$P_SRV crt_file=../framework/data_files/server5-der1a.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1a.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5757,8 +5759,8 @@ run_test "DER format: with a trailing zero byte" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with a trailing random byte" \ - "$P_SRV crt_file=../framework/data_files/server5-der1b.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1b.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5766,8 +5768,8 @@ run_test "DER format: with a trailing random byte" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 2 trailing random bytes" \ - "$P_SRV crt_file=../framework/data_files/server5-der2.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der2.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5775,8 +5777,8 @@ run_test "DER format: with 2 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 4 trailing random bytes" \ - "$P_SRV crt_file=../framework/data_files/server5-der4.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der4.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5784,8 +5786,8 @@ run_test "DER format: with 4 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 8 trailing random bytes" \ - "$P_SRV crt_file=../framework/data_files/server5-der8.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der8.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5793,8 +5795,8 @@ run_test "DER format: with 8 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 9 trailing random bytes" \ - "$P_SRV crt_file=../framework/data_files/server5-der9.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-der9.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$G_CLI localhost" \ 0 \ -c "Handshake was completed" \ @@ -5804,8 +5806,8 @@ run_test "DER format: with 9 trailing random bytes" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: server badcert, client required" \ - "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=1 auth_mode=required" \ 1 \ -c "x509_verify_cert() returned" \ @@ -5814,8 +5816,8 @@ run_test "Authentication: server badcert, client required" \ -c "X509 - Certificate verification failed" run_test "Authentication: server badcert, client optional" \ - "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_version=tls12 debug_level=1 auth_mode=optional" \ 0 \ -c "x509_verify_cert() returned" \ @@ -5854,8 +5856,8 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \ # different means to have the server ignoring the client's supported curve list. run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ka.crt" \ + "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ 1 \ -c "bad certificate (EC key curve)"\ @@ -5863,8 +5865,8 @@ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsuppo -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ka.crt" \ + "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ 1 \ -c "bad certificate (EC key curve)"\ @@ -5872,8 +5874,8 @@ run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsuppo -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check run_test "Authentication: server badcert, client none" \ - "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_version=tls12 debug_level=1 auth_mode=none" \ 0 \ -C "x509_verify_cert() returned" \ @@ -5884,8 +5886,8 @@ run_test "Authentication: server badcert, client none" \ requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA256, server required" \ "$P_SRV auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 0 \ -c "Supported Signature Algorithm found: 04 " \ @@ -5894,8 +5896,8 @@ run_test "Authentication: client SHA256, server required" \ requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA384, server required" \ "$P_SRV auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ -c "Supported Signature Algorithm found: 04 " \ @@ -5905,7 +5907,7 @@ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client has no cert, server required (TLS)" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=none \ - key_file=../framework/data_files/server5.key" \ + key_file=$DATA_FILES_PATH/server5.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -5920,8 +5922,8 @@ run_test "Authentication: client has no cert, server required (TLS)" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client badcert, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -5940,9 +5942,9 @@ run_test "Authentication: client badcert, server required" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client cert self-signed and trusted, server required" \ - "$P_SRV debug_level=3 auth_mode=required ca_file=../framework/data_files/server5-selfsigned.crt" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -5957,8 +5959,8 @@ run_test "Authentication: client cert self-signed and trusted, server require requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -5974,8 +5976,8 @@ run_test "Authentication: client cert not trusted, server required" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -5992,8 +5994,8 @@ run_test "Authentication: client badcert, server optional" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -s "skip write certificate request" \ -C "skip parse certificate request" \ @@ -6071,27 +6073,27 @@ MAX_IM_CA='8' requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: server max_int chain, client default" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c09.pem \ - key_file=../framework/data_files/dir-maxpath/09.key" \ - "$P_CLI server_name=CA09 ca_file=../framework/data_files/dir-maxpath/00.crt" \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ + "$P_CLI server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 0 \ -C "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client default" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ - "$P_CLI server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt" \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ + "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 1 \ -c "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client optional" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ - "$P_CLI force_version=tls12 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ + "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ auth_mode=optional" \ 1 \ -c "X509 - A fatal error occurred" @@ -6099,9 +6101,9 @@ run_test "Authentication: server max_int+1 chain, client optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client none" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ - "$P_CLI force_version=tls12 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ + "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ auth_mode=none" \ 0 \ -C "X509 - A fatal error occurred" @@ -6109,36 +6111,36 @@ run_test "Authentication: server max_int+1 chain, client none" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server default" \ - "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ + "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 0 \ -S "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server optional" \ - "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=optional" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ + "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 1 \ -s "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server required" \ - "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ + "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 1 \ -s "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer run_test "Authentication: client max_int chain, server required" \ - "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c09.pem \ - key_file=../framework/data_files/dir-maxpath/09.key" \ + "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ 0 \ -S "X509 - A fatal error occurred" @@ -6147,23 +6149,23 @@ run_test "Authentication: client max_int chain, server required" \ requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send CA list in CertificateRequest (default)" \ "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI force_version=tls12 crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key" \ + "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -s "requested DN" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: do not send CA list in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ - "$P_CLI force_version=tls12 crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key" \ + "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -S "requested DN" run_test "Authentication: send CA list in CertificateRequest, client self signed" \ "$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 1 \ -S "requested DN" \ -s "x509_verify_cert() returned" \ @@ -6175,33 +6177,33 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ - crt_file2=../framework/data_files/server1.crt \ - key_file2=../framework/data_files/server1.key" \ + crt_file2=$DATA_FILES_PATH/server1.crt \ + key_file2=$DATA_FILES_PATH/server1.key" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ - crt_file2=../framework/data_files/server2.crt \ - key_file2=../framework/data_files/server2.key" \ + crt_file2=$DATA_FILES_PATH/server2.crt \ + key_file2=$DATA_FILES_PATH/server2.key" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -c "DN hint: C=NL, O=PolarSSL, CN=localhost" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt hs DN hints in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \ - crt_file2=../framework/data_files/server1.crt \ - key_file2=../framework/data_files/server1.key" \ + crt_file2=$DATA_FILES_PATH/server1.crt \ + key_file2=$DATA_FILES_PATH/server1.key" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" @@ -6210,8 +6212,8 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client required" \ - "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ 1 \ -c "use CA callback for X.509 CRT verification" \ @@ -6222,8 +6224,8 @@ run_test "Authentication, CA callback: server badcert, client required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client optional" \ - "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \ 0 \ -c "use CA callback for X.509 CRT verification" \ @@ -6241,8 +6243,8 @@ run_test "Authentication, CA callback: server badcert, client optional" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ka.crt" \ + "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ 1 \ -c "use CA callback for X.509 CRT verification" \ @@ -6252,8 +6254,8 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ka.crt" \ + "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ 1 \ -c "use CA callback for X.509 CRT verification" \ @@ -6265,8 +6267,8 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA256, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 0 \ -s "use CA callback for X.509 CRT verification" \ @@ -6277,8 +6279,8 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \ - key_file=../framework/data_files/server6.key \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ + key_file=$DATA_FILES_PATH/server6.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ -s "use CA callback for X.509 CRT verification" \ @@ -6288,8 +6290,8 @@ run_test "Authentication, CA callback: client SHA384, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client badcert, server required" \ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 1 \ -s "use CA callback for X.509 CRT verification" \ -S "skip write certificate request" \ @@ -6311,8 +6313,8 @@ run_test "Authentication, CA callback: client badcert, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client cert not trusted, server required" \ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 1 \ -s "use CA callback for X.509 CRT verification" \ -S "skip write certificate request" \ @@ -6330,8 +6332,8 @@ run_test "Authentication, CA callback: client cert not trusted, server requir requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -s "use CA callback for X.509 CRT verification" \ -S "skip write certificate request" \ @@ -6350,9 +6352,9 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int chain, client default" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c09.pem \ - key_file=../framework/data_files/dir-maxpath/09.key" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=../framework/data_files/dir-maxpath/00.crt" \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ + "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 0 \ -c "use CA callback for X.509 CRT verification" \ -C "X509 - A fatal error occurred" @@ -6361,9 +6363,9 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int+1 chain, client default" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ - "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt" \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ + "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 1 \ -c "use CA callback for X.509 CRT verification" \ -c "X509 - A fatal error occurred" @@ -6372,9 +6374,9 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ - "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ - "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \ + "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ + "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ debug_level=3 auth_mode=optional" \ 1 \ -c "use CA callback for X.509 CRT verification" \ @@ -6384,9 +6386,9 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ - "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=optional" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ + "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 1 \ -s "use CA callback for X.509 CRT verification" \ -s "X509 - A fatal error occurred" @@ -6395,9 +6397,9 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int+1 chain, server required" \ - "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \ - key_file=../framework/data_files/dir-maxpath/10.key" \ + "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 1 \ -s "use CA callback for X.509 CRT verification" \ -s "X509 - A fatal error occurred" @@ -6406,9 +6408,9 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int chain, server required" \ - "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=../framework/data_files/dir-maxpath/c09.pem \ - key_file=../framework/data_files/dir-maxpath/09.key" \ + "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ + key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ 0 \ -s "use CA callback for X.509 CRT verification" \ -S "X509 - A fatal error occurred" @@ -6417,10 +6419,10 @@ run_test "Authentication, CA callback: client max_int chain, server required" requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ - "$P_SRV force_version=tls12 crt_file=../framework/data_files/server5.crt \ - key_file=../framework/data_files/server5.key \ - crt_file2=../framework/data_files/server5-sha1.crt \ - key_file2=../framework/data_files/server5.key" \ + "$P_SRV force_version=tls12 crt_file=$DATA_FILES_PATH/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key \ + crt_file2=$DATA_FILES_PATH/server5-sha1.crt \ + key_file2=$DATA_FILES_PATH/server5.key" \ "$P_CLI" \ 0 \ -c "signed using.*ECDSA with SHA256" \ @@ -6432,7 +6434,7 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: no SNI callback" \ "$P_SRV debug_level=3 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI server_name=localhost" \ 0 \ -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ @@ -6442,8 +6444,8 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: matching cert 1" \ "$P_SRV debug_level=3 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=localhost" \ 0 \ -s "parse ServerName extension" \ @@ -6454,8 +6456,8 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: matching cert 2" \ "$P_SRV debug_level=3 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=polarssl.example" \ 0 \ -s "parse ServerName extension" \ @@ -6466,8 +6468,8 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: no matching cert" \ "$P_SRV debug_level=3 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=nonesuch.example" \ 1 \ -s "parse ServerName extension" \ @@ -6479,8 +6481,8 @@ run_test "SNI: no matching cert" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: client auth no override: optional" \ "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ "$P_CLI debug_level=3 server_name=localhost" \ 0 \ -S "skip write certificate request" \ @@ -6493,8 +6495,8 @@ run_test "SNI: client auth no override: optional" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: client auth override: none -> optional" \ "$P_SRV debug_level=3 auth_mode=none \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,optional" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ "$P_CLI debug_level=3 server_name=localhost" \ 0 \ -S "skip write certificate request" \ @@ -6507,8 +6509,8 @@ run_test "SNI: client auth override: none -> optional" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: client auth override: optional -> none" \ "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,none" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ "$P_CLI debug_level=3 server_name=localhost" \ 0 \ -s "skip write certificate request" \ @@ -6519,11 +6521,11 @@ run_test "SNI: client auth override: optional -> none" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: CA no override" \ "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - ca_file=../framework/data_files/test-ca.crt \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,required" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + ca_file=$DATA_FILES_PATH/test-ca.crt \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ "$P_CLI debug_level=3 server_name=localhost \ - crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -6538,11 +6540,11 @@ run_test "SNI: CA no override" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: CA override" \ "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - ca_file=../framework/data_files/test-ca.crt \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,-,required" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + ca_file=$DATA_FILES_PATH/test-ca.crt \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ "$P_CLI debug_level=3 server_name=localhost \ - crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -6557,11 +6559,11 @@ run_test "SNI: CA override" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - ca_file=../framework/data_files/test-ca.crt \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,../framework/data_files/crl-ec-sha256.pem,required" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + ca_file=$DATA_FILES_PATH/test-ca.crt \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ "$P_CLI debug_level=3 server_name=localhost \ - crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -6579,7 +6581,7 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, no SNI callback" \ "$P_SRV debug_level=3 dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI server_name=localhost dtls=1" \ 0 \ -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ @@ -6589,8 +6591,8 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, matching cert 1" \ "$P_SRV debug_level=3 dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=localhost dtls=1" \ 0 \ -s "parse ServerName extension" \ @@ -6601,8 +6603,8 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, matching cert 2" \ "$P_SRV debug_level=3 dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=polarssl.example dtls=1" \ 0 \ -s "parse ServerName extension" \ @@ -6612,8 +6614,8 @@ run_test "SNI: DTLS, matching cert 2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, no matching cert" \ "$P_SRV debug_level=3 dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=nonesuch.example dtls=1" \ 1 \ -s "parse ServerName extension" \ @@ -6625,8 +6627,8 @@ run_test "SNI: DTLS, no matching cert" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, client auth no override: optional" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 0 \ -S "skip write certificate request" \ @@ -6639,8 +6641,8 @@ run_test "SNI: DTLS, client auth no override: optional" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, client auth override: none -> optional" \ "$P_SRV debug_level=3 auth_mode=none dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,optional" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 0 \ -S "skip write certificate request" \ @@ -6653,8 +6655,8 @@ run_test "SNI: DTLS, client auth override: none -> optional" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, client auth override: optional -> none" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,none" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 0 \ -s "skip write certificate request" \ @@ -6667,11 +6669,11 @@ run_test "SNI: DTLS, client auth override: optional -> none" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, CA no override" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - ca_file=../framework/data_files/test-ca.crt \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,required" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + ca_file=$DATA_FILES_PATH/test-ca.crt \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -6686,11 +6688,11 @@ run_test "SNI: DTLS, CA no override" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, CA override" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - ca_file=../framework/data_files/test-ca.crt \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,-,required" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + ca_file=$DATA_FILES_PATH/test-ca.crt \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 0 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -6705,11 +6707,11 @@ run_test "SNI: DTLS, CA override" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dtls=1 \ - ca_file=../framework/data_files/test-ca.crt \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,../framework/data_files/crl-ec-sha256.pem,required" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key dtls=1 \ + ca_file=$DATA_FILES_PATH/test-ca.crt \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \ + crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 1 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -7635,45 +7637,45 @@ run_test "ALPN: both, no common" \ # server-side certificate/suite selection run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ - "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \ - crt_file=../framework/data_files/server2.ku-ds.crt" \ + "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ + crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ - "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \ - crt_file=../framework/data_files/server2.ku-ke.crt" \ + "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ + crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-" run_test "keyUsage srv: RSA, keyAgreement -> fail" \ - "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \ - crt_file=../framework/data_files/server2.ku-ka.crt" \ + "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ + crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \ "$P_CLI" \ 1 \ -C "Ciphersuite is " requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ds.crt" \ + "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ - "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ka.crt" \ + "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-ECDH-" run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ - "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.ku-ke.crt" \ + "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ "$P_CLI" \ 1 \ -C "Ciphersuite is " @@ -7682,8 +7684,8 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ # client-side checking of server cert run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ds_ke.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ @@ -7692,8 +7694,8 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ -c "Ciphersuite is TLS-" run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ds_ke.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ @@ -7702,8 +7704,8 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ -c "Ciphersuite is TLS-" run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ke.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ @@ -7712,8 +7714,8 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ -c "Ciphersuite is TLS-" run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ke.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ @@ -7722,8 +7724,8 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ -C "Ciphersuite is TLS-" run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ke.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=1 auth_mode=optional \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ @@ -7733,8 +7735,8 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ -c "! Usage does not match the keyUsage extension" run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ds.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ @@ -7743,8 +7745,8 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ -c "Ciphersuite is TLS-" run_test "keyUsage cli: DigitalSignature, RSA: fail" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ds.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1 \ @@ -7753,8 +7755,8 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ -C "Ciphersuite is TLS-" run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ds.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=1 auth_mode=optional \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ @@ -7767,8 +7769,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2-sha256.ku-ds_ke.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ "$P_CLI debug_level=3" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -7779,8 +7781,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2-sha256.ku-ke.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -7791,8 +7793,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2-sha256.ku-ka.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -7803,8 +7805,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ds.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ "$P_CLI debug_level=3" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -7815,8 +7817,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ke.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ke.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -7827,8 +7829,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ka.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -7841,8 +7843,8 @@ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ds.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ -S "bad certificate (usage extensions)" \ @@ -7851,8 +7853,8 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ke.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -7860,8 +7862,8 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2.ku-ke.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 1 \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" @@ -7869,8 +7871,8 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ds.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ -S "bad certificate (usage extensions)" \ @@ -7879,8 +7881,8 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ka.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -7890,8 +7892,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2-sha256.ku-ds.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ -S "bad certificate (usage extensions)" \ @@ -7902,8 +7904,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server2.key \ - -cert ../framework/data_files/server2-sha256.ku-ke.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -7913,8 +7915,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ds.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ -S "bad certificate (usage extensions)" \ @@ -7925,8 +7927,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.ku-ka.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -7935,29 +7937,29 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: serverAuth -> OK" \ - "$P_SRV key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.eku-srv.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI" \ 0 requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ - "$P_SRV key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.eku-srv.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI" \ 0 requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ - "$P_SRV key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.eku-cs_any.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \ "$P_CLI" \ 0 requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: codeSign -> fail" \ - "$P_SRV key_file=../framework/data_files/server5.key \ - crt_file=../framework/data_files/server5.eku-cli.crt" \ + "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \ "$P_CLI" \ 1 @@ -7965,8 +7967,8 @@ run_test "extKeyUsage srv: codeSign -> fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: serverAuth -> OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-srv.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI debug_level=1" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -7975,8 +7977,8 @@ run_test "extKeyUsage cli: serverAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-srv_cli.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ "$P_CLI debug_level=1" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -7985,8 +7987,8 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs_any.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ "$P_CLI debug_level=1" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -7995,8 +7997,8 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: codeSign -> fail" \ - "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs.crt" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -8007,8 +8009,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-srv.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI debug_level=1" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -8019,8 +8021,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-srv_cli.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ "$P_CLI debug_level=1" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -8031,8 +8033,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs_any.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ "$P_CLI debug_level=1" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -8043,8 +8045,8 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: codeSign -> fail" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs.crt" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -8056,8 +8058,8 @@ run_test "extKeyUsage cli 1.3: codeSign -> fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cli.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8065,8 +8067,8 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-srv_cli.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8074,8 +8076,8 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs_any.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ 0 \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8083,8 +8085,8 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8092,8 +8094,8 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ "$P_SRV debug_level=1 auth_mode=required" \ - "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs.crt" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 1 \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" @@ -8103,8 +8105,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cli.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8114,8 +8116,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-srv_cli.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8125,8 +8127,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs_any.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ 0 \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8136,8 +8138,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \ - -cert ../framework/data_files/server5.eku-cs.crt" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" @@ -8153,7 +8155,7 @@ run_test "DHM parameters: reference" \ -c "value of 'DHM: G ' (2 bits)" run_test "DHM parameters: other parameters" \ - "$P_SRV dhm_file=../framework/data_files/dhparams.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=3" \ 0 \ @@ -8177,49 +8179,49 @@ run_test "DHM size: server default, client 2048, OK" \ -C "DHM prime too short:" run_test "DHM size: server 1024, client default, OK" \ - "$P_SRV dhm_file=../framework/data_files/dhparams.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1" \ 0 \ -C "DHM prime too short:" run_test "DHM size: server 999, client 999, OK" \ - "$P_SRV dhm_file=../framework/data_files/dh.999.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1 dhmlen=999" \ 0 \ -C "DHM prime too short:" run_test "DHM size: server 1000, client 1000, OK" \ - "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1 dhmlen=1000" \ 0 \ -C "DHM prime too short:" run_test "DHM size: server 1000, client default, rejected" \ - "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1" \ 1 \ -c "DHM prime too short:" run_test "DHM size: server 1000, client 1001, rejected" \ - "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1 dhmlen=1001" \ 1 \ -c "DHM prime too short:" run_test "DHM size: server 999, client 1000, rejected" \ - "$P_SRV dhm_file=../framework/data_files/dh.999.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1 dhmlen=1000" \ 1 \ -c "DHM prime too short:" run_test "DHM size: server 998, client 999, rejected" \ - "$P_SRV dhm_file=../framework/data_files/dh.998.pem" \ + "$P_SRV dhm_file=$DATA_FILES_PATH/dh.998.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ debug_level=1 dhmlen=999" \ 1 \ @@ -9435,7 +9437,7 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED run_test "EC restart: TLS, default" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1" \ 0 \ -C "x509_verify_cert.*4b00" \ @@ -9448,7 +9450,7 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED run_test "EC restart: TLS, max_ops=0" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ -C "x509_verify_cert.*4b00" \ @@ -9461,7 +9463,7 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED run_test "EC restart: TLS, max_ops=65535" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ -C "x509_verify_cert.*4b00" \ @@ -9476,7 +9478,7 @@ requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ -c "x509_verify_cert.*4b00" \ @@ -9492,7 +9494,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ -c "x509_verify_cert.*4b00" \ @@ -9506,10 +9508,10 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 1 \ -c "x509_verify_cert.*4b00" \ @@ -9526,10 +9528,10 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ -c "x509_verify_cert.*4b00" \ @@ -9547,10 +9549,10 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ -c "x509_verify_cert.*4b00" \ @@ -9567,10 +9569,10 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ -C "x509_verify_cert.*4b00" \ @@ -9588,10 +9590,10 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=../framework/data_files/server5-badsign.crt \ - key_file=../framework/data_files/server5.key" \ + crt_file=$DATA_FILES_PATH/server5-badsign.crt \ + key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ -C "x509_verify_cert.*4b00" \ @@ -9609,7 +9611,7 @@ requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ -c "x509_verify_cert.*4b00" \ @@ -9625,7 +9627,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ -c "x509_verify_cert.*4b00" \ @@ -9672,7 +9674,7 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ -C "x509_verify_cert.*4b00" \ @@ -9718,8 +9720,8 @@ requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SSL async private: sign, SNI" \ "$P_SRV force_version=tls12 debug_level=3 \ async_operations=s async_private_delay1=0 async_private_delay2=0 \ - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ "$P_CLI server_name=polarssl.example" \ 0 \ -s "Async sign callback: using key slot " \ @@ -9799,8 +9801,8 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key1" \ "$P_SRV \ async_operations=s async_private_delay1=1 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async sign callback: using key slot 0," \ @@ -9812,8 +9814,8 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key2" \ "$P_SRV \ async_operations=s async_private_delay2=1 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async sign callback: using key slot 0," \ @@ -9825,8 +9827,8 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 1 used with key2" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async sign callback: using key slot 1," \ @@ -9838,8 +9840,8 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt " \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt " \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async sign callback: no key matches this certificate." @@ -9946,8 +9948,8 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "SSL async private: cancel after start then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-2 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; [ \$? -eq 1 ] && $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ @@ -9968,8 +9970,8 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "SSL async private: sign, error in resume then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-3 \ - key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \ - key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \ + key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ + key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; [ \$? -eq 1 ] && $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ @@ -10336,13 +10338,13 @@ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=4096" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=4096" \ 0 \ @@ -10357,13 +10359,13 @@ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=1024" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=2048" \ 0 \ @@ -10382,13 +10384,13 @@ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=512" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=4096" \ 0 \ @@ -10403,13 +10405,13 @@ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=1024" \ 0 \ @@ -10432,13 +10434,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=1024" \ 0 \ @@ -10453,13 +10455,13 @@ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=1024" \ 0 \ @@ -10482,13 +10484,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ max_frag_len=1024" \ 0 \ @@ -10502,13 +10504,13 @@ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference) (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ mtu=4096" \ 0 \ @@ -10522,13 +10524,13 @@ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=3500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=3500-60000 \ mtu=1024" \ 0 \ @@ -10542,13 +10544,13 @@ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ mtu=2048" \ 0 \ @@ -10563,13 +10565,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ mtu=1024" \ 0 \ @@ -10585,13 +10587,13 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: both (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=2500-60000 \ mtu=512" \ @@ -10613,12 +10615,12 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=400-3200" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=400-3200" \ 0 \ @@ -10634,12 +10636,12 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=250-10000" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=250-10000" \ 0 \ @@ -10658,13 +10660,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=10000-60000 \ mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ @@ -10684,13 +10686,13 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=10000-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ mtu=512" \ @@ -10708,13 +10710,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=10000-60000 \ mtu=1024 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=10000-60000 \ mtu=1024 nbio=2" \ 0 \ @@ -10731,13 +10733,13 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=10000-60000 \ mtu=512 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ mtu=512 nbio=2" \ @@ -10764,13 +10766,13 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=10000-60000 \ mtu=1450" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=10000-60000 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \ @@ -10791,14 +10793,14 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ exchanges=2 renegotiation=1 \ hs_timeout=10000-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ hs_timeout=10000-60000 \ @@ -10820,14 +10822,14 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ exchanges=2 renegotiation=1 \ hs_timeout=10000-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ @@ -10849,15 +10851,15 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ hs_timeout=10000-60000 \ mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ hs_timeout=10000-60000 \ mtu=1024" \ @@ -10879,15 +10881,15 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ hs_timeout=10000-60000 \ mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ hs_timeout=10000-60000 \ mtu=1024" \ @@ -10908,15 +10910,15 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ hs_timeout=10000-60000 \ mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ hs_timeout=10000-60000 \ mtu=1024" \ @@ -10934,12 +10936,12 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=250-10000 mtu=512" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=250-10000 mtu=512" \ 0 \ @@ -10955,12 +10957,12 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=250-10000 mtu=512 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=250-10000 mtu=512 nbio=2" \ 0 \ @@ -10979,8 +10981,8 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ -c "fragmenting handshake message" \ @@ -11000,8 +11002,8 @@ requires_not_i686 requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ mtu=512 force_version=dtls12" \ "$G_CLI -u --insecure 127.0.0.1" \ 0 \ @@ -11013,8 +11015,8 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ -c "fragmenting handshake message" \ @@ -11025,8 +11027,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_max_content_len 2048 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ @@ -11045,8 +11047,8 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ -c "fragmenting handshake message" \ @@ -11060,8 +11062,8 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ @@ -11078,8 +11080,8 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server8_int-ca2.crt \ - key_file=../framework/data_files/server8.key \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ -c "fragmenting handshake message" \ @@ -11095,8 +11097,8 @@ requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ - crt_file=../framework/data_files/server7_int-ca.crt \ - key_file=../framework/data_files/server7.key \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ @@ -12267,7 +12269,7 @@ requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256 requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255" requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256" run_test "TLS 1.3: Default" \ - "$P_SRV allow_sha1=0 debug_level=3 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key force_version=tls13" \ + "$P_SRV allow_sha1=0 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key force_version=tls13" \ "$P_CLI allow_sha1=0" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -12441,7 +12443,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: server alpn - openssl" \ - "$P_SRV debug_level=3 tickets=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key alpn=h2" \ + "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ 0 \ -s "found alpn extension" \ @@ -12456,7 +12458,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: server alpn - gnutls" \ - "$P_SRV debug_level=3 tickets=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key alpn=h2" \ + "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ 0 \ -s "found alpn extension" \ @@ -12503,7 +12505,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cli2.crt key_file=../framework/data_files/cli2.key" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12517,8 +12519,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/cli2.crt \ - key_file=../framework/data_files/cli2.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ + key_file=$DATA_FILES_PATH/cli2.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12532,8 +12534,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp256r1.crt \ - key_file=../framework/data_files/ecdsa_secp256r1.key" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12548,8 +12550,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp256r1.crt \ - key_file=../framework/data_files/ecdsa_secp256r1.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12563,8 +12565,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp384r1.crt \ - key_file=../framework/data_files/ecdsa_secp384r1.key" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12579,8 +12581,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp384r1.crt \ - key_file=../framework/data_files/ecdsa_secp384r1.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12594,8 +12596,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12610,8 +12612,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12626,8 +12628,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \ - key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ + key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12643,8 +12645,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12659,8 +12661,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \ - key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ + key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12676,8 +12678,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12692,8 +12694,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \ - key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ + key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12709,8 +12711,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12726,8 +12728,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12743,8 +12745,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12759,7 +12761,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cli2.crt key_file=../framework/data_files/cli2.key key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12774,8 +12776,8 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/cli2.crt \ - key_file=../framework/data_files/cli2.key key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ + key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12790,8 +12792,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp256r1.crt \ - key_file=../framework/data_files/ecdsa_secp256r1.key key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12807,8 +12809,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp256r1.crt \ - key_file=../framework/data_files/ecdsa_secp256r1.key key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12823,8 +12825,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp384r1.crt \ - key_file=../framework/data_files/ecdsa_secp384r1.key key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12840,8 +12842,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp384r1.crt \ - key_file=../framework/data_files/ecdsa_secp384r1.key key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12856,8 +12858,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12873,8 +12875,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12890,8 +12892,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \ - key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ + key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12908,8 +12910,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12925,8 +12927,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \ - key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ + key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12943,8 +12945,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12960,8 +12962,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \ - key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ + key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12978,8 +12980,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \ - key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -12996,8 +12998,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -13014,8 +13016,8 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \ - key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ + "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ + key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ @@ -13091,7 +13093,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - openssl" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ @@ -13108,8 +13110,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - openssl with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key -tls1_3 -no_middlebox" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ + "$O_NEXT_CLI -msg -debug -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3 -no_middlebox" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -13128,7 +13130,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - gnutls" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ @@ -13147,8 +13149,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - gnutls with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ - "$G_NEXT_CLI localhost -d 4 --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ + "$G_NEXT_CLI localhost -d 4 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -13166,7 +13168,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$P_CLI debug_level=4" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ @@ -13185,8 +13187,8 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -13202,7 +13204,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$P_CLI debug_level=4 crt_file=none key_file=none" \ 1 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ @@ -13220,7 +13222,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ - "$P_SRV debug_level=4 auth_mode=optional crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 auth_mode=optional crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$P_CLI debug_level=4 crt_file=none key_file=none" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ @@ -13267,9 +13269,9 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - openssl with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \ - sni=localhost,../framework/data_files/server5.crt,../framework/data_files/server5.key,../framework/data_files/test-ca_cat12.crt,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$O_NEXT_CLI -msg -debug -servername localhost -CAfile ../framework/data_files/test-ca_cat12.crt -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key -tls1_3" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ + sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ + "$O_NEXT_CLI -msg -debug -servername localhost -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3" \ 0 \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK" @@ -13280,9 +13282,9 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - gnutls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \ - sni=localhost,../framework/data_files/server5.crt,../framework/data_files/server5.key,../framework/data_files/test-ca_cat12.crt,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ + sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ + "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \ 0 \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK" @@ -13293,9 +13295,9 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ + "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ + sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ + "$P_CLI debug_level=4 server_name=localhost crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ 0 \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK" @@ -13419,7 +13421,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$O_NEXT_CLI -msg -debug -no_middlebox" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13432,7 +13434,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$O_NEXT_CLI -msg -debug -no_middlebox" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13444,7 +13446,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$O_NEXT_CLI -msg -debug" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13459,7 +13461,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13474,7 +13476,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13490,7 +13492,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13615,7 +13617,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13628,7 +13630,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13640,7 +13642,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13655,7 +13657,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13671,7 +13673,7 @@ requires_config_enabled PSA_WANT_ALG_ECDH requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13688,7 +13690,7 @@ requires_config_enabled PSA_WANT_ALG_ECDH requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \ + "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "Protocol is TLSv1.3" \ @@ -13701,10 +13703,10 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key + "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ @@ -13717,10 +13719,10 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key + "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key -d 4 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ @@ -13734,10 +13736,10 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, m->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ @@ -13753,11 +13755,11 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, O->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \ - -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key \ + "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ + -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ 0 \ -c "TLSv1.3" \ @@ -13771,11 +13773,11 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, G->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \ - --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key \ + "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ + --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \ 0 \ -c "Negotiated version: 3.4" \ @@ -13790,11 +13792,11 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \ - --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key \ + "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ + --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ 1 \ -S "ssl_tls13_pick_key_cert:check signature algorithm" @@ -13806,11 +13808,11 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \ - -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key \ + "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ + -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ 1 \ -S "ssl_tls13_pick_key_cert:check signature algorithm" @@ -13822,10 +13824,10 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ - "$P_CLI allow_sha1=0 debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \ + "$P_CLI allow_sha1=0 debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ 1 \ -S "ssl_tls13_pick_key_cert:check signature algorithm" @@ -13837,9 +13839,9 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable certificate, G->m" \ "$P_SRV debug_level=4 - crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key + crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \ + "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \ 1 \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" @@ -13851,9 +13853,9 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable certificate, O->m" \ "$P_SRV debug_level=4 - crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key + crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \ + "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \ 1 \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" @@ -13865,7 +13867,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable certificate, m->m" \ "$P_SRV debug_level=4 - crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key + crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ "$P_CLI allow_sha1=0 debug_level=4 \ sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \ @@ -13878,10 +13880,10 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check client no signature algorithm, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key + "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "no suitable signature algorithm" @@ -13892,10 +13894,10 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check client no signature algorithm, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key + "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key -d 4 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "no suitable signature algorithm" @@ -13907,10 +13909,10 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check client no signature algorithm, m->m" \ "$P_SRV debug_level=4 auth_mode=required - crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key - crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key + crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key + crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "no suitable signature algorithm" @@ -13920,10 +13922,10 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key + "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -msg -tls1_2 -Verify 10 " \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 min_version=tls12 max_version=tls13 " \ 0 \ @@ -13936,10 +13938,10 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key + "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key + "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 min_version=tls12 max_version=tls13 " \ 0 \ @@ -13957,8 +13959,8 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -13979,8 +13981,8 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_DH_RFC7919_3072 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -14001,8 +14003,8 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -14023,8 +14025,8 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_DH_RFC7919_4096 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -14045,8 +14047,8 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -14066,8 +14068,8 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_DH_RFC7919_6144 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -14089,8 +14091,8 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat client_needs_more_time 4 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -14111,8 +14113,8 @@ requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_DH_RFC7919_8192 client_needs_more_time 4 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \