[gnutls-devel] [PATCH 2/2] tests: tab indent + minor style changes

Alon Bar-Lev alon.barlev at gmail.com
Sun Jun 21 19:43:35 CEST 2015


Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
 tests/cert-tests/aki                      |   12 +-
 tests/cert-tests/certtool                 |   50 +-
 tests/cert-tests/crq                      |   12 +-
 tests/cert-tests/dane                     |    2 +-
 tests/cert-tests/email                    |   36 +-
 tests/cert-tests/invalid-sig              |   16 +-
 tests/cert-tests/pathlen                  |   18 +-
 tests/cert-tests/pem-decoding             |   32 +-
 tests/cert-tests/pkcs7                    |   80 +--
 tests/cert-tests/template-test            |  254 ++++---
 tests/dsa/testdsa                         |   48 +-
 tests/dtls/dtls                           |    4 +-
 tests/dtls/dtls-nb                        |    4 +-
 tests/ecdsa/ecdsa                         |   64 +-
 tests/key-tests/key-id                    |    8 +-
 tests/key-tests/pkcs8                     |   54 +-
 tests/nist-pkits/gnutls_test_entry        |   26 +-
 tests/nist-pkits/pkits_crl                |   12 +-
 tests/nist-pkits/pkits_crt                |   12 +-
 tests/nist-pkits/pkits_pkcs12             |   12 +-
 tests/nist-pkits/pkits_smime              |   24 +-
 tests/nist-pkits/pkits_test               |    4 +-
 tests/openpgp-certs/testcerts             |   25 +-
 tests/openpgp-certs/testselfsigs          |   20 +-
 tests/pkcs1-padding/pkcs1-pad             |   28 +-
 tests/pkcs12-decode/pkcs12                |   68 +-
 tests/pkcs8-decode/pkcs8                  |   66 +-
 tests/rfc2253-escape-test                 |   14 +-
 tests/rsa-md5-collision/rsa-md5-collision |   12 +-
 tests/sha2/sha2                           |   76 +--
 tests/sha2/sha2-dsa                       |   58 +-
 tests/slow/override-ciphers               |   34 +-
 tests/slow/test-ciphers                   |   52 +-
 tests/suite/certs/create-chain.sh         |  128 ++--
 tests/suite/chain                         |   66 +-
 tests/suite/crl-test                      |   12 +-
 tests/suite/eagain                        |   12 +-
 tests/suite/invalid-cert                  |    6 +-
 tests/suite/testcompat-main-openssl       | 1027 +++++++++++++++--------------
 tests/suite/testcompat-main-polarssl      |  662 ++++++++++---------
 tests/suite/testcompat-openssl            |   16 +-
 tests/suite/testcompat-polarssl           |   10 +-
 tests/suite/testdane                      |   52 +-
 tests/suite/testpkcs11                    |  616 ++++++++---------
 tests/suite/testpkcs11.pkcs15             |   40 +-
 tests/suite/testpkcs11.sc-hsm             |   48 +-
 tests/suite/testpkcs11.softhsm            |   86 +--
 tests/suite/testrandom                    |   83 ++-
 tests/suite/testrng                       |   88 +--
 tests/suite/testsrn                       |   30 +-
 tests/userid/userid                       |   10 +-
 51 files changed, 2137 insertions(+), 2092 deletions(-)

diff --git a/tests/cert-tests/aki b/tests/cert-tests/aki
index 5f130cc..6d71a28 100755
--- a/tests/cert-tests/aki
+++ b/tests/cert-tests/aki
@@ -25,17 +25,17 @@ set -e
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/aki-cert.pem" \
-  |grep -v "Algorithm Security Level" > tmp-aki.pem
+	|grep -v "Algorithm Security Level" > tmp-aki.pem
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "info failed"
-  exit ${rc}
+	echo "info failed"
+	exit ${rc}
 fi
 
 
@@ -44,7 +44,7 @@ rc=$?
 
 # We're done.
 if test "${rc}" != "0"; then
-  exit ${rc}
+	exit ${rc}
 fi
 
 rm -f tmp-aki.pem
diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool
index ce02ec8..4df4a5d 100755
--- a/tests/cert-tests/certtool
+++ b/tests/cert-tests/certtool
@@ -23,58 +23,58 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 #check whether "funny" spaces can be interpreted
 id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/funny-spacing.pem" --hash sha1`
 rc=$?
 
-if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then
-  echo "Key-ID1 doesn't match the expected: ${id}"
-  exit 1
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+	echo "Key-ID1 doesn't match the expected: ${id}"
+	exit 1
 fi
 
 id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/funny-spacing.pem"`
 rc=$?
 
-if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then
-  echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}"
-  exit 1
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+	echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}"
+	exit 1
 fi
 
 id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha1`
 rc=$?
 
-if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then
-  echo "Key-ID2 doesn't match the expected: ${id}"
-  exit 1
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+	echo "Key-ID2 doesn't match the expected: ${id}"
+	exit 1
 fi
 
 id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha256`
 rc=$?
 
-if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d";then
-  echo "Key-ID3 doesn't match the expected: ${id}"
-  exit 1
+if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d"; then
+	echo "Key-ID3 doesn't match the expected: ${id}"
+	exit 1
 fi
 
 #fingerprint
 id=`${VALGRIND} "${CERTTOOL}" --fingerprint --infile "${srcdir}/funny-spacing.pem"`
 rc=$?
 
-if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f";then
-  echo "Fingerprint doesn't match the expected: 3"
-  exit 1
+if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f"; then
+	echo "Fingerprint doesn't match the expected: 3"
+	exit 1
 fi
 
 id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha256 --infile "${srcdir}/funny-spacing.pem"`
 rc=$?
 
-if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f";then
-  echo "Fingerprint doesn't match the expected: 4"
-  exit 1
+if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f"; then
+	echo "Fingerprint doesn't match the expected: 4"
+	exit 1
 fi
 
 export TZ="UTC"
@@ -83,17 +83,17 @@ export TZ="UTC"
 TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
 if test "$TSTAMP" != "1158969600"; then
 echo $TSTAMP
-  echo "You need datefudge to run this test"
-  exit 77
+	echo "You need datefudge to run this test"
+	exit 77
 fi
 
 cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \
 ${VALGRIND} "${CERTTOOL}" --verify-chain
 rc=$?
 
-if test "${rc}" != "0";then
-  echo "There was an issue verifying the chain"
-  exit 1
+if test "${rc}" != "0"; then
+	echo "There was an issue verifying the chain"
+	exit 1
 fi
 
 
diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq
index cc2bbfe..50b78c8 100755
--- a/tests/cert-tests/crq
+++ b/tests/cert-tests/crq
@@ -25,8 +25,8 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
 fi
 OUTFILE=out.tmp
 
@@ -35,14 +35,14 @@ rc=$?
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Invalid crq decoding failed"
-  exit ${rc}
+	echo "Invalid crq decoding failed"
+	exit ${rc}
 fi
 
 grep "error: get_key_id" "${OUTFILE}" >/dev/null 2>&1
 if test "$?" != "0"; then
-  echo "crq decoding didn't fail as expected"
-  exit 1
+	echo "crq decoding didn't fail as expected"
+	exit 1
 fi
 
 rm -f "${OUTFILE}"
diff --git a/tests/cert-tests/dane b/tests/cert-tests/dane
index e019ef7..f2aa341 100755
--- a/tests/cert-tests/dane
+++ b/tests/cert-tests/dane
@@ -37,7 +37,7 @@ rm -f tmp-dane.rr
 
 # We're done.
 if test "${rc}" != "0"; then
-  exit ${rc}
+	exit ${rc}
 fi
 
 exit 0
diff --git a/tests/cert-tests/email b/tests/cert-tests/email
index e12ee6b..8efe18e 100755
--- a/tests/cert-tests/email
+++ b/tests/cert-tests/email
@@ -23,72 +23,72 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF=$"{DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email test at example.com
 rc=$?
 
 if test "${rc}" != "1"; then
-  echo "email test 1 failed"
-  exit 1
+	echo "email test 1 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email invalid at example.com
 rc=$?
 
 if test "${rc}" != "1"; then
-  echo "email test 2 failed"
-  exit 1
+	echo "email test 2 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email test at example.com
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "email test 3 failed"
-  exit 1
+	echo "email test 3 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email invalid at example.com
 rc=$?
 
 if test "${rc}" != "1"; then
-  echo "email test 4 failed"
-  exit 1
+	echo "email test 4 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email invalid at example.com
 rc=$?
 
 if test "${rc}" != "1"; then
-  echo "email test 5 failed"
-  exit 1
+	echo "email test 5 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email test at cola.com
 rc=$?
 
 if test "${rc}" != "1"; then
-  echo "email test 6 failed"
-  exit 1
+	echo "email test 6 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email test at example.com
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "email test 7 failed"
-  exit 1
+	echo "email test 7 failed"
+	exit 1
 fi
 
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email invalid at example.com
 rc=$?
 
 if test "${rc}" != "1"; then
-  echo "email test 8 failed"
-  exit 1
+	echo "email test 8 failed"
+	exit 1
 fi
 
 
diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig
index 72d72ec..dacdc61 100755
--- a/tests/cert-tests/invalid-sig
+++ b/tests/cert-tests/invalid-sig
@@ -25,8 +25,8 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 #check whether a different PKCS #1 signature than the advertized in certificate is tolerated
@@ -35,8 +35,8 @@ rc=$?
 
 # We're done.
 if test "${rc}" = "0"; then
-  echo "Verification of invalid signature (1) failed"
-  exit ${rc}
+	echo "Verification of invalid signature (1) failed"
+	exit ${rc}
 fi
 
 #check whether a different tbsCertificate than the outer signature algorithm is tolerated
@@ -45,8 +45,8 @@ rc=$?
 
 # We're done.
 if test "${rc}" = "0"; then
-  echo "Verification of invalid signature (2) failed"
-  exit ${rc}
+	echo "Verification of invalid signature (2) failed"
+	exit ${rc}
 fi
 
 #check whether a different tbsCertificate than the outer signature algorithm is tolerated
@@ -55,8 +55,8 @@ rc=$?
 
 # We're done.
 if test "${rc}" = "0"; then
-  echo "Verification of invalid signature (3) failed"
-  exit ${rc}
+	echo "Verification of invalid signature (3) failed"
+	exit ${rc}
 fi
 
 exit 0
diff --git a/tests/cert-tests/pathlen b/tests/cert-tests/pathlen
index 710282d..d940fe8 100755
--- a/tests/cert-tests/pathlen
+++ b/tests/cert-tests/pathlen
@@ -25,26 +25,26 @@ set -e
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/ca-no-pathlen.pem" \
-  |grep -v "Algorithm Security Level" > new-ca-no-pathlen.pem
+	|grep -v "Algorithm Security Level" > new-ca-no-pathlen.pem
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "info 1 failed"
-  exit ${rc}
+	echo "info 1 failed"
+	exit ${rc}
 fi
 
 ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/no-ca-or-pathlen.pem" \
-  |grep -v "Algorithm Security Level" > new-no-ca-or-pathlen.pem
+	|grep -v "Algorithm Security Level" > new-no-ca-or-pathlen.pem
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "info 2 failed"
-  exit ${rc}
+	echo "info 2 failed"
+	exit ${rc}
 fi
 
 ${DIFF} "${srcdir}/ca-no-pathlen.pem" new-ca-no-pathlen.pem
@@ -55,7 +55,7 @@ rc2=$?
 
 # We're done.
 if test "${rc1}" != "0"; then
-  exit ${rc1}
+	exit ${rc1}
 fi
 
 rm -f new-ca-no-pathlen.pem new-no-ca-or-pathlen.pem
diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding
index 8913acb..a5f612c 100755
--- a/tests/cert-tests/pem-decoding
+++ b/tests/cert-tests/pem-decoding
@@ -25,8 +25,8 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 #check whether "funny" spaces can be interpreted
@@ -35,8 +35,8 @@ rc=$?
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Funny-spacing cert decoding failed 1"
-  exit ${rc}
+	echo "Funny-spacing cert decoding failed 1"
+	exit ${rc}
 fi
 
 #check whether a BMPString attribute can be properly decoded
@@ -44,8 +44,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/bmpstring.pem"
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "BMPString cert decoding failed 1"
-  exit ${rc}
+	echo "BMPString cert decoding failed 1"
+	exit ${rc}
 fi
 
 #Note that --strip-trailing-cr is used for the test
@@ -54,8 +54,8 @@ ${DIFF} "${srcdir}/bmpstring.pem" tmp-pem.pem || ${DIFF} --strip-trailing-cr "${
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "BMPString cert decoding failed 2"
-  exit ${rc}
+	echo "BMPString cert decoding failed 2"
+	exit ${rc}
 fi
 
 #check whether complex-cert is decoded as expected
@@ -63,8 +63,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/complex-cert.pe
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "Complex cert decoding failed 1"
-  exit ${rc}
+	echo "Complex cert decoding failed 1"
+	exit ${rc}
 fi
 
 cat "${srcdir}/complex-cert.pem" |grep -v "Not After:" >tmp1
@@ -73,8 +73,8 @@ ${DIFF} tmp1 tmp2 || ${DIFF} --strip-trailing-cr tmp1 tmp2
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "Complex cert decoding failed 2"
-  exit ${rc}
+	echo "Complex cert decoding failed 2"
+	exit ${rc}
 fi
 
 #check whether the cert with many othernames is decoded as expected
@@ -82,8 +82,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/xmpp-othername.
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "XMPP cert decoding failed 1"
-  exit ${rc}
+	echo "XMPP cert decoding failed 1"
+	exit ${rc}
 fi
 
 cat "${srcdir}/xmpp-othername.pem" |grep -v "Not After:" >tmp1
@@ -92,8 +92,8 @@ ${DIFF} tmp1 tmp2 || ${DIFF} --strip-trailing-cr tmp1 tmp2
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "XMPP cert decoding failed 2"
-  exit ${rc}
+	echo "XMPP cert decoding failed 2"
+	exit ${rc}
 fi
 
 rm -f tmp-pem.pem tmp1 tmp2
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7
index c3938cb..d4b754b 100755
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -23,54 +23,54 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
 fi
 OUTFILE=out-pkcs7.tmp
 OUTFILE2=out2-pkcs7.tmp
 
-for FILE in single-ca.p7b full.p7b;do
+for FILE in single-ca.p7b full.p7b; do
 ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/${FILE}"|grep -v "Signing time" >"${OUTFILE}"
 rc=$?
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 decoding failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 decoding failed"
+	exit ${rc}
 fi
 
 ${DIFF} "${OUTFILE}" "${srcdir}/${FILE}.out" >/dev/null
 if test "$?" != "0"; then
-  echo "${FILE}: PKCS7 decoding didn't produce the correct file"
-  exit 1
+	echo "${FILE}: PKCS7 decoding didn't produce the correct file"
+	exit 1
 fi
 done
 
 # check signatures
 
-for FILE in full.p7b;do
+for FILE in full.p7b; do
 ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}"
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 verification failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 verification failed"
+	exit ${rc}
 fi
 
 ${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}"
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 verification failed with key purpose"
-  exit ${rc}
+	echo "${FILE}: PKCS7 verification failed with key purpose"
+	exit ${rc}
 fi
 
 ${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.3 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}"
 rc=$?
 
 if test "${rc}" = "0"; then
-  echo "${FILE}: PKCS7 verification succeeded with wrong key purpose"
-  exit 2
+	echo "${FILE}: PKCS7 verification succeeded with wrong key purpose"
+	exit 2
 fi
 
 done
@@ -82,16 +82,16 @@ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/.
 rc=$?
 
 if test "${rc}" = "0"; then
-  echo "${FILE}: PKCS7 verification succeeded without providing detached data"
-  exit 2
+	echo "${FILE}: PKCS7 verification succeeded without providing detached data"
+	exit 2
 fi
 
 ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-data "${srcdir}/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}"
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 verification failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 verification failed"
+	exit ${rc}
 fi
 
 # Test cert combination
@@ -102,14 +102,14 @@ ${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUT
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct generation failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct generation failed"
+	exit ${rc}
 fi
 
 ${DIFF} "${OUTFILE}" "${srcdir}/p7-combined.out" >/dev/null
 if test "$?" != "0"; then
-  echo "${FILE}: PKCS7 generation didn't produce the correct file"
-  exit 1
+	echo "${FILE}: PKCS7 generation didn't produce the correct file"
+	exit 1
 fi
 
 # Test signing
@@ -118,8 +118,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${srcdir}/../../doc/credent
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
 fi
 
 FILE="signing-verify"
@@ -127,8 +127,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing failed verification"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
 fi
 
 
@@ -137,8 +137,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-detached-sign --load-privkey  "${srcdir}/../../do
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing-detached failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing-detached failed"
+	exit ${rc}
 fi
 
 FILE="signing-detached-verify"
@@ -146,8 +146,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing-detached failed verification"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing-detached failed verification"
+	exit ${rc}
 fi
 
 # Test signing with broken algorithms
@@ -156,8 +156,8 @@ ${VALGRIND} "${CERTTOOL}" --hash md5 --p7-sign --load-privkey  "${srcdir}/../../
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing-broken failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing-broken failed"
+	exit ${rc}
 fi
 
 FILE="signing-verify-broken"
@@ -165,8 +165,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
 rc=$?
 
 if test "${rc}" = "0"; then
-  echo "${FILE}: PKCS7 struct verification succeeded with broken algo"
-  exit 1
+	echo "${FILE}: PKCS7 struct verification succeeded with broken algo"
+	exit 1
 fi
 
 FILE="signing-time"
@@ -174,14 +174,14 @@ ${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey  "${srcdir
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing with time failed"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing with time failed"
+	exit ${rc}
 fi
 
 ${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
+	exit ${rc}
 fi
 
 FILE="signing-time-verify"
@@ -189,8 +189,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "${FILE}: PKCS7 struct signing with time failed verification"
-  exit ${rc}
+	echo "${FILE}: PKCS7 struct signing with time failed verification"
+	exit ${rc}
 fi
 
 rm -f "${OUTFILE}"
diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test
index c92440e..3903492 100755
--- a/tests/cert-tests/template-test
+++ b/tests/cert-tests/template-test
@@ -29,9 +29,9 @@ export TZ="UTC"
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
 if test "$TSTAMP" != "1158969600"; then
-  echo $TSTAMP
-  echo "You need datefudge to run this test"
-  exit 77
+	echo $TSTAMP
+	echo "You need datefudge to run this test"
+	exit 77
 fi
 
 # Note that in rare cases this test may fail because the
@@ -41,24 +41,23 @@ fi
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-test.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-test.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-test.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-test.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 1 failed"
-  exit ${rc}
+	echo "Test 1 failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
@@ -66,24 +65,23 @@ rm -f tmp-tt.pem
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-utf8.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-utf8.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-utf8.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-utf8.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 2 (UTF8) failed"
-  exit ${rc}
+	echo "Test 2 (UTF8) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
@@ -91,38 +89,37 @@ rm -f tmp-tt.pem
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-dn.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-dn.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-dn.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-dn.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 3 (DN) failed"
-  exit ${rc}
+	echo "Test 3 (DN) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
 
 datefudge "2007-04-22" \
-  "${CERTTOOL}" --generate-self-signed \
-  --load-privkey "${srcdir}/template-test.key" \
-  --template "${srcdir}/template-dn-err.tmpl" \
-  --outfile tmp-tt.pem 2>/dev/null
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-dn-err.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
 rc=$?
 
 if test "${rc}" = "0"; then
-  echo "Test 3 (DN-err) failed"
-  exit ${rc}
+	echo "Test 3 (DN-err) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
@@ -130,24 +127,23 @@ rm -f tmp-tt.pem
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-overflow.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-overflow.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-overflow.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-overflow.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 4 (overflow1) failed"
-  exit ${rc}
+	echo "Test 4 (overflow1) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
@@ -158,24 +154,23 @@ if echo __SIZEOF_POINTER__ | cpp -E - - | grep '^8$' >/dev/null; then
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-overflow2.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-overflow2.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-overflow2.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-overflow2.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 5 (overflow2) failed"
-  exit ${rc}
+	echo "Test 5 (overflow2) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
@@ -184,24 +179,23 @@ fi
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-date.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-date.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-date.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-date.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 6 (explicit dates) failed"
-  exit ${rc}
+	echo "Test 6 (explicit dates) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
@@ -211,53 +205,51 @@ rm -f tmp-tt.pem
 rc=1
 counter=1
 
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
-  datefudge "2007-04-22" \
-    "${CERTTOOL}" --generate-self-signed \
-    --load-privkey "${srcdir}/template-test.key" \
-    --template "${srcdir}/template-nc.tmpl" \
-    --outfile tmp-tt.pem 2>/dev/null
-
-  ${DIFF} "${srcdir}/template-nc.pem" tmp-tt.pem >/dev/null 2>&1
-  rc=$?
-  test ${rc} != 0 && sleep 3
-  counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-nc.tmpl" \
+		--outfile tmp-tt.pem 2>/dev/null
+
+	${DIFF} "${srcdir}/template-nc.pem" tmp-tt.pem >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
 done
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Test 7 (name constraints) failed"
-  exit ${rc}
+	echo "Test 7 (name constraints) failed"
+	exit ${rc}
 fi
 
 rm -f tmp-tt.pem
 
 # Test the GeneralizedTime support
-if test "$(getconf LONG_BIT)" = "64";then
-  # we should test that on systems which have 64-bit time_t.
-  rc=1
-  counter=1
-
-  while [ "${rc}" != "0" -a $counter -le 3 ]
-  do
-    datefudge "2051-04-22" \
-      "${CERTTOOL}" --generate-self-signed \
-      --load-privkey "${srcdir}/template-test.key" \
-      --template "${srcdir}/template-generalized.tmpl" \
-      --outfile tmp-tt.pem 2>/dev/null
-
-    ${DIFF} "${srcdir}/template-generalized.pem" tmp-tt.pem >/dev/null 2>&1
-    rc=$?
-    test ${rc} != 0 && sleep 3
-    counter=`expr $counter + 1`
-  done
-
-  # We're done.
-  if test "${rc}" != "0"; then
-    echo "Test 8 (generalizedTime) failed"
-    exit ${rc}
-  fi
+if test "$(getconf LONG_BIT)" = "64"; then
+	# we should test that on systems which have 64-bit time_t.
+	rc=1
+	counter=1
+
+	while [ "${rc}" != "0" -a $counter -le 3 ]; do
+		datefudge "2051-04-22" \
+			"${CERTTOOL}" --generate-self-signed \
+				--load-privkey "${srcdir}/template-test.key" \
+				--template "${srcdir}/template-generalized.tmpl" \
+				--outfile tmp-tt.pem 2>/dev/null
+
+		${DIFF} "${srcdir}/template-generalized.pem" tmp-tt.pem >/dev/null 2>&1
+		rc=$?
+		test ${rc} != 0 && sleep 3
+		counter=`expr $counter + 1`
+	done
+
+	# We're done.
+	if test "${rc}" != "0"; then
+		echo "Test 8 (generalizedTime) failed"
+		exit ${rc}
+	fi
 fi
 
 rm -f tmp-tt.pem
diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa
index 0334e63..456182f 100755
--- a/tests/dsa/testdsa
+++ b/tests/dsa/testdsa
@@ -26,8 +26,8 @@ CLI="${CLI:-../../src/gnutls-cli}"
 DEBUG=""
 unset RETCODE
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi 
 
 . "${srcdir}/../scripts/common.sh"
@@ -40,30 +40,31 @@ echo "Checking various DSA key sizes (port ${PORT})"
 
 echo "Checking DSA-1024 with TLS 1.0"
 
-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 &
+PID=$!
 wait_server "${PID}"
 
 PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1"
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
 
 echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"
 
 #try with client key of 1024 bits (should succeed) 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
 
 echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
 
 #try with client key of 2048 bits (should fail) 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" </dev/null >/dev/null 2>&1 && \
-  fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
+	fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
 
 echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
 
 #try with client key of 3072 bits (should fail) 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" </dev/null >/dev/null 2>&1 && \
-  fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
+	fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
 
 kill "${PID}"
 wait
@@ -72,30 +73,30 @@ wait
 
 echo "Checking DSA-1024 with TLS 1.2"
 
-launch_server $$  --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 &
+PID=$!
 wait_server "${PID}"
 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
 
 echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"
 
 #try with client key of 1024 bits (should succeed) 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
 
 echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
 
 #try with client key of 2048 bits (should succeed) 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
+	fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
 
 echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
 
 #try with client key of 3072 bits (should succeed) 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
-
+	fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
 
 kill "${PID}"
 wait
@@ -104,11 +105,12 @@ wait
 
 #echo "Checking DSA-2048 with TLS 1.0"
 
-#launch_server $$  --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & PID=$!
+#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 &
+#PID=$!
 #wait_server "${PID}"
 
 #"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
-#  fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
+# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
 
 #kill "${PID}"
 #wait
@@ -117,11 +119,12 @@ wait
 
 echo "Checking DSA-2048 with TLS 1.2"
 
-launch_server $$  --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 &
+PID=$!
 wait_server "${PID}"
 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+	fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!"
 
 kill "${PID}"
 wait
@@ -130,11 +133,12 @@ wait
 
 #echo "Checking DSA-3072 with TLS 1.0"
 
-#launch_server $$  --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & PID=$!
+#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 &
+#PID=$!
 #wait_server "${PID}"
 #
 #"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
-#  fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
+#	fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
 #
 #kill "${PID}"
 #wait
@@ -143,14 +147,14 @@ wait
 
 echo "Checking DSA-3072 with TLS 1.2"
 
-launch_server $$  --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 &
+PID=$!
 wait_server "${PID}"
 
 "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+	fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!"
 
 kill "${PID}"
 wait
 
 exit 0
-
diff --git a/tests/dtls/dtls b/tests/dtls/dtls
index 1a80573..ea1f3be 100755
--- a/tests/dtls/dtls
+++ b/tests/dtls/dtls
@@ -22,8 +22,8 @@
 
 set -e
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi
 
 ./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234 CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec CFinished -d 6
diff --git a/tests/dtls/dtls-nb b/tests/dtls/dtls-nb
index 7ba2f33..87c2d0d 100755
--- a/tests/dtls/dtls-nb
+++ b/tests/dtls/dtls-nb
@@ -22,8 +22,8 @@
 
 set -e
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi
 
 ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
diff --git a/tests/ecdsa/ecdsa b/tests/ecdsa/ecdsa
index 507f622..e5b48b9 100755
--- a/tests/ecdsa/ecdsa
+++ b/tests/ecdsa/ecdsa
@@ -26,66 +26,66 @@ srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 
 echo ca > template
-echo cn = "ECDSA SHA 256 CA" >> template
+echo "cn = ECDSA SHA 256 CA" >> template
 
 "${CERTTOOL}" --generate-privkey --ecc > key-ca-ecdsa.pem 2>/dev/null
 
 "${CERTTOOL}" -d 2 --generate-self-signed --template template \
-    --load-privkey key-ca-ecdsa.pem \
-    --outfile new-ca-ecdsa.pem \
-    --hash sha256 >out 2>&1
+	--load-privkey key-ca-ecdsa.pem \
+	--outfile new-ca-ecdsa.pem \
+	--hash sha256 >out 2>&1
 
-if [ $? != 0 ];then
-  cat out
-  exit 1
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
 echo ca > template
 "${CERTTOOL}" --generate-privkey --ecc > key-subca-ecdsa.pem 2>/dev/null
-echo cn = "ECDSA SHA 224 Mid CA" >> template
+echo "cn = ECDSA SHA 224 Mid CA" >> template
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template \
-    --load-ca-privkey key-ca-ecdsa.pem \
-    --load-ca-certificate new-ca-ecdsa.pem \
-    --load-privkey key-subca-ecdsa.pem \
-    --outfile new-subca-ecdsa.pem \
-    --hash sha224 >out 2>&1
-
-if [ $? != 0 ];then
-  cat out
-  exit 1
+	--load-ca-privkey key-ca-ecdsa.pem \
+	--load-ca-certificate new-ca-ecdsa.pem \
+	--load-privkey key-subca-ecdsa.pem \
+	--outfile new-subca-ecdsa.pem \
+	--hash sha224 >out 2>&1
+
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
-echo cn = "End-user" > template
+echo "cn = End-user" > template
 
 "${CERTTOOL}" --generate-privkey --ecc > key-ecdsa.pem 2>/dev/null
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template \
-    --load-ca-privkey key-subca-ecdsa.pem \
-    --load-ca-certificate new-subca-ecdsa.pem \
-    --load-privkey key-ecdsa.pem \
-    --outfile new-user.pem >out 2>&1
-
-if [ $? != 0 ];then
-  cat out
-  exit 1
+	--load-ca-privkey key-subca-ecdsa.pem \
+	--load-ca-certificate new-subca-ecdsa.pem \
+	--load-privkey key-ecdsa.pem \
+	--outfile new-user.pem >out 2>&1
+
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
 cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out
 "${CERTTOOL}" --verify-chain <out > verify
 
-if [ $? != 0 ];then
-  cat verify
-  exit 1
+if [ $? != 0 ]; then
+	cat verify
+	exit 1
 fi
 
 rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out
 rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem
 
 "${CERTTOOL}" -k < "${srcdir}/bad-key.pem" | grep "validation failed" >/dev/null 2>&1
-if [ $? != 0 ];then
-  echo "certtool didn't detect a bad ECDSA key."
-  exit 1
+if [ $? != 0 ]; then
+	echo "certtool didn't detect a bad ECDSA key."
+	exit 1
 fi
 
 exit 0
diff --git a/tests/key-tests/key-id b/tests/key-tests/key-id
index c671319..2ef0f3e 100755
--- a/tests/key-tests/key-id
+++ b/tests/key-tests/key-id
@@ -36,14 +36,14 @@ echo "serial = 0" > tmpl
 #    --outfile user-no-keyid.pem 2> /dev/null
 
 eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate "${srcdir}/ca-weird-keyid.pem" \
-    --outfile user-weird-keyid.pem 2> /dev/null
+	--outfile user-weird-keyid.pem 2> /dev/null
 
 if "${CERTTOOL}" -i < user-weird-keyid.pem \
-    | grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then
+	| grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then
 :
 else
-  echo "Could not find CA SKI in user certificate."
-  exit 1;
+	echo "Could not find CA SKI in user certificate."
+	exit 1;
 fi
 
 rm -f tmpl user-gnutls-keyid.pem user-no-keyid.pem user-weird-keyid.pem
diff --git a/tests/key-tests/pkcs8 b/tests/key-tests/pkcs8
index 3173bfa..d166469 100755
--- a/tests/key-tests/pkcs8
+++ b/tests/key-tests/pkcs8
@@ -24,86 +24,86 @@ GREP="${GREP:-grep}"
 
 # check keys with password
 "${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/key-ca.pem" --password "1234" \
-    --outfile tmp-key-ca.p8 2>/dev/null
+	--outfile tmp-key-ca.p8 2>/dev/null
 
 ${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8  >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in converting key to PKCS #8 with password"
-  exit ${rc}
+	echo "Error in converting key to PKCS #8 with password"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "1234" >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading PKCS #8 key with password"
-  exit ${rc}
+	echo "Error in reading PKCS #8 key with password"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-1234.p8" --password "1234" >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading saved PKCS #8 key with password"
-  exit ${rc}
+	echo "Error in reading saved PKCS #8 key with password"
+	exit ${rc}
 fi
 
 #keys encrypted with empty password
 "${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/key-ca.pem" --password "" \
-    --outfile tmp-key-ca.p8 2>/dev/null
+		--outfile tmp-key-ca.p8 2>/dev/null
 
 ${GREP} "BEGIN PRIVATE KEY" tmp-key-ca.p8  >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in converting key to PKCS #8 with empty password"
-  exit ${rc}
+	echo "Error in converting key to PKCS #8 with empty password"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "" >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading PKCS #8 key with empty password"
-  exit ${rc}
+	echo "Error in reading PKCS #8 key with empty password"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-empty.p8" --password "" >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading saved PKCS #8 key with empty password"
-  exit ${rc}
+	echo "Error in reading saved PKCS #8 key with empty password"
+	exit ${rc}
 fi
 
 #keys encrypted with null password
 "${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/key-ca.pem" --null-password \
-    --outfile tmp-key-ca.p8 2>/dev/null
+	--outfile tmp-key-ca.p8 2>/dev/null
 
 ${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in converting key to PKCS #8 with null password"
-  exit ${rc}
+	echo "Error in converting key to PKCS #8 with null password"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --null-password >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading PKCS #8 key with null password"
-  exit ${rc}
+	echo "Error in reading PKCS #8 key with null password"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-null.p8" --null-password >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading saved PKCS #8 key with null password"
-  exit ${rc}
+	echo "Error in reading saved PKCS #8 key with null password"
+	exit ${rc}
 fi
 
 # Tests for PKCS #8 ECC keys
@@ -112,24 +112,24 @@ fi
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading saved ECC key"
-  exit ${rc}
+	echo "Error in reading saved ECC key"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ecc.p8" >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading saved PKCS #8 ECC key"
-  exit ${rc}
+	echo "Error in reading saved PKCS #8 ECC key"
+	exit ${rc}
 fi
 
 "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/openssl-key-ecc.p8" >/dev/null 2>&1
 rc=$?
 # We're done.
 if test "${rc}" != "0"; then
-  echo "Error in reading saved openssl PKCS #8 ECC key"
-  exit ${rc}
+	echo "Error in reading saved openssl PKCS #8 ECC key"
+	exit ${rc}
 fi
 
 rm -f tmp-key-ca.p8
diff --git a/tests/nist-pkits/gnutls_test_entry b/tests/nist-pkits/gnutls_test_entry
index 87c435e..a35d026 100755
--- a/tests/nist-pkits/gnutls_test_entry
+++ b/tests/nist-pkits/gnutls_test_entry
@@ -10,19 +10,19 @@ certtool -e < chain.pem > output.txt
 rm -f chain.pem
 
 if grep 'Verification output:' output.txt > /dev/null; then
-  if grep 'Verification output' output.txt | grep -v 'Verification output: Verified.' > /dev/null; then
-    if test "${RESULT}" = "0"; then
-      echo "<font color=red>Unexpected reject</font>"
-    else
-      echo "<font color=green>Reject</font>"
-    fi
-  else
-    if test "${RESULT}" = "1"; then
-      echo "<font color=red>Unexpected success</font>"
-    else
-      echo "<font color=green>Success</font>"
-    fi
-  fi
+	if grep 'Verification output' output.txt | grep -v 'Verification output: Verified.' > /dev/null; then
+		if test "${RESULT}" = "0"; then
+			echo "<font color=red>Unexpected reject</font>"
+		else
+			echo "<font color=green>Reject</font>"
+		fi
+	else
+		if test "${RESULT}" = "1"; then
+			echo "<font color=red>Unexpected success</font>"
+		else
+			echo "<font color=green>Success</font>"
+		fi
+	fi
 fi
 
 rm -f output.txt
diff --git a/tests/nist-pkits/pkits_crl b/tests/nist-pkits/pkits_crl
index 1473587..6c3e92d 100755
--- a/tests/nist-pkits/pkits_crl
+++ b/tests/nist-pkits/pkits_crl
@@ -25,12 +25,12 @@ test -d crls || unzip "${srcdir}/PKITS_data.zip"
 
 ret=0
 for crl in "${srcdir}/crls"/*; do
-  "${CERTTOOL}" --crl-info --inder --infile "${crl}" > out 2>&1
-  rc=$?
-  if test ${rc} != 0; then
-    echo "CRL FATAL ${crl}"
-    ret=1
-  fi
+	"${CERTTOOL}" --crl-info --inder --infile "${crl}" > out 2>&1
+	rc=$?
+	if test ${rc} != 0; then
+		echo "CRL FATAL ${crl}"
+		ret=1
+	fi
 done
 rm -f out
 
diff --git a/tests/nist-pkits/pkits_crt b/tests/nist-pkits/pkits_crt
index 5e22ca2..92b69bd 100755
--- a/tests/nist-pkits/pkits_crt
+++ b/tests/nist-pkits/pkits_crt
@@ -25,12 +25,12 @@ test -d certs || unzip "${srcdir}/PKITS_data.zip"
 
 ret=0
 for crt in "${srcdir}/certs"/*; do
-  "${CERTTOOL}" --certificate-info --inder --infile "${crt}" > out 2>&1
-  rc=$?
-  if test ${rc} != 0; then
-    echo "Certificate FATAL ${crt}"
-    ret=1
-  fi
+	"${CERTTOOL}" --certificate-info --inder --infile "${crt}" > out 2>&1
+	rc=$?
+	if test ${rc} != 0; then
+		echo "Certificate FATAL ${crt}"
+		ret=1
+	fi
 done
 rm -f out
 
diff --git a/tests/nist-pkits/pkits_pkcs12 b/tests/nist-pkits/pkits_pkcs12
index 24ba7e6..0b34cb9 100755
--- a/tests/nist-pkits/pkits_pkcs12
+++ b/tests/nist-pkits/pkits_pkcs12
@@ -25,12 +25,12 @@ test -d pkcs12 || unzip "${srcdir}/PKITS_data.zip"
 
 ret=0
 for p12 in "${srcdir}/pkcs12"/*; do
-  "${CERTTOOL}" --p12-info --inder --password password --infile "${p12}" > out 2>&1
-  rc=$?
-  if test ${rc} != 0; then
-    echo "PKCS12 FATAL $p12"
-    ret=1
-  fi
+	"${CERTTOOL}" --p12-info --inder --password password --infile "${p12}" > out 2>&1
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS12 FATAL $p12"
+		ret=1
+	fi
 done
 rm -f out
 
diff --git a/tests/nist-pkits/pkits_smime b/tests/nist-pkits/pkits_smime
index a9b15aa..62da9c9 100755
--- a/tests/nist-pkits/pkits_smime
+++ b/tests/nist-pkits/pkits_smime
@@ -25,18 +25,18 @@ test -d smime || unzip "${srcdir}/PKITS_data.zip"
 
 ret=0
 for msg in "${srcdir}/smime"/*; do
-  "${CERTTOOL}" --smime-to-p7 --infile "${msg}" > out 2>&1
-  rc=$?
-  if test ${rc} != 0; then
-    echo "S/MIME FATAL $msg"
-    ret=1
-  fi
-  "${CERTTOOL}" --p7-info --infile out > out2 2>&1
-  rc=$?
-  if test ${rc} != 0; then
-    echo "PKCS#7 FATAL $msg"
-    ret=1
-  fi
+	"${CERTTOOL}" --smime-to-p7 --infile "${msg}" > out 2>&1
+	rc=$?
+	if test ${rc} != 0; then
+		echo "S/MIME FATAL $msg"
+		ret=1
+	fi
+	"${CERTTOOL}" --p7-info --infile out > out2 2>&1
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS#7 FATAL $msg"
+		ret=1
+	fi
 done
 rm -f out out2
 
diff --git a/tests/nist-pkits/pkits_test b/tests/nist-pkits/pkits_test
index 55653a3..49feecb 100755
--- a/tests/nist-pkits/pkits_test
+++ b/tests/nist-pkits/pkits_test
@@ -7,8 +7,8 @@ srcdir="${srcdir:-.}"
 test -d certs || unzip "${srcdir}/PKITS_data.zip"
 
 if ! test -d pkits_test_list_generator; then
-  tar xfz "${srcdir}/pkits_test_list_generator.tgz"
-  patch -p 0 < pkits_test_list_generator.patch
+	tar xfz "${srcdir}/pkits_test_list_generator.tgz"
+	patch -p 0 < pkits_test_list_generator.patch
 fi
 
 make -C pkits_test_list_generator/src
diff --git a/tests/openpgp-certs/testcerts b/tests/openpgp-certs/testcerts
index c8d25d1..9ac5f53 100755
--- a/tests/openpgp-certs/testcerts
+++ b/tests/openpgp-certs/testcerts
@@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv} -q"
 CLI="${CLI:-../../src/gnutls-cli}"
 DEBUG=""
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi 
 
 . "${srcdir}/../scripts/common.sh"
@@ -35,7 +35,8 @@ PORT="${PORT:-$RPORT}"
 
 echo "Checking OpenPGP certificate verification"
 
-launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-127.0.0.1-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-127.0.0.1-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 &
+PID=$!
 wait_server ${PID}
 
 # give the server a chance to initialize
@@ -47,22 +48,23 @@ wait_server ${PID}
 #  fail "Connection to verified IP address should have succeeded! (error code $?)" $?
 
 "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.2 --priority NORMAL:+CTYPE-OPENPGP --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "Connection to unrecognized IP address should have failed!"
+	fail ${PID} "Connection to unrecognized IP address should have failed!"
 
 "${CLI}" ${DEBUG} -p "${PORT}" localhost --priority NORMAL:+CTYPE-OPENPGP --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "Connection to unverified (but present) 'localhost' should have failed!"
+	fail ${PID} "Connection to unverified (but present) 'localhost' should have failed!"
 
 kill ${PID}
 wait
 
-launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-localhost-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-localhost-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 &
+PID=$!
 wait_server ${PID}
 
 echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "Connection to unverified IP address should have failed! (error code $?)" $?
+	fail ${PID} "Connection to unverified IP address should have failed! (error code $?)" $?
 
 "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.2 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "Connection to unrecognized IP address should have failed!"
+	fail ${PID} "Connection to unrecognized IP address should have failed!"
 
 #see reason above
 #"${CLI}" -p "${PORT}" localhost --pgpkeyring ca-public.gpg </dev/null >/dev/null || \
@@ -71,15 +73,16 @@ echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1
 kill ${PID}
 wait
 
-launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-all-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-all-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 &
+PID=$!
 wait_server ${PID}
 
 # give the server a chance to initialize
 echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null || \
-  fail ${PID} "Connection to signed PGP certificate should have succeeded! (error code $?)" $?
+	fail ${PID} "Connection to signed PGP certificate should have succeeded! (error code $?)" $?
 
 "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.2 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "Connection to unrecognized IP address should have failed!"
+	fail ${PID} "Connection to unrecognized IP address should have failed!"
 
 kill ${PID}
 wait
diff --git a/tests/openpgp-certs/testselfsigs b/tests/openpgp-certs/testselfsigs
index 2910b29..2100c11 100755
--- a/tests/openpgp-certs/testselfsigs
+++ b/tests/openpgp-certs/testselfsigs
@@ -28,26 +28,26 @@ CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 unset RETCODE || true
 
 fail() {
-   echo "Failure: $1" >&2
-   RETCODE=${RETCODE:-${2:-1}}
+	 echo "Failure: $1" >&2
+	 RETCODE=${RETCODE:-${2:-1}}
 }
 
 echo "Checking OpenPGP certificate self verification"
 
 ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice.pub" \
-    | grep "^Self Signature verification: ok" > /dev/null) || \
-    fail "Self sig Verification should have succeeded!"
+	| grep "^Self Signature verification: ok" > /dev/null) || \
+	fail "Self sig Verification should have succeeded!"
 
 ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-badsig18.pub" \
-    | grep "^Self Signature verification: failed" > /dev/null) || \
-    fail "Self sig Verification should have failed!"
+	| grep "^Self Signature verification: failed" > /dev/null) || \
+	fail "Self sig Verification should have failed!"
 
 ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-irrelevantsig.pub" \
-    | grep "^Self Signature verification: failed" >/dev/null) || \
-    fail "Self sig Verification should have failed!"
+	| grep "^Self Signature verification: failed" >/dev/null) || \
+	fail "Self sig Verification should have failed!"
 
 ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-nosig18.pub" \
-    | grep "^Self Signature verification: failed" >/dev/null) || \
-    fail "Self sig Verification should have failed!"
+	| grep "^Self Signature verification: failed" >/dev/null) || \
+	fail "Self sig Verification should have failed!"
 
 exit ${RETCODE:-0}
diff --git a/tests/pkcs1-padding/pkcs1-pad b/tests/pkcs1-padding/pkcs1-pad
index 8d0861a..8b71126 100755
--- a/tests/pkcs1-padding/pkcs1-pad
+++ b/tests/pkcs1-padding/pkcs1-pad
@@ -31,8 +31,8 @@ export TZ="UTC"
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
 if test "${TSTAMP}" != "1158969600"; then
-  echo "You need datefudge to run this test"
-  exit 77
+	echo "You need datefudge to run this test"
+	exit 77
 fi
 
 # Test 1, PKCS#1 pad digestAlgorithm.parameters
@@ -48,10 +48,10 @@ out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
 out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "`
 
 if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then
-  echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
-  echo "expected ${EXPECT1}"
-  echo "PKCS1-PAD1 FAIL"
-  exit 1
+	echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
+	echo "expected ${EXPECT1}"
+	echo "PKCS1-PAD1 FAIL"
+	exit 1
 fi
 
 rm -f out1 out2
@@ -71,10 +71,10 @@ out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
 out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "`
 
 if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then
-  echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
-  echo "expected ${EXPECT2}"
-  echo "PKCS1-PAD2 FAIL"
-  exit 1
+	echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
+	echo "expected ${EXPECT2}"
+	echo "PKCS1-PAD2 FAIL"
+	exit 1
 fi
 
 rm -f out1 out2
@@ -93,10 +93,10 @@ out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "`
 out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
 
 if test "${out1oks}${out1fails}" != "${EXPECT3}"; then
-  echo "out1 oks ${out1oks} fails ${out1fails}"
-  echo "expected ${EXPECT3}"
-  echo "PKCS1-PAD3 FAIL"
-  exit 1
+	echo "out1 oks ${out1oks} fails ${out1fails}"
+	echo "expected ${EXPECT3}"
+	echo "PKCS1-PAD3 FAIL"
+	exit 1
 fi
 
 rm -f out1
diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12
index 0408ad1..64a3607 100755
--- a/tests/pkcs12-decode/pkcs12
+++ b/tests/pkcs12-decode/pkcs12
@@ -27,101 +27,101 @@ CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
 DEBUG=""
 
-if test "x$1" != "x";then
-  DEBUG="1"
+if test "x$1" != "x"; then
+	DEBUG="1"
 fi
 
 ret=0
 for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do
-  set -- ${p12}
-  file="$1"
-  passwd="$2"
-  if test "x$DEBUG" != "x";then
-    "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
-      --infile "${srcdir}/${file}"
-  else
-    "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
-      --infile "${srcdir}/${file}" >/dev/null 2>&1
-  fi
-  rc=$?
-  if test ${rc} != 0; then
-    echo "NEON PKCS12 FATAL ${p12}"
-    ret=1
-  fi
+	set -- ${p12}
+	file="$1"
+	passwd="$2"
+	if test "x$DEBUG" != "x"; then
+		"${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/${file}"
+	else
+		"${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/${file}" >/dev/null 2>&1
+	fi
+	rc=$?
+	if test ${rc} != 0; then
+		echo "NEON PKCS12 FATAL ${p12}"
+		ret=1
+	fi
 done
 
 file=test-null.p12
 "${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null 2>&1
 rc=$?
 if test ${rc} != 0; then
-  echo "PKCS12 FATAL ${file}"
-  ret=1
+	echo "PKCS12 FATAL ${file}"
+	ret=1
 fi
 
 file=sha256.p12
 "${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null 2>&1
 rc=$?
 if test ${rc} != 0; then
-  echo "PKCS12 FATAL ${file}"
-  ret=1
+	echo "PKCS12 FATAL ${file}"
+	ret=1
 fi
 
 # test whether we can encode a certificate and a key
 "${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null 2>&1
 rc=$?
 if test ${rc} != 0; then
-  echo "PKCS12 FATAL encoding"
-  ret=1
+	echo "PKCS12 FATAL encoding"
+	ret=1
 fi
 
 "${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null
 rc=$?
 if test ${rc} != 0; then
-  echo "PKCS12 FATAL decrypting/decoding"
-  ret=1
+	echo "PKCS12 FATAL decrypting/decoding"
+	ret=1
 fi
 
 grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-  exit ${rc}
+	exit ${rc}
 fi
 
 grep "BEGIN CERTIFICATE" out.pem >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-  exit ${rc}
+	exit ${rc}
 fi
 
 # test whether we can encode a certificate, a key and a CA
 "${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null 2>&1
 rc=$?
 if test ${rc} != 0; then
-  echo "PKCS12 FATAL encoding 2"
-  exit 1
+	echo "PKCS12 FATAL encoding 2"
+	exit 1
 fi
 
 "${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null
 rc=$?
 if test ${rc} != 0; then
-  echo "PKCS12 FATAL decrypting/decoding 2"
-  exit 1
+	echo "PKCS12 FATAL decrypting/decoding 2"
+	exit 1
 fi
 
 grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-  exit ${rc}
+	exit ${rc}
 fi
 
 count=`grep -c "BEGIN CERTIFICATE" out.pem`
 
 if test "$count" != "2"; then
-  echo "Only one certificate was included"
-  exit 1
+	echo "Only one certificate was included"
+	exit 1
 fi
 
 rm -f out.pem out.p12
diff --git a/tests/pkcs8-decode/pkcs8 b/tests/pkcs8-decode/pkcs8
index 756d0ac..a305014 100755
--- a/tests/pkcs8-decode/pkcs8
+++ b/tests/pkcs8-decode/pkcs8
@@ -24,48 +24,48 @@ srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 DIFF="${DIFF:-diff}"
 
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 ret=0
 for p8 in 'encpkcs8.pem foobar' unencpkcs8.pem 'enc2pkcs8.pem baz'; do
-  set -- ${p8}
-  file="$1"
-  passwd="$2"
-  ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
-    --infile "${srcdir}/${file}" | tee out >/dev/null
-  rc=$?
-  if test ${rc} != 0; then
-    cat out
-    echo "PKCS8 FATAL ${p8}"
-    ret=1
-  else
-    echo "PKCS8 OK ${p8}"
-  fi
+	set -- ${p8}
+	file="$1"
+	passwd="$2"
+	${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
+		--infile "${srcdir}/${file}" | tee out >/dev/null
+	rc=$?
+	if test ${rc} != 0; then
+		cat out
+		echo "PKCS8 FATAL ${p8}"
+		ret=1
+	else
+		echo "PKCS8 OK ${p8}"
+	fi
 done
 rm -f out
 
 for p8 in openssl-aes128.p8 openssl-aes256.p8 openssl-3des.p8; do
-  set -- ${p8}
-  file="$1"
-  passwd="$2"
-  ${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \
-    --infile "${srcdir}/${file}" | tee out >/dev/null
-  rc=$?
-  if test ${rc} != 0; then
-    cat out
-    echo "PKCS8 FATAL ${p8}"
-    ret=1
-  fi
+	set -- ${p8}
+	file="$1"
+	passwd="$2"
+	${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \
+		--infile "${srcdir}/${file}" | tee out >/dev/null
+	rc=$?
+	if test ${rc} != 0; then
+		cat out
+		echo "PKCS8 FATAL ${p8}"
+		ret=1
+	fi
 
-  ${DIFF} "${srcdir}/${p8}.txt" out
-  rc=$?
-  if test ${rc} != 0; then
-    cat out
-    echo "PKCS8 FATAL TXT ${p8}"
-    ret=1
-  fi
+	${DIFF} "${srcdir}/${p8}.txt" out
+	rc=$?
+	if test ${rc} != 0; then
+		cat out
+		echo "PKCS8 FATAL TXT ${p8}"
+		ret=1
+	fi
 done
 rm -f out
 
diff --git a/tests/rfc2253-escape-test b/tests/rfc2253-escape-test
index 7506139..2ce8c3c 100755
--- a/tests/rfc2253-escape-test
+++ b/tests/rfc2253-escape-test
@@ -23,13 +23,13 @@
 set -e
 
 CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
 fi
 
 if cat<<EOF \
-  | ${VALGRIND} "${CERTTOOL}" --certificate-info \
-  | grep 'Issuer: O=RFC 2253 escape test,OU=Plus \\+ Comma \\,' > /dev/null
+	| ${VALGRIND} "${CERTTOOL}" --certificate-info \
+	| grep 'Issuer: O=RFC 2253 escape test,OU=Plus \\+ Comma \\,' > /dev/null
 -----BEGIN CERTIFICATE-----
 MIICETCCAXygAwIBAgIESnlIMTALBgkqhkiG9w0BAQUwODEdMBsGA1UEChMUUkZD
 IDIyNTMgZXNjYXBlIHRlc3QxFzAVBgNVBAsTDlBsdXMgKyBDb21tYSAsMB4XDTA5
@@ -46,10 +46,10 @@ iptEYYo=
 -----END CERTIFICATE-----
 EOF
 then
-  :
+	:
 else
-  echo "RFC 2253 escaping not working?"
-  exit 1
+	echo "RFC 2253 escaping not working?"
+	exit 1
 fi
 
 exit 0
diff --git a/tests/rsa-md5-collision/rsa-md5-collision b/tests/rsa-md5-collision/rsa-md5-collision
index 888bbed..d6c1d2d 100755
--- a/tests/rsa-md5-collision/rsa-md5-collision
+++ b/tests/rsa-md5-collision/rsa-md5-collision
@@ -26,22 +26,22 @@ srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 
 "${CERTTOOL}" --inder --certificate-info \
-  --infile "${srcdir}/MD5CollisionCA.cer" > ca.pem
+	--infile "${srcdir}/MD5CollisionCA.cer" > ca.pem
 "${CERTTOOL}" --inder --certificate-info \
-  --infile "${srcdir}/TargetCollidingCertificate1.cer" > client1.pem
+	--infile "${srcdir}/TargetCollidingCertificate1.cer" > client1.pem
 "${CERTTOOL}" --inder --certificate-info \
-  --infile "${srcdir}/TargetCollidingCertificate2.cer" > client2.pem
+	--infile "${srcdir}/TargetCollidingCertificate2.cer" > client2.pem
 
 cat client1.pem ca.pem > chain1.pem
 cat client2.pem ca.pem > chain2.pem
 
 "${CERTTOOL}" --verify-chain < chain1.pem | \
-  grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
+	grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
 "${CERTTOOL}" --verify-chain < chain2.pem | \
-  grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
+	grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
 
 rm -f ca.pem client1.pem client2.pem \
-  chain1.pem chain2.pem \
+	chain1.pem chain2.pem
 
 # We're done.
 exit 0
diff --git a/tests/sha2/sha2 b/tests/sha2/sha2
index 02b1778..8b77ea4 100755
--- a/tests/sha2/sha2
+++ b/tests/sha2/sha2
@@ -26,67 +26,67 @@ srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 
 echo ca > template-sha2
-echo cn = "SHA 512 CA" >> template-sha2
+echo "cn = SHA 512 CA" >> template-sha2
 
 "${CERTTOOL}" -d 2 --generate-self-signed --template template-sha2 \
-  --load-privkey "${srcdir}/key-ca.pem" \
-  --outfile new-ca.pem \
-  --hash sha512 >out 2>&1
+	--load-privkey "${srcdir}/key-ca.pem" \
+	--outfile new-ca.pem \
+	--hash sha512 >out 2>&1
 
-if [ $? != 0 ];then
-  cat out
-  exit 1
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
 echo ca > template-sha2
-echo cn = "SHA 384 sub-CA" >> template-sha2
+echo "cn = SHA 384 sub-CA" >> template-sha2
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \
-  --load-ca-privkey "${srcdir}/key-ca.pem" \
-  --load-ca-certificate new-ca.pem \
-  --load-privkey "${srcdir}/key-subca.pem" \
-  --outfile new-subca.pem \
-  --hash sha384 >out 2>&1
-
-if [ $? != 0 ];then
-  cat out
-  exit 1
+	--load-ca-privkey "${srcdir}/key-ca.pem" \
+	--load-ca-certificate new-ca.pem \
+	--load-privkey "${srcdir}/key-subca.pem" \
+	--outfile new-subca.pem \
+	--hash sha384 >out 2>&1
+
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
 echo ca > template-sha2
-echo cn = "SHA 256 sub-sub-CA" >> template-sha2
+echo "cn = SHA 256 sub-sub-CA" >> template-sha2
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \
-  --load-ca-privkey "${srcdir}/key-subca.pem" \
-  --load-ca-certificate new-subca.pem \
-  --load-privkey "${srcdir}/key-subsubca.pem" \
-  --outfile new-subsubca.pem \
-  --hash sha256 >out 2>&1
-
-if [ $? != 0 ];then
-  cat out
-  exit 1
+	--load-ca-privkey "${srcdir}/key-subca.pem" \
+	--load-ca-certificate new-subca.pem \
+	--load-privkey "${srcdir}/key-subsubca.pem" \
+	--outfile new-subsubca.pem \
+	--hash sha256 >out 2>&1
+
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
-echo cn = "End-user" > template-sha2
+echo "cn = End-user" > template-sha2
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \
-  --load-ca-privkey "${srcdir}/key-subsubca.pem" \
-  --load-ca-certificate new-subsubca.pem \
-  --load-privkey "${srcdir}/key-user.pem" \
-  --outfile new-user.pem >out 2>&1
-
-if [ $? != 0 ];then
-  cat out
-  exit 1
+	--load-ca-privkey "${srcdir}/key-subsubca.pem" \
+	--load-ca-certificate new-subsubca.pem \
+	--load-privkey "${srcdir}/key-user.pem" \
+	--outfile new-user.pem >out 2>&1
+
+if [ $? != 0 ]; then
+	cat out
+	exit 1
 fi
 
 num=`cat new-user.pem new-subsubca.pem new-subca.pem new-ca.pem | "${CERTTOOL}" --verify-chain | tee verify-sha2 | grep -c Verified`
 #cat verify
 
 if test "${num}" != "4"; then
-  echo Verification failure
-  exit 1
+	echo Verification failure
+	exit 1
 fi
 
 rm -f verify-sha2 new-user.pem new-subsubca.pem new-subca.pem new-ca.pem template-sha2 out
diff --git a/tests/sha2/sha2-dsa b/tests/sha2/sha2-dsa
index 623c621..b2b673f 100755
--- a/tests/sha2/sha2-dsa
+++ b/tests/sha2/sha2-dsa
@@ -26,52 +26,52 @@ srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 
 echo ca > template-dsa
-echo cn = "SHA 256 CA" >> template-dsa
+echo "cn = SHA 256 CA" >> template-dsa
 
 "${CERTTOOL}" -d 2 --generate-self-signed --template template-dsa \
-  --load-privkey "${srcdir}/key-ca-dsa.pem" \
-  --outfile new-ca-dsa.pem \
-  --hash sha256 >out-dsa 2>&1
+	--load-privkey "${srcdir}/key-ca-dsa.pem" \
+	--outfile new-ca-dsa.pem \
+	--hash sha256 >out-dsa 2>&1
 
-if [ $? != 0 ];then
-  cat out-dsa
-  exit 1
+if [ $? != 0 ]; then
+	cat out-dsa
+	exit 1
 fi
 
 echo ca > template-dsa
-echo cn = "SHA 224 Mid CA" >> template-dsa
+echo "cn = SHA 224 Mid CA" >> template-dsa
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \
-  --load-ca-privkey "${srcdir}/key-ca-dsa.pem" \
-  --load-ca-certificate new-ca-dsa.pem \
-  --load-privkey "${srcdir}/key-subca-dsa.pem" \
-  --outfile new-subca-dsa.pem \
-  --hash sha224 >out-dsa 2>&1
-
-if [ $? != 0 ];then
-  cat out-dsa
-  exit 1
+	--load-ca-privkey "${srcdir}/key-ca-dsa.pem" \
+	--load-ca-certificate new-ca-dsa.pem \
+	--load-privkey "${srcdir}/key-subca-dsa.pem" \
+	--outfile new-subca-dsa.pem \
+	--hash sha224 >out-dsa 2>&1
+
+if [ $? != 0 ]; then
+	cat out-dsa
+	exit 1
 fi
 
-echo cn = "End-user" > template-dsa
+echo "cn = End-user" > template-dsa
 
 "${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \
-  --load-ca-privkey "${srcdir}/key-subca-dsa.pem" \
-  --load-ca-certificate new-subca-dsa.pem \
-  --load-privkey "${srcdir}/key-dsa.pem" \
-  --outfile new-user-dsa.pem >out-dsa 2>&1
-
-if [ $? != 0 ];then
-  cat out-dsa
-  exit 1
+	--load-ca-privkey "${srcdir}/key-subca-dsa.pem" \
+	--load-ca-certificate new-subca-dsa.pem \
+	--load-privkey "${srcdir}/key-dsa.pem" \
+	--outfile new-user-dsa.pem >out-dsa 2>&1
+
+if [ $? != 0 ]; then
+	cat out-dsa
+	exit 1
 fi
 
 cat new-user-dsa.pem new-subca-dsa.pem new-ca-dsa.pem > out-dsa
 "${CERTTOOL}" --verify-chain <out-dsa > verify-dsa
 
-if [ $? != 0 ];then
-  cat verify-dsa
-  exit 1
+if [ $? != 0 ]; then
+	cat verify-dsa
+	exit 1
 fi
 
 rm -f verify-dsa new-user-dsa.pem new-ca-dsa.pem new-subca-dsa.pem template-dsa out-dsa
diff --git a/tests/slow/override-ciphers b/tests/slow/override-ciphers
index aa1e7ad..83a282a 100755
--- a/tests/slow/override-ciphers
+++ b/tests/slow/override-ciphers
@@ -21,38 +21,38 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 unset RETCODE
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 GNUTLS_NO_EXPLICIT_INIT=1 ${VALGRIND} ./cipher-override
-if test $? != 0;then
-  echo "overriden cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "overriden cipher tests failed"
+	exit 1
 fi
 
 ${VALGRIND} ./cipher-override
-if test $? != 0;then
-  echo "overriden cipher tests 2 failed"
-  exit 1
+if test $? != 0; then
+	echo "overriden cipher tests 2 failed"
+	exit 1
 fi
 
 ${VALGRIND} ./cipher-override2
-if test $? != 0;then
-  echo "overriden cipher tests 3 failed"
-  exit 1
+if test $? != 0; then
+	echo "overriden cipher tests 3 failed"
+	exit 1
 fi
 
 GNUTLS_NO_EXPLICIT_INIT=1 ${VALGRIND} ./mac-override
-if test $? != 0;then
-  echo "overriden mac tests failed"
-  exit 1
+if test $? != 0; then
+	echo "overriden mac tests failed"
+	exit 1
 fi
 
 ${VALGRIND} ./mac-override
-if test $? != 0;then
-  echo "overriden mac tests 2 failed"
-  exit 1
+if test $? != 0; then
+	echo "overriden mac tests 2 failed"
+	exit 1
 fi
 
 exit 0
diff --git a/tests/slow/test-ciphers b/tests/slow/test-ciphers
index 0b66bb1..fc21a8b 100755
--- a/tests/slow/test-ciphers
+++ b/tests/slow/test-ciphers
@@ -21,56 +21,56 @@
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 unset RETCODE
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 ./cipher-test
-if test $? != 0;then
-  echo "default cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "default cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x1 ./cipher-test
-if test $? != 0;then
-  echo "included cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "included cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x2 ./cipher-test
-if test $? != 0;then
-  echo "AESNI cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "AESNI cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x4 ./cipher-test
-if test $? != 0;then
-  echo "SSSE3 cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "SSSE3 cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x8 ./cipher-test
-if test $? != 0;then
-  echo "PCLMUL cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "PCLMUL cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x100000 ./cipher-test
-if test $? != 0;then
-  echo "padlock cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "padlock cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x200000 ./cipher-test
-if test $? != 0;then
-  echo "padlock PHE cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "padlock PHE cipher tests failed"
+	exit 1
 fi
 
 GNUTLS_CPUID_OVERRIDE=0x400000 ./cipher-test
-if test $? != 0;then
-  echo "padlock PHE SHA512 cipher tests failed"
-  exit 1
+if test $? != 0; then
+	echo "padlock PHE SHA512 cipher tests failed"
+	exit 1
 fi
 
 exit 0
diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh
index 53f6087..9ae68a1 100755
--- a/tests/suite/certs/create-chain.sh
+++ b/tests/suite/certs/create-chain.sh
@@ -6,9 +6,9 @@ TEMPLATE=tmpl
 
 NUM="$1"
 
-if test "${NUM}" = "";then
-  echo "usage: $0 number"
-  exit 1
+if test "${NUM}" = ""; then
+	echo "usage: $0 number"
+	exit 1
 fi
 
 LAST=`expr ${NUM} - 1`
@@ -18,75 +18,73 @@ mkdir -p "${OUTPUT}"
 
 counter=0
 while test ${counter} -lt ${NUM}; do
-  if test ${counter} = ${LAST};then
-    name="server-${counter}"
-  else
-    name="CA-${counter}"
-  fi
-  serial="${counter}"
+	if test ${counter} = ${LAST}; then
+		name="server-${counter}"
+	else
+		name="CA-${counter}"
+	fi
+	serial="${counter}"
 
-  
-  "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
-  if test ${counter} = 0;then
-  # ROOT CA
-    echo "cn = ${name}" >"${TEMPLATE}"
-    echo "serial = ${serial}" >>"${TEMPLATE}"
-    echo "ca" >>"${TEMPLATE}"
-    echo "expiration_days = -1" >>"${TEMPLATE}"
-    echo "cert_signing_key" >>"${TEMPLATE}"
-    echo "ocsp_signing_key" >>"${TEMPLATE}"
-    echo "crl_signing_key" >>"${TEMPLATE}"
-    "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
-      "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+	"${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
+	if test ${counter} = 0; then
+	# ROOT CA
+		echo "cn = ${name}" >"${TEMPLATE}"
+		echo "serial = ${serial}" >>"${TEMPLATE}"
+		echo "ca" >>"${TEMPLATE}"
+		echo "expiration_days = -1" >>"${TEMPLATE}"
+		echo "cert_signing_key" >>"${TEMPLATE}"
+		echo "ocsp_signing_key" >>"${TEMPLATE}"
+		echo "crl_signing_key" >>"${TEMPLATE}"
+		"${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
+			"${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
 
-    echo "serial = ${serial}" >"${TEMPLATE}"
-    echo "expiration_days = -1" >>"${TEMPLATE}"
-    "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
-      "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
-  else
-    if test ${counter} = ${LAST};then
-    # END certificate
-      echo "cn = ${name}" >"${TEMPLATE}"
-      echo "dns_name = localhost" >>"${TEMPLATE}"
-      echo "expiration_days = -1" >>"${TEMPLATE}"
-      echo "signing_key" >>"${TEMPLATE}"
-      echo "encryption_key" >>"${TEMPLATE}"
-      echo "ocsp_signing_key" >>"${TEMPLATE}"
-      "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
-        --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
-        --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
-        --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
-    else
-    # intermediate CA
-      echo "cn = ${name}" >"${TEMPLATE}"
-      echo "serial = ${serial}" >>"${TEMPLATE}"
-      echo "ca" >>"${TEMPLATE}"
-      echo "expiration_days = -1" >>"${TEMPLATE}"
-      echo "ocsp_signing_key" >>"${TEMPLATE}"
-      echo "cert_signing_key" >>"${TEMPLATE}"
-      echo "signing_key" >>"${TEMPLATE}"
-      "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
-        --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
-        --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
-        --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
-    fi
-  fi
+		echo "serial = ${serial}" >"${TEMPLATE}"
+		echo "expiration_days = -1" >>"${TEMPLATE}"
+		"${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
+			"${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
+	else
+		if test ${counter} = ${LAST}; then
+		# END certificate
+			echo "cn = ${name}" >"${TEMPLATE}"
+			echo "dns_name = localhost" >>"${TEMPLATE}"
+			echo "expiration_days = -1" >>"${TEMPLATE}"
+			echo "signing_key" >>"${TEMPLATE}"
+			echo "encryption_key" >>"${TEMPLATE}"
+			echo "ocsp_signing_key" >>"${TEMPLATE}"
+			"${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+				--load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+				--load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+				--outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+		else
+		# intermediate CA
+			echo "cn = ${name}" >"${TEMPLATE}"
+			echo "serial = ${serial}" >>"${TEMPLATE}"
+			echo "ca" >>"${TEMPLATE}"
+			echo "expiration_days = -1" >>"${TEMPLATE}"
+			echo "ocsp_signing_key" >>"${TEMPLATE}"
+			echo "cert_signing_key" >>"${TEMPLATE}"
+			echo "signing_key" >>"${TEMPLATE}"
+			"${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+				--load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+				--load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+				--outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+		fi
+	fi
 
 
-  counter=`expr ${counter} + 1`
-  prev_name=${name}
+	counter=`expr ${counter} + 1`
+	prev_name=${name}
 done
 
 counter=`expr ${NUM} - 1`
 while test ${counter} -ge 0; do
-  if test ${counter} = ${LAST};then
-    name="server-${counter}"
-  else
-    name="CA-${counter}"
-  fi
+	if test ${counter} = ${LAST}; then
+		name="server-${counter}"
+	else
+		name="CA-${counter}"
+	fi
 
-  cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
-  
-  counter=`expr ${counter} - 1`
-done
+	cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
 
+	counter=`expr ${counter} - 1`
+done
diff --git a/tests/suite/chain b/tests/suite/chain
index 4f00320..f67ad16 100755
--- a/tests/suite/chain
+++ b/tests/suite/chain
@@ -34,39 +34,39 @@ RET=0
 
 i=1
 while test -d X509tests/test${i}; do
-  find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem  2>/dev/null
-  find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
-  if test "${i}" -gt 1; then
-    find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
-  fi
-  find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
-  "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
-  rc=$?
-  if test $rc != 0 && test $rc != 1; then
-    echo "Chain ${i} FATAL failure."
-    RET=1
-  else
-    if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
-        echo "Chain ${i} verification was skipped due to known bug."
-    elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
-      if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
-        echo "Chain ${i} verification failure UNEXPECTED."
-        RET=1
-      else
-        echo "Chain ${i} verification success as expected."
-      fi
-    elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
-      if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
-        echo "Chain ${i} verification failure as expected."
-      else
-        echo "Chain ${i} verification success UNEXPECTED. "
-        RET=1
-      fi
-    else
-      echo "Chain ${i} unclassified."
-    fi
-  fi
-  i=`expr ${i} + 1`
+	find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem  2>/dev/null
+	find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+	if test "${i}" -gt 1; then
+		find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+	fi
+	find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+	"${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
+	rc=$?
+	if test $rc != 0 && test $rc != 1; then
+		echo "Chain ${i} FATAL failure."
+		RET=1
+	else
+		if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
+				echo "Chain ${i} verification was skipped due to known bug."
+		elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
+			if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+				echo "Chain ${i} verification failure UNEXPECTED."
+				RET=1
+			else
+				echo "Chain ${i} verification success as expected."
+			fi
+		elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
+			if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+				echo "Chain ${i} verification failure as expected."
+			else
+				echo "Chain ${i} verification success UNEXPECTED. "
+				RET=1
+			fi
+		else
+			echo "Chain ${i} unclassified."
+		fi
+	fi
+	i=`expr ${i} + 1`
 done
 rm -f out
 
diff --git a/tests/suite/crl-test b/tests/suite/crl-test
index 228f74e..3a03c81 100755
--- a/tests/suite/crl-test
+++ b/tests/suite/crl-test
@@ -23,8 +23,8 @@
 srcdir="${srcdir:-.}"
 DIFF="${DIFF:-diff}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 rm -f tmp-long.pem
@@ -33,16 +33,16 @@ rc=$?
 
 # We're done.
 if test "${rc}" != "0"; then
-  echo "CRL decoding failed 1!"
-  exit ${rc}
+	echo "CRL decoding failed 1!"
+	exit ${rc}
 fi
 
 ${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem
 rc=$?
 
 if test "${rc}" != "0"; then
-  echo "CRL decoding failed 2!"
-  exit ${rc}
+	echo "CRL decoding failed 2!"
+	exit ${rc}
 fi
 
 rm -f tmp-long.pem
diff --git a/tests/suite/eagain b/tests/suite/eagain
index d05bab9..42bb991 100755
--- a/tests/suite/eagain
+++ b/tests/suite/eagain
@@ -26,18 +26,18 @@ PORT="${PORT:-5445}"
 
 
 $SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
-pid=$!
+PID=$!
 
 sleep 2
 
 ./eagain-cli
-if [ $? != 0 ];then
-  exit 1
+if [ $? != 0 ]; then
+	exit 1
 fi
 
-if [ "$pid" != "" ];then
-  kill $pid
-  wait
+if [ "${PID}" != "" ]; then
+	kill ${PID}
+	wait
 fi
 
 exit 0
diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert
index a9e1f5e..00bf1e4 100755
--- a/tests/suite/invalid-cert
+++ b/tests/suite/invalid-cert
@@ -22,8 +22,8 @@
 
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 ${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null
@@ -31,7 +31,7 @@ rc=$?
 
 # We're done.
 if test "${rc}" != "1"; then
-  exit ${rc}
+	exit ${rc}
 fi
 
 exit 0
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index bac6026..c463895 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -11,9 +11,9 @@
 # Redistribution and use in source and binary forms, with or without modification,
 # are permitted provided that the following conditions are met:
 #
-# 1. Redistributions of source code must retain the above copyright notice, this 
+# 1. Redistributions of source code must retain the above copyright notice, this
 # list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# 2. Redistributions in binary form must reproduce the above copyright notice,
 # this list of conditions and the following disclaimer in the documentation and/or
 # other materials provided with the distribution.
 # 3. Neither the name of the copyright holder nor the names of its contributors may
@@ -23,7 +23,7 @@
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
 # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
@@ -33,13 +33,13 @@
 srcdir="${srcdir:-.}"
 CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 unset RETCODE
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
-if test "${WINDIR}" != "";then
-  exit 77
-fi 
+if test "${WINDIR}" != ""; then
+	exit 77
+fi
 
 . "${srcdir}/../scripts/common.sh"
 
@@ -48,16 +48,16 @@ PORT="${PORT:-${RPORT}}"
 SERV=openssl
 OPENSSL_CLI="openssl"
 
-if test -f /etc/debian_version;then
-  DEBIAN=1
+if test -f /etc/debian_version; then
+	DEBIAN=1
 fi
 
 echo "Compatibility checks using "`${SERV} version`
 ${SERV} version|grep -e 1\.0 >/dev/null 2>&1
 SV=$?
-if test ${SV} != 0;then
-  echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
-  exit 77
+if test ${SV} != 0; then
+	echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
+	exit 77
 fi
 
 ${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1
@@ -69,283 +69,283 @@ echo "#################################################"
 echo "# Client mode tests (gnutls cli-openssl server) #"
 echo "#################################################"
 
-for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-do
-  if ! test -z "${ADD}";then
-    echo ""
-    echo "** Modifier: ${ADD}"
-  fi
-
-  if test "${DEBIAN}" != 1;then
-
-    # It seems debian disabled SSL 3.0 completely on openssl
-
-    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
-    PID=$!
-    wait_server ${PID}
-
-    # Test SSL 3.0 with RSA ciphersuite
-    echo "Checking SSL 3.0 with RSA..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    # Test SSL 3.0 with DHE-RSA ciphersuite
-    echo "Checking SSL 3.0 with DHE-RSA..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    # Test SSL 3.0 with DHE-DSS ciphersuite
-    echo "Checking SSL 3.0 with DHE-DSS..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-
-    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 &
-    PID=$!
-    wait_server ${PID}
-
-    echo "Checking SSL 3.0 with RSA-RC4-MD5..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-  fi
-
-  if test "${FIPS}" != 1;then
-    #-cipher RSA-NULL
-    launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
-    PID=$!
-    wait_server ${PID}
-
-    # Test TLS 1.0 with RSA-NULL ciphersuite
-    echo "Checking TLS 1.0 with RSA-NULL..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-  fi
-
-  #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA 
-  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
-  PID=$!
-  wait_server ${PID}
-
-  # Test TLS 1.0 with RSA ciphersuite
-  echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  # Test TLS 1.0 with DHE-RSA ciphersuite
-  echo "Checking TLS 1.0 with DHE-RSA..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  # Test TLS 1.0 with DHE-RSA ciphersuite
-  echo "Checking TLS 1.0 with ECDHE-RSA..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  # Test TLS 1.0 with DHE-DSS ciphersuite
-  echo "Checking TLS 1.0 with DHE-DSS..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  if test "${FIPS}" != 1;then
-
-    #-cipher ECDHE-ECDSA-AES128-SHA
-    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
-    PID=$!
-    wait_server ${PID}
-
-    # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-    echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-  fi
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
-  PID=$!
-  wait_server ${PID}
-
-  # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-  echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  if test "${FIPS}" != 1;then
-    #-cipher ECDHE-ECDSA-AES128-SHA
-    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
-    PID=$!
-    wait_server ${PID}
-
-    # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-    echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-  fi
-
-  #-cipher PSK
-  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
-  PID=$!
-  wait_server ${PID}
-
-  echo "Checking TLS 1.0 with PSK..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  if test ${SV2} = 0;then
-    # Tests requiring openssl 1.0.1 - TLS 1.2
-    #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA 
-    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
-    PID=$!
-    wait_server ${PID}
-
-    echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    echo "Checking TLS 1.2 with DHE-RSA..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    echo "Checking TLS 1.2 with ECDHE-RSA..."
-    "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    echo "Checking TLS 1.2 with DHE-DSS..."
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-
-    if test "${FIPS}" != 1;then
-      #-cipher ECDHE-ECDSA-AES128-SHA
-      launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
-      PID=$!
-      wait_server ${PID}
-
-      echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
-      ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
-        fail ${PID} "Failed"
-
-      kill ${PID}
-      wait
-    fi
-
-    #-cipher ECDHE-ECDSA-AES128-SHA
-    launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
-    PID=$!
-    wait_server ${PID}
-
-    echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
-    ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-
-    if test "${FIPS}" != 1;then
-      #-cipher ECDHE-ECDSA-AES128-SHA
-      launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
-      PID=$!
-      wait_server ${PID}
-
-      echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
-      ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
-        fail ${PID} "Failed"
-
-      kill ${PID}
-      wait
-    fi #FIPS
-  fi #SV2
-
-  #-cipher PSK
-  launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem  -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
-  PID=$!
-  wait_server ${PID}
-
-  echo "Checking TLS 1.2 with PSK..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  # Test DTLS 1.0 with RSA ciphersuite
-  echo "Checking DTLS 1.0 with RSA..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
-  PID=$!
-  wait_server ${PID}
-
-  # Test DTLS 1.0 with DHE-RSA ciphersuite
-  echo "Checking DTLS 1.0 with DHE-RSA..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
-  PID=$!
-  wait_server ${PID}
-
-  # Test DTLS 1.0 with DHE-DSS ciphersuite
-  echo "Checking DTLS 1.0 with DHE-DSS..."
-  ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-    fail ${PID} "Failed"
+for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+	if ! test -z "${ADD}"; then
+		echo ""
+		echo "** Modifier: ${ADD}"
+	fi
+
+	if test "${DEBIAN}" != 1; then
+
+		# It seems debian disabled SSL 3.0 completely on openssl
 
-  kill ${PID}
-  wait
+		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		# Test SSL 3.0 with RSA ciphersuite
+		echo "Checking SSL 3.0 with RSA..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		# Test SSL 3.0 with DHE-RSA ciphersuite
+		echo "Checking SSL 3.0 with DHE-RSA..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		# Test SSL 3.0 with DHE-DSS ciphersuite
+		echo "Checking SSL 3.0 with DHE-DSS..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+
+		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 &
+		PID=$!
+		wait_server ${PID}
+
+		echo "Checking SSL 3.0 with RSA-RC4-MD5..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	if test "${FIPS}" != 1; then
+		#-cipher RSA-NULL
+		launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		# Test TLS 1.0 with RSA-NULL ciphersuite
+		echo "Checking TLS 1.0 with RSA-NULL..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+	launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	# Test TLS 1.0 with RSA ciphersuite
+	echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	# Test TLS 1.0 with DHE-RSA ciphersuite
+	echo "Checking TLS 1.0 with DHE-RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	# Test TLS 1.0 with DHE-RSA ciphersuite
+	echo "Checking TLS 1.0 with ECDHE-RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	# Test TLS 1.0 with DHE-DSS ciphersuite
+	echo "Checking TLS 1.0 with DHE-DSS..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${FIPS}" != 1; then
+
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+		echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+	echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${FIPS}" != 1; then
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+		echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	#-cipher PSK
+	launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+	PID=$!
+	wait_server ${PID}
+
+	echo "Checking TLS 1.0 with PSK..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test ${SV2} = 0; then
+		# Tests requiring openssl 1.0.1 - TLS 1.2
+		#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		echo "Checking TLS 1.2 with DHE-RSA..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		echo "Checking TLS 1.2 with ECDHE-RSA..."
+		"${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		echo "Checking TLS 1.2 with DHE-DSS..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+
+		if test "${FIPS}" != 1; then
+			#-cipher ECDHE-ECDSA-AES128-SHA
+			launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+			PID=$!
+			wait_server ${PID}
+
+			echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+				fail ${PID} "Failed"
+
+			kill ${PID}
+			wait
+		fi
+
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+
+		if test "${FIPS}" != 1; then
+			#-cipher ECDHE-ECDSA-AES128-SHA
+			launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+			PID=$!
+			wait_server ${PID}
+
+			echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+				fail ${PID} "Failed"
+
+			kill ${PID}
+			wait
+		fi #FIPS
+	fi #SV2
+
+	#-cipher PSK
+	launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+	PID=$!
+	wait_server ${PID}
+
+	echo "Checking TLS 1.2 with PSK..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	# Test DTLS 1.0 with RSA ciphersuite
+	echo "Checking DTLS 1.0 with RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	# Test DTLS 1.0 with DHE-RSA ciphersuite
+	echo "Checking DTLS 1.0 with DHE-RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	# Test DTLS 1.0 with DHE-DSS ciphersuite
+	echo "Checking DTLS 1.0 with DHE-DSS..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
 done
 
 echo "Client mode tests were successfully completed"
@@ -357,296 +357,319 @@ SERV="../../src/gnutls-serv${EXEEXT} -q"
 
 # Note that openssl s_client does not return error code on failure
 
-for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-do
-  if ! test -z "${ADD}";then
-    echo ""
-    echo "** Modifier: ${ADD}"
-  fi
-
-  if test "${DEBIAN}" != 1;then
-
-    echo "Check SSL 3.0 with RSA ciphersuite"
-    launch_server $$  --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
-    wait_server ${PID}
-
-    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
-
-    echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
-    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
+for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do
+	if ! test -z "${ADD}"; then
+		echo ""
+		echo "** Modifier: ${ADD}"
+	fi
 
-    echo "Check SSL 3.0 with DHE-RSA ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+	if test "${DEBIAN}" != 1; then
 
-    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		echo "Check SSL 3.0 with RSA ciphersuite"
+		launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+		PID=$!
+		wait_server ${PID}
 
-    kill ${PID}
-    wait
+		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    echo "Check SSL 3.0 with DHE-DSS ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+		echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
+		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		kill ${PID}
+		wait
 
+		echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+		PID=$!
+		wait_server ${PID}
 
-    kill ${PID}
-    wait
-  fi
+		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-  #TLS 1.0
+		kill ${PID}
+		wait
 
-  # This test was disabled because it doesn't work as expected with openssl 1.0.0d
-  #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
-  #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
-  #wait_server ${PID}
-  #
-  #${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-  #  fail ${PID} "Failed"
-  #
-  #kill ${PID}
-  #wait
+		echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+		PID=$!
+		wait_server ${PID}
 
-  if test "${FIPS}" != 1;then
-    echo "Check TLS 1.0 with RSA-NULL ciphersuite"
-    launch_server $$  --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+		${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
-  fi
+		kill ${PID}
+		wait
+	fi
 
-  echo "Check TLS 1.0 with DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
+	#TLS 1.0
 
-  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	# This test was disabled because it doesn't work as expected with openssl 1.0.0d
+	#echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+	#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+	#PID=$!
+	#wait_server ${PID}
+	#
+	#${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	#	fail ${PID} "Failed"
+	#
+	#kill ${PID}
+	#wait
 
-  kill ${PID}
-  wait
+	if test "${FIPS}" != 1; then
+		echo "Check TLS 1.0 with RSA-NULL ciphersuite"
+		launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+		PID=$!
+		wait_server ${PID}
+
+		${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with DHE-DSS ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
+		kill ${PID}
+		wait
+	fi
 
-  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+	PID=$!
+	wait_server ${PID}
 
-  kill ${PID}
-  wait
+	${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
+	kill ${PID}
+	wait
 
-  #-cipher ECDHE-RSA-AES128-SHA 
-  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+	PID=$!
+	wait_server ${PID}
 
-  kill ${PID}
-  wait
+	${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  if test "${FIPS}" != 1;then
-    echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-    wait_server ${PID}
+	kill ${PID}
+	wait
 
-    #-cipher ECDHE-ECDSA-AES128-SHA 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+	echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-    kill ${PID}
-    wait
-  fi
+	#-cipher ECDHE-RSA-AES128-SHA
+	${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
+	kill ${PID}
+	wait
 
-  #-cipher ECDHE-ECDSA-AES128-SHA 
-  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	if test "${FIPS}" != 1; then
+		echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
 
-  kill ${PID}
-  wait
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
+		kill ${PID}
+		wait
+	fi
 
-  #-cipher ECDHE-ECDSA-AES128-SHA 
-  ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  kill ${PID}
-  wait
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  if test "${FIPS}" != 1;then
-    echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-    wait_server ${PID}
+	kill ${PID}
+	wait
 
-    #-cipher ECDHE-ECDSA-AES128-SHA 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+	echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-    kill ${PID}
-    wait
-  fi
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${FIPS}" != 1; then
+		echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
 
-  echo "Check TLS 1.0 with PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
+	echo "Check TLS 1.0 with PSK ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  #-cipher PSK-AES128-SHA 
-  ${OPENSSL_CLI}  s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
-    fail ${PID} "Failed"
+	#-cipher PSK-AES128-SHA
+	${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+		fail ${PID} "Failed"
 
-  kill ${PID}
-  wait
+	kill ${PID}
+	wait
 
-  if test ${SV2} = 0;then
+	if test ${SV2} = 0; then
 
-    echo "Check TLS 1.2 with DHE-RSA ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+		echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+		PID=$!
+		wait_server ${PID}
 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
 
-    echo "Check TLS 1.2 with DHE-DSS ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+		echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+		PID=$!
+		wait_server ${PID}
 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
 
-    echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-    wait_server ${PID}
+		echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+		PID=$!
+		wait_server ${PID}
 
-    #-cipher ECDHE-RSA-AES128-SHA 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		#-cipher ECDHE-RSA-AES128-SHA
+		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
 
-    if test "${FIPS}" != 1;then
-      echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-      launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-      wait_server ${PID}
+		if test "${FIPS}" != 1; then
+			echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+			launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+			PID=$!
+			wait_server ${PID}
 
-      #-cipher ECDHE-ECDSA-AES128-SHA 
-      ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-        fail ${PID} "Failed"
+			#-cipher ECDHE-ECDSA-AES128-SHA
+			${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+				fail ${PID} "Failed"
 
-      kill ${PID}
-      wait
-    fi
+			kill ${PID}
+			wait
+		fi
 
-    echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-    wait_server ${PID}
+		echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
 
-    #-cipher ECDHE-ECDSA-AES128-SHA 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
 
-    echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-    wait_server ${PID}
+		echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
 
-    #-cipher ECDHE-ECDSA-AES128-SHA 
-    ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-      fail ${PID} "Failed"
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
 
-    if test "${FIPS}" != 1;then
-      echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-      launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-      wait_server ${PID}
+		if test "${FIPS}" != 1; then
+			echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+			launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+			PID=$!
+			wait_server ${PID}
 
-      #-cipher ECDHE-ECDSA-AES128-SHA 
-      ${OPENSSL_CLI} s_client  -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-        fail ${PID} "Failed"
+			#-cipher ECDHE-ECDSA-AES128-SHA
+			${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+				fail ${PID} "Failed"
 
-      kill ${PID}
-      wait
-    fi
+			kill ${PID}
+			wait
+		fi
 
-    echo "Check TLS 1.2 with PSK ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-    wait_server ${PID}
+		echo "Check TLS 1.2 with PSK ciphersuite"
+		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+		PID=$!
+		wait_server ${PID}
 
-    #-cipher PSK-AES128-SHA 
-    ${OPENSSL_CLI}  s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
-      fail ${PID} "Failed"
+		#-cipher PSK-AES128-SHA
+		${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
 
-  fi #SV2
+	fi #SV2
 
-  # DTLS
-  echo "Check DTLS 1.0 with RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
+	# DTLS
+	echo "Check DTLS 1.0 with RSA ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+	PID=$!
+	wait_server ${PID}
 
 
-  ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  kill ${PID}
-  wait
+	kill ${PID}
+	wait
 
 
-  echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
+	echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+	PID=$!
+	wait_server ${PID}
 
 
 
-  ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  kill ${PID}
-  wait
+	kill ${PID}
+	wait
 
 
-  echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
+	echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+	launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+	PID=$!
+	wait_server ${PID}
 
 
-  ${OPENSSL_CLI} s_client  -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-    fail ${PID} "Failed"
+	${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
 
-  kill ${PID}
-  wait
+	kill ${PID}
+	wait
 done
 
 exit 0
diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl
index 74261b0..bf49918 100755
--- a/tests/suite/testcompat-main-polarssl
+++ b/tests/suite/testcompat-main-polarssl
@@ -34,44 +34,44 @@ srcdir="${srcdir:-.}"
 CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 LOGFILE=polarssl.log
 unset RETCODE
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi
 
 . "${srcdir}/../scripts/common.sh"
 
 PORT="${PORT:-${RPORT}}"
 TXT=`"${CLI}" --priority NORMAL --list|grep SECP224`
-if test -z "${TXT}";then
-  ALL_CURVES=0
+if test -z "${TXT}"; then
+	ALL_CURVES=0
 else
-  ALL_CURVES=1
+	ALL_CURVES=1
 fi
 
 
 echo "Compatibility checks using polarssl"
 
 for POLARSSL_CLI in \
-    /usr/bin/polarssl_ssl_client2 \
-    /usr/bin/mbedtls_ssl_client2 \
-    /usr/libexec/mbedtls/ssl_client2 \
-    ""; do
-  test -x "${POLARSSL_CLI}" && break
+		/usr/bin/polarssl_ssl_client2 \
+		/usr/bin/mbedtls_ssl_client2 \
+		/usr/libexec/mbedtls/ssl_client2 \
+		""; do
+	test -x "${POLARSSL_CLI}" && break
 done
 
-if test -z "${POLARSSL_CLI}";then
-  echo "PolarSSL is required for this test to run"
-  exit 77
+if test -z "${POLARSSL_CLI}"; then
+	echo "PolarSSL is required for this test to run"
+	exit 77
 fi
 
 "${POLARSSL_CLI}" >/dev/null 2>&1
-if test $? = 0;then
-  echo "PolarSSL 1.3.x is required for the tests to run"
-  exit 77
+if test $? = 0; then
+	echo "PolarSSL 1.3.x is required for the tests to run"
+	exit 77
 fi
 
 
@@ -85,330 +85,358 @@ SERV="../../src/gnutls-serv${EXEEXT} -q"
 
 rm -f "${LOGFILE}"
 
-for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-do
-  if ! test -z "${ADD}";then
-    echo ""
-    echo "** Modifier: ${ADD}"
-  fi
+for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+	if ! test -z "${ADD}"; then
+		echo ""
+		echo "** Modifier: ${ADD}"
+	fi
 
-  # SSL 3.0 is disabled in debian's polarssl
-  if test 0 = 1;then
-    echo "Check SSL 3.0 with RSA ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+	# SSL 3.0 is disabled in debian's polarssl
+	if test 0 = 1; then
+		echo "Check SSL 3.0 with RSA ciphersuite"
+		launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+		PID=$!
+		wait_server ${PID}
 
-    "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-      fail ${PID} "Failed"
+		"${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+			fail ${PID} "Failed"
 
-    kill ${PID}
-    wait
+		kill ${PID}
+		wait
+
+		echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+		launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+		PID=$!
+		wait_server ${PID}
 
-    echo "Check SSL 3.0 with DHE-RSA ciphersuite"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    wait_server ${PID}
+		"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+			fail ${PID} "Failed"
 
-    "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-      fail ${PID} "Failed"
+		kill ${PID}
+		wait
 
-    kill ${PID}
-    wait
+		# No DSS for polarssl
+		#echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+		#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  &
+		#PID=$!
+		#wait_server ${PID}
+
+		#"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		#  fail ${PID} "Failed"
+		#
+		#kill ${PID}
+		#wait
+	fi
+
+	#TLS 1.0
+
+	echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+	PID=$!
+	wait_server ${PID}
 
-    # No DSS for polarssl
-    #echo "Check SSL 3.0 with DHE-DSS ciphersuite"
-    #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-    #wait_server ${PID}
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-    #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    #  fail ${PID} "Failed"
-    #
-    #kill ${PID}
-    #wait
-  fi
+	kill ${PID}
+	wait
+
+	#echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+	#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  &
+	#PID=$!
+	#wait_server ${PID}
+
+	#"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+	#  fail ${PID} "Failed"
+
+	#kill ${PID}
+	#wait
+
+	echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-RSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.0 with PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-  #TLS 1.0
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.0 with DHE-PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  echo "Check TLS 1.0 with DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
+	#-cipher PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  kill ${PID}
-  wait
+	#-cipher PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-  #echo "Check TLS 1.0 with DHE-DSS ciphersuite"
-  #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  #wait_server ${PID}
+	kill ${PID}
+	wait
 
-  #"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-  #  fail ${PID} "Failed"
+	echo "Check TLS 1.0 with RSA-PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  #kill ${PID}
-  #wait
+	#-cipher RSA-PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
+	kill ${PID}
+	wait
 
-  #-cipher ECDHE-RSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
+	if test ${ALL_CURVES} = 1; then
+		echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+		launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
 
-  kill ${PID}
-  wait
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+			fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
+		kill ${PID}
+		wait
+	fi
 
-  #-cipher PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
+	echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-  kill ${PID}
-  wait
+	kill ${PID}
+	wait
 
-  echo "Check TLS 1.0 with DHE-PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
+	echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+	PID=$!
+	wait_server ${PID}
+
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+	PID=$!
+	wait_server ${PID}
+
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+	PID=$!
+	wait_server ${PID}
+
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+	PID=$!
+	wait_server ${PID}
+
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  &
+	PID=$!
+	wait_server ${PID}
+
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	#echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+	#launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  &
+	#PID=$!
+	#wait_server ${PID}
+	#
+	#"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+	#  fail ${PID} "Failed"
+	#
+	#kill ${PID}
+	#wait
+
+	echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-RSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test ${ALL_CURVES} = 1; then
+		echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+		launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+		PID=$!
+		wait_server ${PID}
+
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  #-cipher PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with DHE-PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "Check TLS 1.2 with RSA-PSK ciphersuite"
+	launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+	PID=$!
+	wait_server ${PID}
 
-  kill ${PID}
-  wait
+	#-cipher RSA-PSK-AES128-SHA
+	"${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+		fail ${PID} "Failed"
 
-  echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.0 with RSA-PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher RSA-PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  if test ${ALL_CURVES} = 1;then
-    echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-    wait_server ${PID}
-
-    #-cipher ECDHE-ECDSA-AES128-SHA
-    "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-  fi
-
-  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
-
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
-
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
-
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
-
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  wait_server ${PID}
-
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  #echo "Check TLS 1.2 with DHE-DSS ciphersuite"
-  #launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"  & PID=$!
-  #wait_server ${PID}
-  #
-  #"${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-  #  fail ${PID} "Failed"
-  #
-  #kill ${PID}
-  #wait
-
-  echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-RSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  if test ${ALL_CURVES} = 1;then
-    echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-    launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-    wait_server ${PID}
-
-    #-cipher ECDHE-ECDSA-AES128-SHA
-    "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-      fail ${PID} "Failed"
-
-    kill ${PID}
-    wait
-  fi
-
-  echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher ECDHE-ECDSA-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with DHE-PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
-
-  echo "Check TLS 1.2 with RSA-PSK ciphersuite"
-  launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
-  wait_server ${PID}
-
-  #-cipher RSA-PSK-AES128-SHA
-  "${POLARSSL_CLI}"  server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
-    fail ${PID} "Failed"
-
-  kill ${PID}
-  wait
+	kill ${PID}
+	wait
 done
 
 rm -f "${LOGFILE}"
diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl
index 42b695d..d7f9cc0 100755
--- a/tests/suite/testcompat-openssl
+++ b/tests/suite/testcompat-openssl
@@ -32,16 +32,16 @@
 
 srcdir="${srcdir:-.}"
 
-if ! test -x /usr/bin/openssl;then
-  echo "You need openssl to run this test"
-  exit 77
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
 fi
 
 /usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0;then
-  export FIPS=1
+if test $? = 0; then
+	export FIPS=1
 else
-  export FIPS=0
+	export FIPS=0
 fi
 
 export TZ="UTC"
@@ -49,8 +49,8 @@ export TZ="UTC"
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
 if test "${TSTAMP}" != "1158969600"; then
-  echo "You need datefudge to run this test"
-  exit 77
+	echo "You need datefudge to run this test"
+	exit 77
 fi
 
 datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl"
diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl
index 41dd59f..c4dfb36 100755
--- a/tests/suite/testcompat-polarssl
+++ b/tests/suite/testcompat-polarssl
@@ -37,14 +37,14 @@ export TZ="UTC"
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
 if test "${TSTAMP}" != "1158969600"; then
-    echo "You need datefudge to run this test"
-    exit 77
+	echo "You need datefudge to run this test"
+	exit 77
 fi
 
 cat /proc/cpuinfo|grep "model name"|grep "VIA Esther" >/dev/null 2>&1
-if test $? = 0;then
-    echo "PolarSSL is broken on VIA processors"
-    exit 77
+if test $? = 0; then
+	echo "PolarSSL is broken on VIA processors"
+	exit 77
 fi
 
 datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl"
diff --git a/tests/suite/testdane b/tests/suite/testdane
index 2ec50dc..12d3ce1 100755
--- a/tests/suite/testdane
+++ b/tests/suite/testdane
@@ -24,8 +24,8 @@ unset RETCODE
 
 # Unfortunately it is extremely fragile and fails 99% of the
 # time.
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi
 
 . "${srcdir}/../scripts/common.sh"
@@ -37,30 +37,30 @@ echo "*** Testing good HTTPS hosts ***"
 # www.vulcano.cl dane.nox.su
 HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org"
 HOSTS="${HOSTS} nohats.ca"
-for host in ${HOSTS};do
-  echo -n "${host}: "
+for host in ${HOSTS}; do
+	echo -n "${host}: "
 
-  "${DANETOOL}" --check "${host}" >/dev/null 2>&1
-  if [ $? != 0 ];then
-    echo "Error checking ${host}"
-    exit 1
-  fi
-  echo "ok"
+	"${DANETOOL}" --check "${host}" >/dev/null 2>&1
+	if [ $? != 0 ]; then
+		echo "Error checking ${host}"
+		exit 1
+	fi
+	echo "ok"
 done
 
 echo ""
 echo "*** Testing good SMTP hosts ***"
 #HOSTS="dougbarton.us nlnetlabs.nl"
 HOSTS="nlnetlabs.nl"
-for host in ${HOSTS};do
-  echo -n "${host}: "
+for host in ${HOSTS}; do
+	echo -n "${host}: "
 
-  "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1
-  if [ $? != 0 ];then
-    echo "Error checking ${host}"
-    exit 1
-  fi
-  echo "ok"
+	"${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1
+	if [ $? != 0 ]; then
+		echo "Error checking ${host}"
+		exit 1
+	fi
+	echo "ok"
 done
 
 echo ""
@@ -69,14 +69,14 @@ echo "*** Testing bad HTTPS hosts ***"
 # used to work: dane-broken.rd.nic.fr
 HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com"
 HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com"
-for host in ${HOSTS};do
-  echo -n "${host}: "
-  "${DANETOOL}" --check "${host}" >/dev/null 2>&1
-  if [ $? = 0 ];then
-    echo "Checking ${host} should have failed"
-    exit 1
-  fi
-  echo "ok"
+for host in ${HOSTS}; do
+	echo -n "${host}: "
+	"${DANETOOL}" --check "${host}" >/dev/null 2>&1
+	if [ $? = 0 ]; then
+		echo "Checking ${host} should have failed"
+		exit 1
+	fi
+	echo "ok"
 done
 
 
diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11
index b301cc3..53ae752 100755
--- a/tests/suite/testpkcs11
+++ b/tests/suite/testpkcs11
@@ -26,15 +26,15 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
 CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 RETCODE=0
 
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
 fi
 
 TMPFILE="testpkcs11.debug"
 CERTTOOL_PARAM="--stdout-info"
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi 
 
 P11TOOL="${VALGRIND} ${P11TOOL} --batch"
@@ -46,11 +46,11 @@ PORT="${PORT:-${RPORT}}"
 rm -f "${TMPFILE}"
 
 exit_error () {
-  echo "Check ${TMPFILE} for additional debugging information"
-  echo ""
-  echo ""
-  tail "${TMPFILE}"
-  exit 1
+	echo "Check ${TMPFILE} for additional debugging information"
+	echo ""
+	echo ""
+	tail "${TMPFILE}"
+	exit 1
 }
 
 # $1: token
@@ -58,18 +58,18 @@ exit_error () {
 # $3: filename
 # ${srcdir}/pkcs11-certs/client.key
 write_privkey () {
-  export GNUTLS_PIN="$2"
-  filename="$3"
-  token="$1"
-
-  echo -n "* Writing a client private key... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	export GNUTLS_PIN="$2"
+	filename="$3"
+	token="$1"
+
+	echo -n "* Writing a client private key... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 
 }
 
@@ -77,18 +77,18 @@ write_privkey () {
 # $2: PIN
 # $3: filename
 write_serv_privkey () {
-  export GNUTLS_PIN="$2"
-  filename="$3"
-  token="$1"
-
-  echo -n "* Writing the server private key... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	export GNUTLS_PIN="$2"
+	filename="$3"
+	token="$1"
+
+	echo -n "* Writing the server private key... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 
 }
 
@@ -96,18 +96,18 @@ write_serv_privkey () {
 # $2: PIN
 # $3: filename
 write_serv_cert () {
-  export GNUTLS_PIN="$2"
-  filename="$3"
-  token="$1"
-
-  echo -n "* Writing the server certificate... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	export GNUTLS_PIN="$2"
+	filename="$3"
+	token="$1"
+
+	echo -n "* Writing the server certificate... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 
 }
 
@@ -115,48 +115,48 @@ write_serv_cert () {
 # $2: PIN
 # $3: bits
 generate_rsa_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  bits="$3"
-
-  echo -n "* Generating RSA private key ("${bits}")... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit 1
-  fi
+	export GNUTLS_PIN="$2"
+	token="$1"
+	bits="$3"
+
+	echo -n "* Generating RSA private key ("${bits}")... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit 1
+	fi
 }
 
 # $1: token
 # $2: PIN
 # $3: bits
 generate_temp_rsa_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  bits="$3"
-
-  echo -n "* Generating RSA private key ("${bits}")... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    RETCODE=0
-    echo ok
-  else
-    echo failed
-    RETCODE=1
-  fi
-
-#  if test ${RETCODE} = 0;then
+	export GNUTLS_PIN="$2"
+	token="$1"
+	bits="$3"
+
+	echo -n "* Generating RSA private key ("${bits}")... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		RETCODE=0
+		echo ok
+	else
+		echo failed
+		RETCODE=1
+	fi
+
+#  if test ${RETCODE} = 0; then
 #    echo -n "* Testing private key flags... "
 #    ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}"
-#    if test $? != 0;then
+#    if test $? != 0; then
 #      echo failed
 #      exit_error
 #    fi
 #
 #    grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1
-#    if test $? != 0;then
+#    if test $? != 0; then
 #      echo "failed (no CKA_WRAP)"
 #      exit_error
 #    else
@@ -168,116 +168,116 @@ generate_temp_rsa_privkey () {
 # $1: token
 # $2: PIN
 delete_temp_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  type="$3"
+	export GNUTLS_PIN="$2"
+	token="$1"
+	type="$3"
 
-  test "${RETCODE}" = "0" || return
+	test "${RETCODE}" = "0" || return
 
-  echo -n "* Deleting private key... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1
+	echo -n "* Deleting private key... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1
 
-  if test $? != 0;then
-    echo failed
-    RETCODE=1
-    return
-  fi
+	if test $? != 0; then
+		echo failed
+		RETCODE=1
+		return
+	fi
 
-  RETCODE=0
-  echo ok
+	RETCODE=0
+	echo ok
 }
 
 # $1: token
 # $2: PIN
 # $3: bits
 export_pubkey_of_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  bits="$3"
-
-  echo -n "* Exporting public key of generated private key... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo failed
-    exit 1
-  fi
-
-  ${DIFF} tmp-client.pub tmp-client-2.pub
-  if test $? != 0;then
-    echo keys differ
-    exit 1
-  fi
-
-  echo ok
+	export GNUTLS_PIN="$2"
+	token="$1"
+	bits="$3"
+
+	echo -n "* Exporting public key of generated private key... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo failed
+		exit 1
+	fi
+
+	${DIFF} tmp-client.pub tmp-client-2.pub
+	if test $? != 0; then
+		echo keys differ
+		exit 1
+	fi
+
+	echo ok
 }
 
 # $1: token
 # $2: PIN
 change_id_of_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-
-  echo -n "* Change the CKA_ID of generated private key... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo failed
-    exit_error
-  fi
-
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo "ID didn't change"
-    exit_error
-  fi
-
-  echo ok
+	export GNUTLS_PIN="$2"
+	token="$1"
+
+	echo -n "* Change the CKA_ID of generated private key... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo failed
+		exit_error
+	fi
+
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo "ID didn't change"
+		exit_error
+	fi
+
+	echo ok
 }
 
 # $1: token
 # $2: PIN
 change_label_of_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-
-  echo -n "* Change the CKA_LABEL of generated private key... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo failed
-    exit_error
-  fi
-
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo "label didn't change"
-    exit_error
-  fi
-
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo failed
-    exit_error
-  fi
-
-  echo ok
+	export GNUTLS_PIN="$2"
+	token="$1"
+
+	echo -n "* Change the CKA_LABEL of generated private key... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo failed
+		exit_error
+	fi
+
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo "label didn't change"
+		exit_error
+	fi
+
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo failed
+		exit_error
+	fi
+
+	echo ok
 }
 
 # $1: token
 # $2: PIN
 # $3: bits
 generate_temp_ecc_privkey () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  bits="$3"
-
-  echo -n "* Generating ECC private key (${bits})... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    RETCODE=0
-    echo ok
-  else
-    echo failed
-    RETCODE=1
-  fi
+	export GNUTLS_PIN="$2"
+	token="$1"
+	bits="$3"
+
+	echo -n "* Generating ECC private key (${bits})... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		RETCODE=0
+		echo ok
+	else
+		echo failed
+		RETCODE=1
+	fi
 }
 
 # $1: token
@@ -288,109 +288,109 @@ generate_temp_ecc_privkey () {
 # Tests writing a certificate which corresponds to the given key,
 # as well as the CA certificate, and tries to export them.
 write_certificate_test () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  cakey="$3"
-  cacert="$4"
-  pubkey="$5"
-
-  echo -n "* Generating client certificate... "
-  "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM}  --generate-certificate --load-ca-privkey "${cakey}"  --load-ca-certificate "${cacert}"  \
-  --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
-  --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1
-
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
-
-  echo -n "* Writing client certificate... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
-
-  echo -n "* Checking whether ID was correctly set... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo "ID was not set on copy"
-    exit_error
-  fi
-  echo ok
-
-  echo -n "* Writing certificate of client's CA... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
-  ret=$?
-  if test ${ret} != 0;then
-    ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
-    ret=$?
-  fi
-
-  if test ${ret} = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
-
-  echo -n "* Testing certificate flags... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}"
-  if test $? != 0;then
-    echo failed
-    exit_error
-  fi
-
-  grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo "failed (no CKA_TRUSTED)"
-    #exit_error
-  fi
-
-  grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1
-  if test $? != 0;then
-    echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
-    #exit_error
-  fi
-
-  echo ok
-
-
-  echo -n "* Trying to obtain back the cert... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1
-  ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt"
-  if test $? != 0;then
-    echo "failed. Exported certificate differs (crt1.tmp)!"
-    exit_error
-  fi
-  rm -f crt1.tmp
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
-
-  echo -n "* Trying to obtain the full chain... "
-  ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM}  -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1
-
-  cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM}  -i >crt2.tmp
-  ${DIFF} crt1.tmp crt2.tmp
-  if test $? != 0;then
-    echo "failed. Exported certificate chain differs!"
-    exit_error
-  fi
-  rm -f crt1.tmp crt2.tmp
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	export GNUTLS_PIN="$2"
+	token="$1"
+	cakey="$3"
+	cacert="$4"
+	pubkey="$5"
+
+	echo -n "* Generating client certificate... "
+	"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM}  --generate-certificate --load-ca-privkey "${cakey}"  --load-ca-certificate "${cacert}"  \
+	--template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
+	--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1
+
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
+
+	echo -n "* Writing client certificate... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
+
+	echo -n "* Checking whether ID was correctly set... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo "ID was not set on copy"
+		exit_error
+	fi
+	echo ok
+
+	echo -n "* Writing certificate of client's CA... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+	ret=$?
+	if test ${ret} != 0; then
+		${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+		ret=$?
+	fi
+
+	if test ${ret} = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
+
+	echo -n "* Testing certificate flags... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}"
+	if test $? != 0; then
+		echo failed
+		exit_error
+	fi
+
+	grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo "failed (no CKA_TRUSTED)"
+		#exit_error
+	fi
+
+	grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1
+	if test $? != 0; then
+		echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
+		#exit_error
+	fi
+
+	echo ok
+
+
+	echo -n "* Trying to obtain back the cert... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+	${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt"
+	if test $? != 0; then
+		echo "failed. Exported certificate differs (crt1.tmp)!"
+		exit_error
+	fi
+	rm -f crt1.tmp
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
+
+	echo -n "* Trying to obtain the full chain... "
+	${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM}  -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+
+	cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM}  -i >crt2.tmp
+	${DIFF} crt1.tmp crt2.tmp
+	if test $? != 0; then
+		echo "failed. Exported certificate chain differs!"
+		exit_error
+	fi
+	rm -f crt1.tmp crt2.tmp
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 }
 
 
@@ -402,39 +402,39 @@ write_certificate_test () {
 #
 # Tests using a certificate and key pair using gnutls-serv and gnutls-cli.
 use_certificate_test () {
-  export GNUTLS_PIN="$2"
-  token="$1"
-  certfile="$3"
-  keyfile="$4"
-  cafile="$5"
-  txt="$6"
-
-  echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
-  # start server
-  launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
-    --x509keyfile="$keyfile" --x509cafile="${cafile}" \
-    --require-client-cert >>"${TMPFILE}" 2>&1 &
-
-  PID=$!
-  wait_server ${PID}
-
-  # connect to server using SC
-  ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \
-    fail ${PID} "Connection should have failed!"
-
-  ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
-  --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
-    fail ${PID} "Connection (with files) should have succeeded!"
-
-  ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
-    --x509keyfile="${token};object=gnutls-client;object-type=private" \
-    --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
-    fail ${PID} "Connection (with SC) should have succeeded!"
-
-  kill ${PID}
-  wait
-
-  echo ok
+	export GNUTLS_PIN="$2"
+	token="$1"
+	certfile="$3"
+	keyfile="$4"
+	cafile="$5"
+	txt="$6"
+
+	echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
+	# start server
+	launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+		--x509keyfile="$keyfile" --x509cafile="${cafile}" \
+		--require-client-cert >>"${TMPFILE}" 2>&1 &
+
+	PID=$!
+	wait_server ${PID}
+
+	# connect to server using SC
+	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \
+		fail ${PID} "Connection should have failed!"
+
+	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
+	--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+		fail ${PID} "Connection (with files) should have succeeded!"
+
+	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
+		--x509keyfile="${token};object=gnutls-client;object-type=private" \
+		--x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+		fail ${PID} "Connection (with SC) should have succeeded!"
+
+	kill ${PID}
+	wait
+
+	echo ok
 }
 
 
@@ -445,15 +445,15 @@ echo "Testing PKCS11 support"
 
 type="$1"
 
-if test -z "${type}";then
-  echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
-  if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then
-    echo "assuming 'softhsm'"
-    echo ""
-    type=softhsm
-  else
-    exit 1
-  fi
+if test -z "${type}"; then
+	echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
+	if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util"; then
+		echo "assuming 'softhsm'"
+		echo ""
+		type=softhsm
+	else
+		exit 1
+	fi
 
 fi
 
@@ -468,9 +468,9 @@ init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
 TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
 
 echo "* Token: ${TOKEN}"
-if test "x${TOKEN}" = x;then
-  echo "Could not find generated token"
-  exit_error
+if test "x${TOKEN}" = x; then
+	echo "Could not find generated token"
+	exit_error
 fi
 
 #write a given privkey
@@ -499,8 +499,8 @@ use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;objec
 
 use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs"
 
-if test ${RETCODE} = 0;then
-  echo "* All smart cards tests succeeded"
+if test ${RETCODE} = 0; then
+	echo "* All smart cards tests succeeded"
 fi
 rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}"
 
diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15
index 59c535e..565282a 100644
--- a/tests/suite/testpkcs11.pkcs15
+++ b/tests/suite/testpkcs11.pkcs15
@@ -20,26 +20,26 @@
 
 
 init_card () {
-  PIN="$1"
-  PUK="$2"
+	PIN="$1"
+	PUK="$2"
 
-  echo -n "* Erasing smart card... "
-  pkcs15-init -E >"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    cat "${TMPFILE}"
-    exit_error
-  fi
+	echo -n "* Erasing smart card... "
+	pkcs15-init -E >"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		cat "${TMPFILE}"
+		exit_error
+	fi
 
-  echo -n "* Initializing smart card... "
-  pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    cat "${TMPFILE}"
-    exit_error
-  fi
+	echo -n "* Initializing smart card... "
+	pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		cat "${TMPFILE}"
+		exit_error
+	fi
 }
diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm
index 26ce485..f3eab68 100644
--- a/tests/suite/testpkcs11.sc-hsm
+++ b/tests/suite/testpkcs11.sc-hsm
@@ -20,31 +20,31 @@
 
 
 init_card () {
-  PIN="$1"
-  PUK=3537363231383830
-  export GNUTLS_SO_PIN="${PUK}"
+	PIN="$1"
+	PUK=3537363231383830
+	export GNUTLS_SO_PIN="${PUK}"
 
-  echo -n "* Erasing smart card... "
-  sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	echo -n "* Erasing smart card... "
+	sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 
-  echo -n "* Initializing smart card... "
-  TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
-  if test -z "${TOKEN}";then
-    echo "Could not find initialized card"
-    exit_error
-  fi
+	echo -n "* Initializing smart card... "
+	TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+	if test -z "${TOKEN}"; then
+		echo "Could not find initialized card"
+		exit_error
+	fi
 
-  ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 }
diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm
index b444e62..70badf1 100755
--- a/tests/suite/testpkcs11.softhsm
+++ b/tests/suite/testpkcs11.softhsm
@@ -18,57 +18,57 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-if test -f /usr/lib64/pkcs11/libsofthsm2.so;then
-  ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
+if test -f /usr/lib64/pkcs11/libsofthsm2.so; then
+	ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
 else
-  if test -f /usr/lib/softhsm/libsofthsm.so;then
-    ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
-  else
-    ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
-  fi
+	if test -f /usr/lib/softhsm/libsofthsm.so; then
+		ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
+	else
+		ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
+	fi
 fi
 
 init_card () {
-  PIN="$1"
-  PUK="$2"
+	PIN="$1"
+	PUK="$2"
 
-  if test -x "/usr/bin/softhsm2-util";then
-    export SOFTHSM2_CONF="softhsm-testpkcs11.config"
-    SOFTHSM_TOOL="/usr/bin/softhsm2-util"
-    ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1
-    if test $? = 0;then
-      echo "softhsm2-util 2.0.0b1 is broken"
-      exit 77
-    fi
-  fi
+	if test -x "/usr/bin/softhsm2-util"; then
+		export SOFTHSM2_CONF="softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+		${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1
+		if test $? = 0; then
+			echo "softhsm2-util 2.0.0b1 is broken"
+			exit 77
+		fi
+	fi
 
-  if test -x "/usr/bin/softhsm";then
-    export SOFTHSM_CONF="softhsm-testpkcs11.config"
-    SOFTHSM_TOOL="/usr/bin/softhsm"
-  fi
+	if test -x "/usr/bin/softhsm"; then
+		export SOFTHSM_CONF="softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/bin/softhsm"
+	fi
 
-  if test -z "${SOFTHSM_TOOL}";then
-    echo "Could not find softhsm(2) tool"
-    exit 77
-  fi
+	if test -z "${SOFTHSM_TOOL}"; then
+		echo "Could not find softhsm(2) tool"
+		exit 77
+	fi
 
-  if test -z "${SOFTHSM_CONF}";then
-    rm -rf ./softhsm-testpkcs11.db
-    mkdir -p ./softhsm-testpkcs11.db
-    echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
-    echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
-  else
-    rm -rf ./softhsm-testpkcs11.db
-    echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
-  fi
+	if test -z "${SOFTHSM_CONF}"; then
+		rm -rf ./softhsm-testpkcs11.db
+		mkdir -p ./softhsm-testpkcs11.db
+		echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+		echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
+	else
+		rm -rf ./softhsm-testpkcs11.db
+		echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
+	fi
 
 
-  echo -n "* Initializing smart card... "
-  ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
-  if test $? = 0;then
-    echo ok
-  else
-    echo failed
-    exit_error
-  fi
+	echo -n "* Initializing smart card... "
+	${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit_error
+	fi
 }
diff --git a/tests/suite/testrandom b/tests/suite/testrandom
index 894b2e9d..79b90d3 100755
--- a/tests/suite/testrandom
+++ b/tests/suite/testrandom
@@ -22,8 +22,8 @@
 
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
-  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
 fi
 
 counter=0
@@ -32,56 +32,53 @@ file=test.out
 counter=0
 
 echo "Testing verification with randomly generated certificates..."
-while [ ${counter} -lt 400 ]
-do
-  "${srcdir}/x509random.pl" > "${file}"
-  ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1
-  if test $? != 0;then
-    continue
-  fi
-
-  cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem"
-
-  ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1
-  ret=$?
-  if [ ${ret} != 1 ];then
-    echo "Succeeded verification with ${file}-chain.pem!"
-    exit 1
-  fi
-  rm -f "${file}.pem" "${file}-chain.pem"
-
-  counter=`expr ${counter} + 1`
+while [ ${counter} -lt 400 ]; do
+	"${srcdir}/x509random.pl" > "${file}"
+	${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1
+	if test $? != 0; then
+		continue
+	fi
+
+	cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem"
+
+	${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1
+	ret=$?
+	if [ ${ret} != 1 ]; then
+		echo "Succeeded verification with ${file}-chain.pem!"
+		exit 1
+	fi
+	rm -f "${file}.pem" "${file}-chain.pem"
+
+	counter=`expr ${counter} + 1`
 done
 
 
 echo "Testing with randomly generated certificates..."
-while [ ${counter} -lt 200 ]
-do
-  "${srcdir}/x509random.pl" > "${file}"
-  ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null
-  ret=$?
-  if [ ${ret} != 0 -a ${ret} != 1 ];then
-    echo "Unknown exit code with ${file}"
-    exit 1
-  fi
-
-  counter=`expr ${counter} + 1`
+while [ ${counter} -lt 200 ]; do
+	"${srcdir}/x509random.pl" > "${file}"
+	${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null
+	ret=$?
+	if [ ${ret} != 0 -a ${ret} != 1 ]; then
+		echo "Unknown exit code with ${file}"
+		exit 1
+	fi
+
+	counter=`expr ${counter} + 1`
 done
 
 counter=0
 
 echo "Testing with random ASN.1 data..."
-while [ ${counter} -lt 200 ]
-do
-  "${srcdir}/asn1random.pl" > "${file}"
-  ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null
-  ret=$?
-  if [ ${ret} != 0 -a ${ret} != 1 ];then
-    echo "Unknown exit code with ${file}"
-    exit 1
-  fi
-
-  counter=`expr ${counter} + 1`
+while [ ${counter} -lt 200 ]; do
+	"${srcdir}/asn1random.pl" > "${file}"
+	${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null
+	ret=$?
+	if [ ${ret} != 0 -a ${ret} != 1 ]; then
+		echo "Unknown exit code with ${file}"
+		exit 1
+	fi
+
+	counter=`expr ${counter} + 1`
 done
 
 rm -f "${file}"
diff --git a/tests/suite/testrng b/tests/suite/testrng
index 16fb4d5..c45c930 100755
--- a/tests/suite/testrng
+++ b/tests/suite/testrng
@@ -20,22 +20,22 @@
 
 srcdir="${srcdir:-.}"
 
-if ! test -x "/usr/bin/dieharder";then
-  exit 77
+if ! test -x "/usr/bin/dieharder"; then
+	exit 77
 fi
 
 VERSION=`dieharder -l|grep version|cut -d ' ' -f 6`
 
-if test "$1" = "full";then
-  OPTIONS="-a"
+if test "$1" = "full"; then
+	OPTIONS="-a"
 else
-  if test "${VERSION}" = "2.28.1";then
-    OPTIONS="-d 5"
-    OPTIONS2="-d 10"
-  else
-    OPTIONS="-d 202"
-    OPTIONS2="-d 10"
-  fi
+	if test "${VERSION}" = "2.28.1"; then
+		OPTIONS="-d 5"
+		OPTIONS2="-d 10"
+	else
+		OPTIONS="-d 202"
+		OPTIONS2="-d 10"
+	fi
 fi
 
 OUTFILE=rng.log
@@ -51,9 +51,9 @@ rm -f "${RNGFILE2}"
 
 RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1`
 
-if test -z "${RINPUTNO}";then
-  echo "Cannot determine dieharder option for raw file input, assuming 201"
-  RINPUTNO=201
+if test -z "${RINPUTNO}"; then
+	echo "Cannot determine dieharder option for raw file input, assuming 201"
+	RINPUTNO=201
 fi
 
 echo ""
@@ -64,31 +64,31 @@ echo "Testing nonce PRNG"
 cmp "${RNGFILE}" "${RNGFILE2}"  >/dev/null 2>&1
 ret=$?
 
-if test ${ret} = 0;then
-  echo "numbers are repeated in nonce!"
-  exit 1
+if test ${ret} = 0; then
+	echo "numbers are repeated in nonce!"
+	exit 1
 fi
 
 ./rng nonce 100000000 "${RNGFILE}"
 
 dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
-if ! test -z "${OPTIONS2}";then
-  dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}"; then
+	dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
 fi
 grep FAILED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "${ret}" = "0";then
-  echo "test failed for nonce"
-  exit 1
+if test "${ret}" = "0"; then
+	echo "test failed for nonce"
+	exit 1
 fi
 
 grep PASSED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "${ret}" != "0";then
-  echo "could not run dieharder test?"
-  exit 1
+if test "${ret}" != "0"; then
+	echo "could not run dieharder test?"
+	exit 1
 fi
 
 cat "${OUTFILE}"
@@ -101,32 +101,32 @@ echo "Testing key PRNG"
 cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1
 ret=$?
 
-if test ${ret} = 0;then
-  echo "numbers are repeated in nonce!"
-  exit 1
+if test ${ret} = 0; then
+	echo "numbers are repeated in nonce!"
+	exit 1
 fi
 
 ./rng key 100000000 "${RNGFILE}"
 
 dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
-if ! test -z "${OPTIONS2}";then
-  dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}"; then
+	dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
 fi
 grep FAILED "${OUTFILE}" >/dev/null 2>&1 
 ret=$?
 
 
-if test "${ret}" = "0";then
-  echo "test failed for key"
-  exit 1
+if test "${ret}" = "0"; then
+	echo "test failed for key"
+	exit 1
 fi
 
 grep PASSED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "${ret}" != "0";then
-  echo "could not run dieharder test?"
-  exit 1
+if test "${ret}" != "0"; then
+	echo "could not run dieharder test?"
+	exit 1
 fi
 
 cat "${OUTFILE}"
@@ -136,23 +136,23 @@ echo "Testing /dev/zero PRNG"
 dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1
 
 dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
-if ! test -z "${OPTIONS2}";then
-  dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}"; then
+	dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
 fi
 grep PASSED "${OUTFILE}" >/dev/null 2>&1 
 ret=$?
 
-if test "${ret}" = "0";then
-  echo "test succeeded for /dev/zero!!!"
-  exit 1
+if test "${ret}" = "0"; then
+	echo "test succeeded for /dev/zero!!!"
+	exit 1
 fi
 
 grep FAILED "${OUTFILE}" >/dev/null 2>&1
 ret=$?
 
-if test "${ret}" != "0";then
-  echo "could not run dieharder test?"
-  exit 1
+if test "${ret}" != "0"; then
+	echo "could not run dieharder test?"
+	exit 1
 fi
 
 cat "${OUTFILE}"
diff --git a/tests/suite/testsrn b/tests/suite/testsrn
index 783ed9d..3ea2c15 100755
--- a/tests/suite/testsrn
+++ b/tests/suite/testsrn
@@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
 CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
 unset RETCODE
 
-if test "${WINDIR}" != "";then
-  exit 77
+if test "${WINDIR}" != ""; then
+	exit 77
 fi 
 
 . "${srcdir}/../scripts/common.sh"
@@ -40,19 +40,19 @@ PID=$!
 wait_server ${PID}
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "0. Renegotiation should have succeeded!"
+	fail ${PID} "0. Renegotiation should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "1. Safe rehandshake should have succeeded!"
+	fail ${PID} "1. Safe rehandshake should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "2. Unsafe rehandshake should have succeeded!"
+	fail ${PID} "2. Unsafe rehandshake should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "3. Unsafe negotiation should have succeeded!"
+	fail ${PID} "3. Unsafe negotiation should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "4. Unsafe renegotiation should have failed!"
+	fail ${PID} "4. Unsafe renegotiation should have failed!"
 
 
 kill ${PID}
@@ -63,16 +63,16 @@ PID=$!
 wait_server ${PID}
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "5. Safe rehandshake should have succeeded!"
+	fail ${PID} "5. Safe rehandshake should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "6. Unsafe rehandshake should have succeeded!"
+	fail ${PID} "6. Unsafe rehandshake should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "7. Unsafe negotiation should have failed!"
+	fail ${PID} "7. Unsafe negotiation should have failed!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "8. Unsafe renegotiation should have failed!"
+	fail ${PID} "8. Unsafe renegotiation should have failed!"
 
 kill ${PID}
 wait
@@ -82,16 +82,16 @@ PID=$!
 wait_server ${PID}
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
-  fail ${PID} "9. Initial connection should have failed!"
+	fail ${PID} "9. Initial connection should have failed!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "10. Unsafe connection should have succeeded!"
+	fail ${PID} "10. Unsafe connection should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "11. Unsafe negotiation should have succeeded!"
+	fail ${PID} "11. Unsafe negotiation should have succeeded!"
 
 "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
-  fail ${PID} "12. Unsafe renegotiation should have succeeded!"
+	fail ${PID} "12. Unsafe renegotiation should have succeeded!"
 
 kill ${PID}
 wait
diff --git a/tests/userid/userid b/tests/userid/userid
index fbf97e7..b1c93fc 100755
--- a/tests/userid/userid
+++ b/tests/userid/userid
@@ -23,12 +23,12 @@
 srcdir="${srcdir:-.}"
 CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
 
-$CERTTOOL --certificate-info --infile "${srcdir}/userid.pem" >out 2>&1
+"${CERTTOOL}" --certificate-info --infile "${srcdir}/userid.pem" >out 2>&1
 RET=$?
-if [ ${RET} !=  0 ];then
-  echo "Error in userid:"
-  cat out
-  exit 1
+if [ ${RET} !=  0 ]; then
+	echo "Error in userid:"
+	cat out
+	exit 1
 fi
 
 rm -f out
-- 
2.3.6




More information about the Gnutls-devel mailing list