From 4f9be7d03f5f30c3d4a86fa2b941a61186469e62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 10 Oct 2006 09:24:07 +0000
Subject: [PATCH] Parameterise the invocation of hxtool, so we can make it run
 under TESTS_ENVIRONMENT. From Andrew Bartlett

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18388 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/test_chain.in       | 51 ++++++++++++++---------------
 lib/hx509/test_cms.in         | 60 ++++++++++++++++++-----------------
 lib/hx509/test_crypto.in      | 14 ++++----
 lib/hx509/test_nist.in        |  6 ++--
 lib/hx509/test_nist_cert.in   |  4 ++-
 lib/hx509/test_nist_pkcs12.in |  4 ++-
 lib/hx509/test_query.in       | 36 +++++++++++----------
 lib/hx509/test_req.in         | 10 +++---
 8 files changed, 100 insertions(+), 85 deletions(-)

diff --git a/lib/hx509/test_chain.in b/lib/hx509/test_chain.in
index 6018a272e..98b15c365 100644
--- a/lib/hx509/test_chain.in
+++ b/lib/hx509/test_chain.in
@@ -36,136 +36,137 @@
 
 srcdir="@srcdir@"
 
-if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
     exit 77
 fi
 
 echo "cert -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/test.crt \
 	chain:FILE:$srcdir/data/test.crt \
 	chain:FILE:$srcdir/data/ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "cert -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/test.crt \
 	chain:FILE:$srcdir/data/ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "cert -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/test.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "sub-cert -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/sub-cert.crt \
 	chain:FILE:$srcdir/data/ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
 
 echo "sub-cert -> sub-ca -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/sub-cert.crt \
 	chain:FILE:$srcdir/data/sub-ca.crt \
 	chain:FILE:$srcdir/data/ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "sub-cert -> sub-ca"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/sub-cert.crt \
 	anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
 
 echo "sub-cert -> sub-ca -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/sub-cert.crt \
 	chain:FILE:$srcdir/data/sub-ca.crt \
 	chain:FILE:$srcdir/data/ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "sub-cert -> sub-ca -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/sub-cert.crt \
 	chain:FILE:$srcdir/data/ca.crt \
 	chain:FILE:$srcdir/data/sub-ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "sub-cert -> sub-ca -> root"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
 	cert:FILE:$srcdir/data/sub-cert.crt \
 	chain:FILE:$srcdir/data/sub-ca.crt \
 	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "ocsp non-ca responder"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
 
 echo "ocsp ca responder"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
 
 echo "ocsp no-ca responder, missing cert"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
 
 echo "ocsp no-ca responder, missing cert, in pool"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
     chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
 
 echo "ocsp no-ca responder, keyHash"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der || exit 1
 
 echo "ocsp revoked cert"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/revoke.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
 
 for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
 	echo "ocsp print reply $a"
-	./hxtool ocsp-print \
+	${hxtool} ocsp-print \
 	    $srcdir/data/ocsp-resp2.der > /dev/null || exit 1
 done
 
 echo "crl non-revoked cert"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
 
 echo "crl revoked cert"
-./hxtool verify \
+${hxtool} verify \
     cert:FILE:$srcdir/data/revoke.crt \
     anchor:FILE:$srcdir/data/ca.crt \
     crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
 
 echo "proxy cert"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --allow-proxy-certificate \
     cert:FILE:$srcdir/data/proxy-test.crt \
     chain:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "proxy cert (negative)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     cert:FILE:$srcdir/data/proxy-test.crt \
     chain:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
 
 echo "proxy cert (level fail)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --allow-proxy-certificate \
     cert:FILE:$srcdir/data/proxy-level-test.crt \
     chain:FILE:$srcdir/data/proxy-test.crt \
@@ -173,21 +174,21 @@ echo "proxy cert (level fail)"
     anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
 
 echo "not a proxy cert"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --allow-proxy-certificate \
     cert:FILE:$srcdir/data/no-proxy-test.crt \
     chain:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
 
 echo "proxy cert (max level 10)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --allow-proxy-certificate \
     cert:FILE:$srcdir/data/proxy10-test.crt \
     chain:FILE:$srcdir/data/test.crt \
     anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
 
 echo "proxy cert (second level)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --allow-proxy-certificate \
     cert:FILE:$srcdir/data/proxy10-child-test.crt \
     chain:FILE:$srcdir/data/proxy10-test.crt \
diff --git a/lib/hx509/test_cms.in b/lib/hx509/test_cms.in
index 63ca2bd9f..187964c65 100644
--- a/lib/hx509/test_cms.in
+++ b/lib/hx509/test_cms.in
@@ -36,66 +36,68 @@
 
 srcdir="@srcdir@"
 
-if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
     exit 77
 fi
 
 echo "create signed data"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "verify signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	sd.data sd.data.out > /dev/null || exit 1
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "verify signed data (EE cert as anchor)"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/test.crt \
 	sd.data sd.data.out > /dev/null || exit 1
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "create signed data (password)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--pass=PASS:foobar \
 	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "verify signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	sd.data sd.data.out > /dev/null || exit 1
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "create signed data (combined)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test.combined.crt \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "verify signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	sd.data sd.data.out > /dev/null || exit 1
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "create signed data  (content info)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
 	--content-info \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "verify signed data (content info)"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	--content-info \
@@ -103,7 +105,7 @@ echo "verify signed data (content info)"
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "create signed data (p12)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--pass=PASS:foobar \
 	--certificate=PKCS12:$srcdir/data/test.p12 \
 	--signer=friendlyname-test \
@@ -111,7 +113,7 @@ echo "create signed data (p12)"
 	sd.data > /dev/null || exit 1
 
 echo "verify signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	--content-info \
@@ -119,7 +121,7 @@ echo "verify signed data"
 cmp "$srcdir/data/static-file" sd.data.out || exit 1
 
 echo "verify signed data (no attr)"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	--content-info \
@@ -127,7 +129,7 @@ echo "verify signed data (no attr)"
 cmp "$srcdir/data/static-file" sd.data.out || exit 1
 
 echo "verify failure signed data (no attr, no certs)"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	--content-info \
@@ -135,7 +137,7 @@ echo "verify failure signed data (no attr, no certs)"
 	sd.data.out > /dev/null 2>/dev/null && exit 1
 
 echo "verify signed data (no attr, no certs)"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	--certificate=FILE:$srcdir/data/test.crt \
@@ -145,19 +147,19 @@ echo "verify signed data (no attr, no certs)"
 cmp "$srcdir/data/static-file" sd.data.out || exit 1
 
 echo "create signed data (subcert, no certs)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "verify failure signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
 
 echo "verify success signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--certificate=FILE:$srcdir/data/sub-ca.crt \
 	--anchors=FILE:$srcdir/data/ca.crt \
@@ -165,7 +167,7 @@ echo "verify success signed data"
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "create signed data (subcert, certs)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
 	--pool=FILE:$srcdir/data/sub-ca.crt \
 	--anchors=FILE:$srcdir/data/ca.crt \
@@ -173,47 +175,47 @@ echo "create signed data (subcert, certs)"
 	sd.data > /dev/null || exit 1
 
 echo "verify success signed data"
-./hxtool cms-verify-sd \
+${hxtool} cms-verify-sd \
 	--missing-revoke \
 	--anchors=FILE:$srcdir/data/ca.crt \
 	sd.data sd.data.out > /dev/null || exit 1
 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
 
 echo "create signed data (sd cert)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "create signed data (ke cert)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null 2>/dev/null && exit 1
 
 echo "create signed data (sd + ke certs)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
 	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "create signed data (ke + sd certs)"
-./hxtool cms-create-sd \
+${hxtool} cms-create-sd \
 	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
 	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
 	"$srcdir/test_chain.in" \
 	sd.data > /dev/null || exit 1
 
 echo "envelope data (content-info)"
-./hxtool cms-envelope \
+${hxtool} cms-envelope \
 	--certificate=FILE:$srcdir/data/test.crt \
 	--content-info \
 	"$srcdir/data/static-file" \
 	ev.data > /dev/null || exit 1
 
 echo "unenvelope data (content-info)"
-./hxtool cms-unenvelope \
+${hxtool} cms-unenvelope \
 	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
 	--content-info \
 	ev.data ev.data.out \
@@ -224,14 +226,14 @@ for a in des-ede3 aes-128 aes-256; do
 
 	rm -f ev.data ev.data.out
 	echo "envelope data ($a)"
-	./hxtool cms-envelope \
+	${hxtool} cms-envelope \
 	        --encryption-type="$a-cbc" \
 		--certificate=FILE:$srcdir/data/test.crt \
 		"$srcdir/data/static-file" \
 		ev.data  || exit 1
 
 	echo "unenvelope data ($a)"
-	./hxtool cms-unenvelope \
+	${hxtool} cms-unenvelope \
 		--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
 		ev.data ev.data.out > /dev/null || exit 1
 	cmp "$srcdir/data/static-file" ev.data.out || exit 1
@@ -241,7 +243,7 @@ for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
     echo "static unenvelope data ($a)"
 
     rm -f ev.data.out
-    ./hxtool cms-unenvelope \
+    ${hxtool} cms-unenvelope \
 	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
 	--content-info \
 	"$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
diff --git a/lib/hx509/test_crypto.in b/lib/hx509/test_crypto.in
index e42c82127..ac85d6902 100644
--- a/lib/hx509/test_crypto.in
+++ b/lib/hx509/test_crypto.in
@@ -36,30 +36,32 @@
 
 srcdir="@srcdir@"
 
-if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
     exit 77
 fi
 
 echo "Bleichenbacher good cert (from eay)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --time=2006-09-25 \
     cert:FILE:$srcdir/data/bleichenbacher-good.pem \
     anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
 
 echo "Bleichenbacher bad cert (from eay)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --time=2006-09-25 \
     cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
     anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
 
 echo "Bleichenbacher good cert (from yutaka)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --time=2006-09-25 \
     cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
     anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
 
 echo "Bleichenbacher bad cert (from yutaka)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --time=2006-09-25 \
     cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
     anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
@@ -67,7 +69,7 @@ echo "Bleichenbacher bad cert (from yutaka)"
 # Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
 # Andrew Pyshkin <pychkine@cdc.informatik.tu-darmstadt.de>
 echo "Bleichenbacher bad cert (sf pad correct)"
-./hxtool verify --missing-revoke \
+${hxtool} verify --missing-revoke \
     --time=2006-09-25 \
     cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
     anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1
diff --git a/lib/hx509/test_nist.in b/lib/hx509/test_nist.in
index b04749e56..e6a507e93 100644
--- a/lib/hx509/test_nist.in
+++ b/lib/hx509/test_nist.in
@@ -37,7 +37,9 @@
 srcdir="@srcdir@"
 nistdir=/sources/pki/nist/PKITS_data
 
-if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
     exit 77
 fi
 
@@ -82,7 +84,7 @@ while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do
     args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
     args="$args cert:FILE:$nistdir/certs/$cert"
 
-    if ./hxtool verify $args > /dev/null; then
+    if ${hxtool} verify $args > /dev/null; then
 	if test "$verify" = "f"; then
 	    echo "verify passed on fail: $id $cert"
 	    exit 1
diff --git a/lib/hx509/test_nist_cert.in b/lib/hx509/test_nist_cert.in
index 63d734abd..b55f83ecd 100644
--- a/lib/hx509/test_nist_cert.in
+++ b/lib/hx509/test_nist_cert.in
@@ -39,7 +39,9 @@ nistdir=/sources/pki/nist/PKITS_data
 
 test -d "$nistdir" || exit 77
 
-if ./hxtool validate DIR:$nistdir/certs > /dev/null; then
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
+if ${hxtool} validate DIR:$nistdir/certs > /dev/null; then
    :
 else
    echo "validate failed"
diff --git a/lib/hx509/test_nist_pkcs12.in b/lib/hx509/test_nist_pkcs12.in
index 9a5da627c..452162f4a 100644
--- a/lib/hx509/test_nist_pkcs12.in
+++ b/lib/hx509/test_nist_pkcs12.in
@@ -42,11 +42,13 @@ echo "nist pkcs12 tests"
 
 test -d "$nistdir" || exit 77
 
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
 for a in $nistdir/*.p12 ; do
 
     echo -n .
 
-    if ./hxtool validate $pass PKCS12:$a > /dev/null; then
+    if ${hxtool} validate $pass PKCS12:$a > /dev/null; then
 	:
     else
 	echo "$a failed"
diff --git a/lib/hx509/test_query.in b/lib/hx509/test_query.in
index c96f9f809..4f25c8a81 100644
--- a/lib/hx509/test_query.in
+++ b/lib/hx509/test_query.in
@@ -36,98 +36,100 @@
 
 srcdir="@srcdir@"
 
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
 echo "try printing"
-./hxtool print \
+${hxtool} print \
 	--pass=PASS:foobar \
 	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
 
-./hxtool print \
+${hxtool} print \
 	--pass=PASS:foobar \
 	--info \
 	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is found (friendlyname)"
-./hxtool query \
+${hxtool} query \
 	--pass=PASS:foobar \
 	--friendlyname=friendlyname-test  \
 	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is not found  (friendlyname)"
-./hxtool query \
+${hxtool} query \
 	--pass=PASS:foobar \
 	--friendlyname=friendlyname-test-not  \
 	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
 
 echo "check for ca cert (friendlyname)"
-./hxtool query \
+${hxtool} query \
 	--pass=PASS:foobar \
 	--friendlyname=ca  \
 	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is not found (friendlyname)"
-./hxtool query \
+${hxtool} query \
 	--pass=PASS:foobar \
 	--friendlyname=friendlyname-test \
 	PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1
 
 echo "make sure entry is found (friendlyname|private key)"
-./hxtool query \
+${hxtool} query \
 	--pass=PASS:foobar \
 	--friendlyname=friendlyname-test  \
 	--private-key \
 	PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1
 
 echo "make sure entry is not found (friendlyname|private key)"
-./hxtool query \
+${hxtool} query \
 	--pass=PASS:foobar \
 	--friendlyname=ca  \
 	--private-key \
 	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
 
 echo "make sure entry is found (cert ds)"
-./hxtool query \
+${hxtool} query \
 	--digitalSignature \
 	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is found (cert ke)"
-./hxtool query \
+${hxtool} query \
 	--keyEncipherment \
 	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is found (cert ke + ds)"
-./hxtool query \
+${hxtool} query \
 	--digitalSignature \
 	--keyEncipherment \
 	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is found (cert-ds ds)"
-./hxtool query \
+${hxtool} query \
 	--digitalSignature \
 	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is not found (cert-ds ke)"
-./hxtool query \
+${hxtool} query \
 	--keyEncipherment \
 	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
 
 echo "make sure entry is not found (cert-ds ke + ds)"
-./hxtool query \
+${hxtool} query \
 	--digitalSignature \
 	--keyEncipherment \
 	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
 
 echo "make sure entry is not found (cert-ke ds)"
-./hxtool query \
+${hxtool} query \
 	--digitalSignature \
 	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
 
 echo "make sure entry is found (cert-ke ke)"
-./hxtool query \
+${hxtool} query \
 	--keyEncipherment \
 	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1
 
 echo "make sure entry is not found (cert-ke ke + ds)"
-./hxtool query \
+${hxtool} query \
 	--digitalSignature \
 	--keyEncipherment \
 	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
diff --git a/lib/hx509/test_req.in b/lib/hx509/test_req.in
index 3c331f913..1491f9df4 100644
--- a/lib/hx509/test_req.in
+++ b/lib/hx509/test_req.in
@@ -36,19 +36,21 @@
 
 srcdir="@srcdir@"
 
-if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+hxtool="${TESTS_ENVIRONMENT} ./hxtool"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
     exit 77
 fi
 
-./hxtool request-create \
+${hxtool} request-create \
 	 --subject="CN=Love,DC=it,DC=su,DC=se" \
 	 --key=$srcdir/data/key.der \
 	 request.out || exit 1
 
-./hxtool pkcs10-print \
+${hxtool} pkcs10-print \
 	 request.out > /dev/null || exit 1
 
-./hxtool request-create \
+${hxtool} request-create \
 	 --subject="CN=Love,DC=it,DC=su,DC=se" \
 	 --dnsname=nutcracker.it.su.se \
 	 --key=$srcdir/data/key.der \