@@ -24,130 +24,105 @@
 # One of these should == 1, depending on what type of ssl library
 # tls was compiled against. (RSA BSAFE SSL-C or OpenSSL).
 #
 set ::tcltest::testConstraints(rsabsafe) 0
 set ::tcltest::testConstraints(openssl) 1
+
+set ::EXPECTEDCIPHERS(rsabsafe) {
+    EDH-DSS-RC4-SHA
+    EDH-RSA-DES-CBC3-SHA
+    EDH-DSS-DES-CBC3-SHA
+    DES-CBC3-SHA
+    RC4-SHA
+    RC4-MD5
+    EDH-RSA-DES-CBC-SHA
+    EDH-DSS-DES-CBC-SHA
+    DES-CBC-SHA
+    EXP-EDH-DSS-DES-56-SHA
+    EXP-EDH-DSS-RC4-56-SHA
+    EXP-DES-56-SHA
+    EXP-RC4-56-SHA
+    EXP-EDH-RSA-DES-CBC-SHA
+    EXP-EDH-DSS-DES-CBC-SHA
+    EXP-DES-CBC-SHA
+    EXP-RC2-CBC-MD5
+    EXP-RC4-MD5
+}
+
+set ::EXPECTEDCIPHERS(openssl) {
+    AES128-SHA
+    AES256-SHA
+    DES-CBC-SHA
+    DES-CBC3-SHA
+    DHE-DSS-AES128-SHA
+    DHE-DSS-AES256-SHA
+    DHE-DSS-RC4-SHA
+    DHE-RSA-AES128-SHA
+    DHE-RSA-AES256-SHA
+    EDH-DSS-DES-CBC-SHA
+    EDH-DSS-DES-CBC3-SHA
+    EDH-RSA-DES-CBC-SHA
+    EDH-RSA-DES-CBC3-SHA
+    EXP-DES-CBC-SHA
+    EXP-EDH-DSS-DES-CBC-SHA
+    EXP-EDH-RSA-DES-CBC-SHA
+    EXP-RC2-CBC-MD5
+    EXP-RC4-MD5
+    EXP1024-DES-CBC-SHA
+    EXP1024-DHE-DSS-DES-CBC-SHA
+    EXP1024-DHE-DSS-RC4-SHA
+    EXP1024-RC2-CBC-MD5
+    EXP1024-RC4-MD5
+    EXP1024-RC4-SHA
+    IDEA-CBC-SHA
+    RC4-MD5
+    RC4-SHA
+}
+
+proc listcompare {wants haves} {
+    array set want {}
+    array set have {}
+    foreach item $wants { set want($item) 1 }
+    foreach item $haves { set have($item) 1 }
+    foreach item [lsort -dictionary [array names have]] {
+	if {[info exists want($item)]} {
+	    unset want($item) have($item)
+	}
+    }
+    if {[array size want] || [array size have]} {
+	return [list MISSING [array names want] UNEXPECTED [array names have]]
+    }
+}
 
 test ciphers-1.1 {Tls::ciphers for ssl3} {rsabsafe} {
     # This will fail if you compiled against OpenSSL.
     # Change the constraint setting above.
-    set result [join [eval tls::ciphers ssl3] \n ]
-} {EDH-DSS-RC4-SHA
-EDH-RSA-DES-CBC3-SHA
-EDH-DSS-DES-CBC3-SHA
-DES-CBC3-SHA
-RC4-SHA
-RC4-MD5
-EDH-RSA-DES-CBC-SHA
-EDH-DSS-DES-CBC-SHA
-DES-CBC-SHA
-EXP-EDH-DSS-DES-56-SHA
-EXP-EDH-DSS-RC4-56-SHA
-EXP-DES-56-SHA
-EXP-RC4-56-SHA
-EXP-EDH-RSA-DES-CBC-SHA
-EXP-EDH-DSS-DES-CBC-SHA
-EXP-DES-CBC-SHA
-EXP-RC2-CBC-MD5
-EXP-RC4-MD5}
+    listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers ssl3]
+} {}
 
 test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
     # This will fail if you compiled against OpenSSL.
     # Change the constraint setting above.
-    set result [join [eval tls::ciphers tls1] \n ]
-} {EDH-DSS-RC4-SHA
-EDH-RSA-DES-CBC3-SHA
-EDH-DSS-DES-CBC3-SHA
-DES-CBC3-SHA
-RC4-SHA
-RC4-MD5
-EDH-RSA-DES-CBC-SHA
-EDH-DSS-DES-CBC-SHA
-DES-CBC-SHA
-EXP-EDH-DSS-DES-56-SHA
-EXP-EDH-DSS-RC4-56-SHA
-EXP-DES-56-SHA
-EXP-RC4-56-SHA
-EXP-EDH-RSA-DES-CBC-SHA
-EXP-EDH-DSS-DES-CBC-SHA
-EXP-DES-CBC-SHA
-EXP-RC2-CBC-MD5
-EXP-RC4-MD5}
+    listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
+} {}
 
 test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
     # This will fail if you compiled against RSA bsafe or with a
     # different set of defines than the default.
     # Change the constraint setting above.
-    set result [join [lsort -dict [eval tls::ciphers ssl3]] \n ]
-} [join [lsort -dict {
-AES128-SHA
-AES256-SHA
-DES-CBC-SHA
-DES-CBC3-SHA
-DHE-DSS-AES128-SHA
-DHE-DSS-AES256-SHA
-DHE-DSS-RC4-SHA
-DHE-RSA-AES128-SHA
-DHE-RSA-AES256-SHA
-EDH-DSS-DES-CBC-SHA
-EDH-DSS-DES-CBC3-SHA
-EDH-RSA-DES-CBC-SHA
-EDH-RSA-DES-CBC3-SHA
-EXP-DES-CBC-SHA
-EXP-EDH-DSS-DES-CBC-SHA
-EXP-EDH-RSA-DES-CBC-SHA
-EXP-RC2-CBC-MD5
-EXP-RC4-MD5
-EXP1024-DES-CBC-SHA
-EXP1024-DHE-DSS-DES-CBC-SHA
-EXP1024-DHE-DSS-RC4-SHA
-EXP1024-RC2-CBC-MD5
-EXP1024-RC4-MD5
-EXP1024-RC4-SHA
-IDEA-CBC-SHA
-RC4-MD5
-RC4-SHA
-}] \n]
+    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
+} {}
 
 # This version of the test is correct for OpenSSL only.
 # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
 
 test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
     # This will fail if you compiled against RSA bsafe or with a
     # different set of defines than the default.
     # Change the constraint setting in all.tcl
-    set result [join [lsort -dict [eval tls::ciphers tls1]] \n ]
-} [join [lsort -dict {
-AES128-SHA
-AES256-SHA
-DES-CBC-SHA
-DES-CBC3-SHA
-DHE-DSS-AES128-SHA
-DHE-DSS-AES256-SHA
-DHE-DSS-RC4-SHA
-DHE-RSA-AES128-SHA
-DHE-RSA-AES256-SHA
-EDH-DSS-DES-CBC-SHA
-EDH-DSS-DES-CBC3-SHA
-EDH-RSA-DES-CBC-SHA
-EDH-RSA-DES-CBC3-SHA
-EXP-DES-CBC-SHA
-EXP-EDH-DSS-DES-CBC-SHA
-EXP-EDH-RSA-DES-CBC-SHA
-EXP-RC2-CBC-MD5
-EXP-RC4-MD5
-EXP1024-DES-CBC-SHA
-EXP1024-DHE-DSS-DES-CBC-SHA
-EXP1024-DHE-DSS-RC4-SHA
-EXP1024-RC2-CBC-MD5
-EXP1024-RC4-MD5
-EXP1024-RC4-SHA
-IDEA-CBC-SHA
-RC4-MD5
-RC4-SHA
-}] \n]
-
+    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
+} {}
 
 
 # cleanup
 ::tcltest::cleanupTests
 return