Use .cnf for config files, not .conf
authorRich Salz <rsalz@akamai.com>
Tue, 25 Feb 2020 18:25:13 +0000 (13:25 -0500)
committerTomas Mraz <tmraz@fedoraproject.org>
Fri, 6 Mar 2020 17:25:13 +0000 (18:25 +0100)
The default is openssl.cnf  The project seems to prefer xxx.conf these
days, but we should use the default convention.

Rename all foo.conf (except for Configurations) to foo.cnf

Fixes #11174

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)

95 files changed:
.gitignore
doc/man1/openssl-fipsinstall.pod
test/CAss.cnf
test/P1ss.cnf
test/P2ss.cnf
test/README.ssltest.md
test/Uss.cnf
test/build.info
test/ct/log_list.cnf [moved from test/ct/log_list.conf with 100% similarity]
test/default-and-fips.cnf
test/fips.cnf
test/provider_internal_test.cnf.in [moved from test/provider_internal_test.conf.in with 100% similarity]
test/recipes/02-test_internal_provider.t
test/recipes/03-test_fipsinstall.t
test/recipes/04-test_conf.t
test/recipes/04-test_conf_data/dollarid_off.cnf [moved from test/recipes/04-test_conf_data/dollarid_off.conf with 100% similarity]
test/recipes/04-test_conf_data/dollarid_on.cnf [moved from test/recipes/04-test_conf_data/dollarid_on.conf with 100% similarity]
test/recipes/30-test_evp.t
test/recipes/30-test_evp_fetch_prov.t
test/recipes/70-test_comp.t
test/recipes/70-test_sslmessages.t
test/recipes/70-test_sslversions.t
test/recipes/70-test_tls13kexmodes.t
test/recipes/70-test_tls13messages.t
test/recipes/70-test_tls13psk.t
test/recipes/80-test_ct.t
test/recipes/80-test_ssl_new.t
test/recipes/80-test_ssl_old.t
test/recipes/80-test_ssl_test_ctx.t
test/recipes/90-test_gost.t
test/recipes/90-test_gost_data/gost.cnf [moved from test/recipes/90-test_gost_data/gost.conf with 100% similarity]
test/recipes/90-test_includes_data/vms-includes.cnf
test/ssl-tests/01-simple.cnf [moved from test/ssl-tests/01-simple.conf with 100% similarity]
test/ssl-tests/01-simple.cnf.in [moved from test/ssl-tests/01-simple.conf.in with 100% similarity]
test/ssl-tests/02-protocol-version.cnf [moved from test/ssl-tests/02-protocol-version.conf with 100% similarity]
test/ssl-tests/02-protocol-version.cnf.in [moved from test/ssl-tests/02-protocol-version.conf.in with 100% similarity]
test/ssl-tests/03-custom_verify.cnf [moved from test/ssl-tests/03-custom_verify.conf with 100% similarity]
test/ssl-tests/03-custom_verify.cnf.in [moved from test/ssl-tests/03-custom_verify.conf.in with 100% similarity]
test/ssl-tests/04-client_auth.cnf [moved from test/ssl-tests/04-client_auth.conf with 100% similarity]
test/ssl-tests/04-client_auth.cnf.in [moved from test/ssl-tests/04-client_auth.conf.in with 100% similarity]
test/ssl-tests/05-sni.cnf [moved from test/ssl-tests/05-sni.conf with 100% similarity]
test/ssl-tests/05-sni.cnf.in [moved from test/ssl-tests/05-sni.conf.in with 100% similarity]
test/ssl-tests/06-sni-ticket.cnf [moved from test/ssl-tests/06-sni-ticket.conf with 100% similarity]
test/ssl-tests/06-sni-ticket.cnf.in [moved from test/ssl-tests/06-sni-ticket.conf.in with 100% similarity]
test/ssl-tests/07-dtls-protocol-version.cnf [moved from test/ssl-tests/07-dtls-protocol-version.conf with 100% similarity]
test/ssl-tests/07-dtls-protocol-version.cnf.in [moved from test/ssl-tests/07-dtls-protocol-version.conf.in with 100% similarity]
test/ssl-tests/08-npn.cnf [moved from test/ssl-tests/08-npn.conf with 100% similarity]
test/ssl-tests/08-npn.cnf.in [moved from test/ssl-tests/08-npn.conf.in with 100% similarity]
test/ssl-tests/09-alpn.cnf [moved from test/ssl-tests/09-alpn.conf with 100% similarity]
test/ssl-tests/09-alpn.cnf.in [moved from test/ssl-tests/09-alpn.conf.in with 100% similarity]
test/ssl-tests/10-resumption.cnf [moved from test/ssl-tests/10-resumption.conf with 100% similarity]
test/ssl-tests/10-resumption.cnf.in [moved from test/ssl-tests/10-resumption.conf.in with 100% similarity]
test/ssl-tests/11-dtls_resumption.cnf [moved from test/ssl-tests/11-dtls_resumption.conf with 100% similarity]
test/ssl-tests/11-dtls_resumption.cnf.in [moved from test/ssl-tests/11-dtls_resumption.conf.in with 100% similarity]
test/ssl-tests/12-ct.cnf [moved from test/ssl-tests/12-ct.conf with 100% similarity]
test/ssl-tests/12-ct.cnf.in [moved from test/ssl-tests/12-ct.conf.in with 100% similarity]
test/ssl-tests/13-fragmentation.cnf [moved from test/ssl-tests/13-fragmentation.conf with 100% similarity]
test/ssl-tests/13-fragmentation.cnf.in [moved from test/ssl-tests/13-fragmentation.conf.in with 100% similarity]
test/ssl-tests/14-curves.cnf [moved from test/ssl-tests/14-curves.conf with 100% similarity]
test/ssl-tests/14-curves.cnf.in [moved from test/ssl-tests/14-curves.conf.in with 100% similarity]
test/ssl-tests/15-certstatus.cnf [moved from test/ssl-tests/15-certstatus.conf with 100% similarity]
test/ssl-tests/15-certstatus.cnf.in [moved from test/ssl-tests/15-certstatus.conf.in with 100% similarity]
test/ssl-tests/16-dtls-certstatus.cnf [moved from test/ssl-tests/16-dtls-certstatus.conf with 100% similarity]
test/ssl-tests/16-dtls-certstatus.cnf.in [moved from test/ssl-tests/16-dtls-certstatus.conf.in with 100% similarity]
test/ssl-tests/17-renegotiate.cnf [moved from test/ssl-tests/17-renegotiate.conf with 100% similarity]
test/ssl-tests/17-renegotiate.cnf.in [moved from test/ssl-tests/17-renegotiate.conf.in with 100% similarity]
test/ssl-tests/18-dtls-renegotiate.cnf [moved from test/ssl-tests/18-dtls-renegotiate.conf with 100% similarity]
test/ssl-tests/18-dtls-renegotiate.cnf.in [moved from test/ssl-tests/18-dtls-renegotiate.conf.in with 100% similarity]
test/ssl-tests/19-mac-then-encrypt.cnf [moved from test/ssl-tests/19-mac-then-encrypt.conf with 100% similarity]
test/ssl-tests/19-mac-then-encrypt.cnf.in [moved from test/ssl-tests/19-mac-then-encrypt.conf.in with 100% similarity]
test/ssl-tests/20-cert-select.cnf [moved from test/ssl-tests/20-cert-select.conf with 100% similarity]
test/ssl-tests/20-cert-select.cnf.in [moved from test/ssl-tests/20-cert-select.conf.in with 100% similarity]
test/ssl-tests/21-key-update.cnf [moved from test/ssl-tests/21-key-update.conf with 100% similarity]
test/ssl-tests/21-key-update.cnf.in [moved from test/ssl-tests/21-key-update.conf.in with 100% similarity]
test/ssl-tests/22-compression.cnf [moved from test/ssl-tests/22-compression.conf with 100% similarity]
test/ssl-tests/22-compression.cnf.in [moved from test/ssl-tests/22-compression.conf.in with 100% similarity]
test/ssl-tests/23-srp.cnf [moved from test/ssl-tests/23-srp.conf with 100% similarity]
test/ssl-tests/23-srp.cnf.in [moved from test/ssl-tests/23-srp.conf.in with 100% similarity]
test/ssl-tests/24-padding.cnf [moved from test/ssl-tests/24-padding.conf with 100% similarity]
test/ssl-tests/24-padding.cnf.in [moved from test/ssl-tests/24-padding.conf.in with 100% similarity]
test/ssl-tests/25-cipher.cnf [moved from test/ssl-tests/25-cipher.conf with 100% similarity]
test/ssl-tests/25-cipher.cnf.in [moved from test/ssl-tests/25-cipher.conf.in with 100% similarity]
test/ssl-tests/26-tls13_client_auth.cnf [moved from test/ssl-tests/26-tls13_client_auth.conf with 100% similarity]
test/ssl-tests/26-tls13_client_auth.cnf.in [moved from test/ssl-tests/26-tls13_client_auth.conf.in with 99% similarity]
test/ssl-tests/27-ticket-appdata.cnf [moved from test/ssl-tests/27-ticket-appdata.conf with 100% similarity]
test/ssl-tests/27-ticket-appdata.cnf.in [moved from test/ssl-tests/27-ticket-appdata.conf.in with 100% similarity]
test/ssl-tests/28-seclevel.cnf [moved from test/ssl-tests/28-seclevel.conf with 100% similarity]
test/ssl-tests/28-seclevel.cnf.in [moved from test/ssl-tests/28-seclevel.conf.in with 100% similarity]
test/ssl-tests/29-dtls-sctp-label-bug.cnf [moved from test/ssl-tests/29-dtls-sctp-label-bug.conf with 100% similarity]
test/ssl-tests/29-dtls-sctp-label-bug.cnf.in [moved from test/ssl-tests/29-dtls-sctp-label-bug.conf.in with 100% similarity]
test/ssl-tests/30-extended-master-secret.cnf [moved from test/ssl-tests/30-extended-master-secret.conf with 100% similarity]
test/ssl-tests/30-extended-master-secret.cnf.in [moved from test/ssl-tests/30-extended-master-secret.conf.in with 100% similarity]
test/ssl_test_ctx_test.c
test/ssl_test_ctx_test.cnf [moved from test/ssl_test_ctx_test.conf with 100% similarity]
util/fix-includes

index 3b1a455..f51ccce 100644 (file)
@@ -96,9 +96,9 @@ doc/man1/openssl-x509.pod
 /test/confdump
 /test/bio_prefix_text
 # Other generated files in test/
-/test/provider_internal_test.conf
-/test/fipsinstall.conf
-/providers/fipsinstall.conf
+/test/provider_internal_test.cnf
+/test/fipsinstall.cnf
+/providers/fipsinstall.cnf
 
 # Certain files that get created by tests on the fly
 /test-runs
index 7cad609..9c7c856 100644 (file)
@@ -128,21 +128,21 @@ values that can be used.
 =head1 EXAMPLES
 
 Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
-for the module, and save the F<fips.conf> configuration file:
+for the module, and save the F<fips.cnf> configuration file:
 
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
          -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213
 
-Verify that the configuration file F<fips.conf> contains the correct info:
+Verify that the configuration file F<fips.cnf> contains the correct info:
 
- openssl fipsinstall -module ./fips.so -in fips.conf  -provider_name fips \
+ openssl fipsinstall -module ./fips.so -in fips.cnf  -provider_name fips \
           -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \
           -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify
 
 Corrupt any self tests which have the description 'SHA1':
 
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
          -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
          -corrupt_desc', 'SHA1'
index 8ca62b5..d63f856 100644 (file)
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 ####################################################################
 [ req ]
index 03f3cdb..69baaaf 100644 (file)
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 ####################################################################
 [ req ]
index 5adaecc..8d4f3c8 100644 (file)
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 ####################################################################
 [ req ]
index 30360f7..6fc7301 100644 (file)
@@ -2,7 +2,7 @@
 
 SSL testcases are configured in the `ssl-tests` directory.
 
-Each `ssl_*.conf.in` file contains a number of test configurations. These files
+Each `ssl_*.cnf.in` file contains a number of test configurations. These files
 are used to generate testcases in the OpenSSL CONF format.
 
 The precise test output can be dependent on the library configuration. The test
@@ -10,9 +10,9 @@ harness generates the output files on the fly.
 
 However, for verification, we also include checked-in configuration outputs
 corresponding to the default configuration. These testcases live in
-`test/ssl-tests/*.conf` files.
+`test/ssl-tests/*.cnf` files.
 
-For more details, see `ssl-tests/01-simple.conf.in` for an example.
+For more details, see `ssl-tests/01-simple.cnf.in` for an example.
 
 ## Configuring the test
 
@@ -219,24 +219,24 @@ client => {
 ## Adding a test to the test harness
 
 1. Add a new test configuration to `test/ssl-tests`, following the examples of
-   existing `*.conf.in` files (for example, `01-simple.conf.in`).
+   existing `*.cnf.in` files (for example, `01-simple.cnf.in`).
 
-2. Generate the generated `*.conf` test input file. You can do so by running
+2. Generate the generated `*.cnf` test input file. You can do so by running
    `generate_ssl_tests.pl`:
 
 ```
 $ ./config
 $ cd test
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \
-  > ssl-tests/my.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in \
+  > ssl-tests/my.cnf
 ```
 
-where `my.conf.in` is your test input file.
+where `my.cnf.in` is your test input file.
 
-For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
+For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do
 
 ```
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in > ssl-tests/01-simple.cnf
 ```
 
 Alternatively (hackish but simple), you can comment out
@@ -273,15 +273,15 @@ environment variable to point to the location of the certs. E.g., from the root
 OpenSSL directory, do
 
 ```
-$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
-  test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \
+  test/ssl-tests/01-simple.cnf
 ```
 
 or for shared builds
 
 ```
-$ CTLOG_FILE=test/ct/log_list.conf  TEST_CERTS_DIR=test/certs \
-  util/wrap.pl test/ssl_test test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf  TEST_CERTS_DIR=test/certs \
+  util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf
 ```
 
 Note that the test expectations sometimes depend on the Configure settings. For
@@ -293,7 +293,7 @@ The Perl test harness automatically generates expected outputs, so users who
 just run `make test` do not need any extra steps.
 
 However, when running a test manually, keep in mind that the repository version
-of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
+of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with
 the default Configure options. To run `ssl_test` manually from the command line
 in a build with a different configuration, you may need to generate the right
-`*.conf` file from the `*.conf.in` input first.
+`*.cnf` file from the `*.cnf.in` input first.
index 27517bd..95ffb67 100644 (file)
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 CN2 = Brother 2
 
index ea350e5..1573087 100644 (file)
@@ -716,8 +716,8 @@ IF[{- !$disabled{tests} -}]
     DEFINE[provider_test]=NO_PROVIDER_MODULE
     DEFINE[provider_internal_test]=NO_PROVIDER_MODULE
   ENDIF
-  DEPEND[]=provider_internal_test.conf
-  GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in
+  DEPEND[]=provider_internal_test.cnf
+  GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in
 
   PROGRAMS{noinst}=params_test
   SOURCE[params_test]=params_test.c
similarity index 100%
rename from test/ct/log_list.conf
rename to test/ct/log_list.cnf
index 6db1a94..03f5a83 100644 (file)
@@ -1,6 +1,6 @@
 openssl_conf = openssl_init
 
-.include fipsinstall.conf
+.include fipsinstall.cnf
 
 [openssl_init]
 providers = provider_sect
index d77d35b..32c18be 100644 (file)
@@ -1,6 +1,6 @@
 openssl_conf = openssl_init
 
-.include fipsinstall.conf
+.include fipsinstall.cnf
 
 [openssl_init]
 providers = provider_sect
index 615d17a..2b77d4b 100644 (file)
@@ -14,6 +14,6 @@ use OpenSSL::Test::Utils;
 setup("test_internal_provider");
 
 $ENV{OPENSSL_MODULES} = bldtop_dir("test");
-$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf");
+$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.cnf");
 
 simple_test("test_internal_provider", "provider_internal_test");
index 71e8db1..3be6346 100644 (file)
@@ -30,7 +30,7 @@ my $infile = bldtop_file('providers', platform->dso('fips'));
 $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
 
 # fail if no module name
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module',
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module',
              '-provider_name', 'fips',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install'])),
@@ -44,57 +44,57 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile,
    "fipsinstall verify fail");
 
 
-# output a fips.conf file containing mac data
-ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+# output a fips.cnf file containing mac data
+ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install'])),
    "fipsinstall");
 
-# verify the fips.conf file
-ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# verify the fips.cnf file
+ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-verify'])),
    "fipsinstall verify");
 
-# fail to verify the fips.conf file if a different key is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different key is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01',
              '-section_name', 'fips_install', '-verify'])),
    "fipsinstall verify fail bad key");
 
-# fail to verify the fips.conf file if a different mac digest is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different mac digest is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-verify'])),
    "fipsinstall verify fail incorrect digest");
 
 # corrupt the module hmac
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])),
    "fipsinstall fails when the module integrity is corrupted");
 
 # corrupt the first digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])),
    "fipsinstall fails when the digest result is corrupted");
 
 # corrupt another digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])),
    "fipsinstall fails when the digest result is corrupted");
 
 # corrupt DRBG
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),
index 9103cbc..92a570c 100644 (file)
@@ -16,8 +16,8 @@ use File::Compare qw(compare_text);
 setup('test_conf');
 
 my %input_result = (
-    'dollarid_on.conf'  => 'dollarid_on.txt',
-    'dollarid_off.conf' => 'dollarid_off.txt',
+    'dollarid_on.cnf'  => 'dollarid_on.txt',
+    'dollarid_off.cnf' => 'dollarid_off.txt',
 );
 
 plan skip_all => 'This is unsupported for cross compiled configurations'
index 575a471..9b940aa 100644 (file)
@@ -84,7 +84,7 @@ unless ($no_fips) {
     $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
 
     ok(run(app(['openssl', 'fipsinstall',
-                '-out', bldtop_file('providers', 'fipsinstall.conf'),
+                '-out', bldtop_file('providers', 'fipsinstall.cnf'),
                 '-module', $infile,
                 '-provider_name', 'fips', '-mac_name', 'HMAC',
                 '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
index ce7c834..8ffd2a5 100644 (file)
@@ -48,7 +48,7 @@ my @testdata = (
 unless ($no_fips) {
     push @setups, {
         cmd     => app(['openssl', 'fipsinstall',
-                        '-out', bldtop_file('providers', 'fipsinstall.conf'),
+                        '-out', bldtop_file('providers', 'fipsinstall.cnf'),
                         '-module', bldtop_file('providers', platform->dso('fips')),
                         '-provider_name', 'fips', '-mac_name', 'HMAC',
                         '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
index 9c5e16e..9dc0cbb 100644 (file)
@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled"
     if disabled("tls1_3") && disabled("tls1_2");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 use constant {
     MULTIPLE_COMPRESSIONS => 0,
index 9f8c322..95c4cbe 100644 (file)
@@ -30,7 +30,7 @@ plan skip_all => "$test_name needs TLS enabled"
        || (!disabled("tls1_3") && disabled("tls1_2"));
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,
index 45ecf5c..636d2e7 100644 (file)
@@ -49,7 +49,7 @@ my $proxy = TLSProxy::Proxy->new(
 );
 
 #We're just testing various negative and unusual scenarios here. ssltest with
-#02-protocol-version.conf should check all the various combinations of normal
+#02-protocol-version.cnf should check all the various combinations of normal
 #version neg
 
 #Test 1: An empty supported_versions extension should not succeed
index ad10edd..27cec7a 100644 (file)
@@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled"
     if disabled("ec");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 
 @handmessages = (
index 02afbdc..d9ea211 100644 (file)
@@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled"
     if disabled("ec");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 
 @handmessages = (
index 11031f3..ea48599 100644 (file)
@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 enabled"
     if disabled("tls1_3");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,
index 87705cf..0017cfd 100644 (file)
@@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
 use OpenSSL::Test::Simple;
 
 setup("test_ct");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 $ENV{CT_DIR} = srctop_dir("test", "ct");
 $ENV{CERTS_DIR} = srctop_dir("test", "certs");
 simple_test("test_ct", "ct_test", "ct", "ec");
index 01a4917..3b1857c 100644 (file)
@@ -19,9 +19,9 @@ use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
 setup("test_ssl_new");
 
 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
-my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
 map { s/;.*// } @conf_srcs if $^O eq "VMS";
 my @conf_files = map { basename($_, ".in") } @conf_srcs;
 map { s/\^// } @conf_files if $^O eq "VMS";
@@ -54,56 +54,56 @@ my $no_ocsp = disabled("ocsp");
 # Add your test here if the test conf.in generates test cases and/or
 # expectations dynamically based on the OpenSSL compile-time config.
 my %conf_dependent_tests = (
-  "02-protocol-version.conf" => !$is_default_tls,
-  "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls
+  "02-protocol-version.cnf" => !$is_default_tls,
+  "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls
                            || !disabled("sctp"),
-  "05-sni.conf" => disabled("tls1_1"),
-  "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),
-  "10-resumption.conf" => !$is_default_tls || $no_ec,
-  "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"),
-  "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"),
-  "17-renegotiate.conf" => disabled("tls1_2"),
-  "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"),
-  "19-mac-then-encrypt.conf" => !$is_default_tls,
-  "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
-  "22-compression.conf" => !$is_default_tls,
-  "25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
-  "27-ticket-appdata.conf" => !$is_default_tls,
-  "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
-  "30-extended-master-secret.conf" => disabled("tls1_2"),
+  "05-sni.cnf" => disabled("tls1_1"),
+  "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "10-resumption.cnf" => !$is_default_tls || $no_ec,
+  "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "17-renegotiate.cnf" => disabled("tls1_2"),
+  "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"),
+  "19-mac-then-encrypt.cnf" => !$is_default_tls,
+  "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa,
+  "22-compression.cnf" => !$is_default_tls,
+  "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"),
+  "27-ticket-appdata.cnf" => !$is_default_tls,
+  "28-seclevel.cnf" => disabled("tls1_2") || $no_ec,
+  "30-extended-master-secret.cnf" => disabled("tls1_2"),
 );
 
 # Add your test here if it should be skipped for some compile-time
 # configurations. Default is $no_tls but some tests have different skip
 # conditions.
 my %skip = (
-  "06-sni-ticket.conf" => $no_tls_below1_3,
-  "07-dtls-protocol-version.conf" => $no_dtls,
-  "08-npn.conf" => (disabled("tls1") && disabled("tls1_1")
+  "06-sni-ticket.cnf" => $no_tls_below1_3,
+  "07-dtls-protocol-version.cnf" => $no_dtls,
+  "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1")
                     && disabled("tls1_2")) || $no_npn,
-  "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
-  "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
-  "12-ct.conf" => $no_tls || $no_ct || $no_ec,
+  "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"),
+  "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"),
+  "12-ct.cnf" => $no_tls || $no_ct || $no_ec,
   # We could run some of these tests without TLS 1.2 if we had a per-test
   # disable instruction but that's a bizarre configuration not worth
   # special-casing for.
   # TODO(TLS 1.3): We should review this once we have TLS 1.3.
-  "13-fragmentation.conf" => disabled("tls1_2"),
-  "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m,
-  "15-certstatus.conf" => $no_tls || $no_ocsp,
-  "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
-  "17-renegotiate.conf" => $no_tls_below1_3,
-  "18-dtls-renegotiate.conf" => $no_dtls,
-  "19-mac-then-encrypt.conf" => $no_pre_tls1_3,
-  "20-cert-select.conf" => disabled("tls1_2") || $no_ec,
-  "21-key-update.conf" => disabled("tls1_3"),
-  "22-compression.conf" => disabled("zlib") || $no_tls,
-  "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1")
+  "13-fragmentation.cnf" => disabled("tls1_2"),
+  "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m,
+  "15-certstatus.cnf" => $no_tls || $no_ocsp,
+  "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp,
+  "17-renegotiate.cnf" => $no_tls_below1_3,
+  "18-dtls-renegotiate.cnf" => $no_dtls,
+  "19-mac-then-encrypt.cnf" => $no_pre_tls1_3,
+  "20-cert-select.cnf" => disabled("tls1_2") || $no_ec,
+  "21-key-update.cnf" => disabled("tls1_3"),
+  "22-compression.cnf" => disabled("zlib") || $no_tls,
+  "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1")
                     && disabled("tls1_2")) || disabled("srp"),
-  "24-padding.conf" => disabled("tls1_3"),
-  "25-cipher.conf" => disabled("ec") || disabled("tls1_2"),
-  "26-tls13_client_auth.conf" => disabled("tls1_3"),
-  "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"),
+  "24-padding.cnf" => disabled("tls1_3"),
+  "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
+  "26-tls13_client_auth.cnf" => disabled("tls1_3"),
+  "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
 );
 
 foreach my $conf (@conf_files) {
@@ -133,7 +133,7 @@ sub test_conf {
            "Getting output from generate_ssl_tests.pl.");
 
     SKIP: {
-        # Test 2. Compare against existing output in test/ssl_tests.conf.
+        # Test 2. Compare against existing output in test/ssl_tests.cnf.
         skip "Skipping generated source test for $conf", 1
           if !$check_source;
 
index 76e0758..a4bdb6d 100644 (file)
@@ -18,7 +18,7 @@ use OpenSSL::Test::Utils;
 
 setup("test_ssl");
 
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
     $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
index 5548f46..7775bd9 100644 (file)
@@ -15,5 +15,5 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 setup("test_ssl_test_ctx");
 
 plan tests => 1;
-ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])),
-   "running ssl_test_ctx_test ssl_test_ctx_test.conf");
+ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.cnf")])),
+   "running ssl_test_ctx_test ssl_test_ctx_test.cnf");
index b01243f..f201096 100644 (file)
@@ -31,7 +31,7 @@ plan skip_all => "No test GOST engine found"
 plan tests => 1;
 
 $ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
-                                 "gost.conf");
+                                 "gost.cnf");
 
 ok(run(test(["gosttest",
              srctop_file("test", "recipes", "90-test_gost_data",
index ed4367b..30fc4ef 100644 (file)
@@ -2,4 +2,4 @@
 # Example configuration file using includes.
 #
 
-.include [.conf-includes]
+.include [.cnf-includes]
similarity index 99%
rename from test/ssl-tests/26-tls13_client_auth.conf.in
rename to test/ssl-tests/26-tls13_client_auth.cnf.in
index 02a1ee2..82d3ac2 100644 (file)
@@ -8,7 +8,7 @@
 
 
 ## Test TLSv1.3 certificate authentication
-## Similar to 04-client_auth.conf.in output, but specific for
+## Similar to 04-client_auth.cnf.in output, but specific for
 ## TLSv1.3 and post-handshake authentication
 
 use strict;
index fc7ec68..877c860 100644 (file)
@@ -251,7 +251,7 @@ int setup_tests(void)
 
     if (!TEST_ptr(conf = NCONF_new(NULL)))
         return 0;
-    /* argument should point to test/ssl_test_ctx_test.conf */
+    /* argument should point to test/ssl_test_ctx_test.cnf */
     if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0))
         return 0;
 
index c491638..c1435a7 100755 (executable)
@@ -14,6 +14,6 @@ find -name ossl_typ.h -o \( \
         -name '*.ec' -o \
         -name 'README*' -o \
         -name '*.pod' -o \
-        -name '*.conf' \
+        -name '*.cnf' -o -name '*.conf' \
         \) -exec sed -E -i \
         -f util/fix-includes.sed {} \;