/test/confdump
/test/bio_prefix_text
# Other generated files in test/
-/test/provider_internal_test.conf
-/test/fipsinstall.conf
-/providers/fipsinstall.conf
+/test/provider_internal_test.cnf
+/test/fipsinstall.cnf
+/providers/fipsinstall.cnf
# Certain files that get created by tests on the fly
/test-runs
=head1 EXAMPLES
Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
-for the module, and save the F<fips.conf> configuration file:
+for the module, and save the F<fips.cnf> configuration file:
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
-section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213
-Verify that the configuration file F<fips.conf> contains the correct info:
+Verify that the configuration file F<fips.cnf> contains the correct info:
- openssl fipsinstall -module ./fips.so -in fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips \
-section_name fips_install -mac_name HMAC -macopt digest:SHA256 \
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify
Corrupt any self tests which have the description 'SHA1':
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
-section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
-corrupt_desc', 'SHA1'
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
####################################################################
[ req ]
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
####################################################################
[ req ]
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
####################################################################
[ req ]
SSL testcases are configured in the `ssl-tests` directory.
-Each `ssl_*.conf.in` file contains a number of test configurations. These files
+Each `ssl_*.cnf.in` file contains a number of test configurations. These files
are used to generate testcases in the OpenSSL CONF format.
The precise test output can be dependent on the library configuration. The test
However, for verification, we also include checked-in configuration outputs
corresponding to the default configuration. These testcases live in
-`test/ssl-tests/*.conf` files.
+`test/ssl-tests/*.cnf` files.
-For more details, see `ssl-tests/01-simple.conf.in` for an example.
+For more details, see `ssl-tests/01-simple.cnf.in` for an example.
## Configuring the test
## Adding a test to the test harness
1. Add a new test configuration to `test/ssl-tests`, following the examples of
- existing `*.conf.in` files (for example, `01-simple.conf.in`).
+ existing `*.cnf.in` files (for example, `01-simple.cnf.in`).
-2. Generate the generated `*.conf` test input file. You can do so by running
+2. Generate the generated `*.cnf` test input file. You can do so by running
`generate_ssl_tests.pl`:
```
$ ./config
$ cd test
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \
- > ssl-tests/my.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in \
+ > ssl-tests/my.cnf
```
-where `my.conf.in` is your test input file.
+where `my.cnf.in` is your test input file.
-For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
+For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do
```
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in > ssl-tests/01-simple.cnf
```
Alternatively (hackish but simple), you can comment out
OpenSSL directory, do
```
-$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
- test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \
+ test/ssl-tests/01-simple.cnf
```
or for shared builds
```
-$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \
- util/wrap.pl test/ssl_test test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \
+ util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf
```
Note that the test expectations sometimes depend on the Configure settings. For
just run `make test` do not need any extra steps.
However, when running a test manually, keep in mind that the repository version
-of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
+of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with
the default Configure options. To run `ssl_test` manually from the command line
in a build with a different configuration, you may need to generate the right
-`*.conf` file from the `*.conf.in` input first.
+`*.cnf` file from the `*.cnf.in` input first.
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
CN2 = Brother 2
DEFINE[provider_test]=NO_PROVIDER_MODULE
DEFINE[provider_internal_test]=NO_PROVIDER_MODULE
ENDIF
- DEPEND[]=provider_internal_test.conf
- GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in
+ DEPEND[]=provider_internal_test.cnf
+ GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in
PROGRAMS{noinst}=params_test
SOURCE[params_test]=params_test.c
openssl_conf = openssl_init
-.include fipsinstall.conf
+.include fipsinstall.cnf
[openssl_init]
providers = provider_sect
openssl_conf = openssl_init
-.include fipsinstall.conf
+.include fipsinstall.cnf
[openssl_init]
providers = provider_sect
setup("test_internal_provider");
$ENV{OPENSSL_MODULES} = bldtop_dir("test");
-$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf");
+$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.cnf");
simple_test("test_internal_provider", "provider_internal_test");
$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
# fail if no module name
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module',
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module',
'-provider_name', 'fips',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install'])),
"fipsinstall verify fail");
-# output a fips.conf file containing mac data
-ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+# output a fips.cnf file containing mac data
+ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install'])),
"fipsinstall");
-# verify the fips.conf file
-ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# verify the fips.cnf file
+ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-verify'])),
"fipsinstall verify");
-# fail to verify the fips.conf file if a different key is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different key is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:01',
'-section_name', 'fips_install', '-verify'])),
"fipsinstall verify fail bad key");
-# fail to verify the fips.conf file if a different mac digest is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different mac digest is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA512', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-verify'])),
"fipsinstall verify fail incorrect digest");
# corrupt the module hmac
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])),
"fipsinstall fails when the module integrity is corrupted");
# corrupt the first digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])),
"fipsinstall fails when the digest result is corrupted");
# corrupt another digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])),
"fipsinstall fails when the digest result is corrupted");
# corrupt DRBG
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),
setup('test_conf');
my %input_result = (
- 'dollarid_on.conf' => 'dollarid_on.txt',
- 'dollarid_off.conf' => 'dollarid_off.txt',
+ 'dollarid_on.cnf' => 'dollarid_on.txt',
+ 'dollarid_off.cnf' => 'dollarid_off.txt',
);
plan skip_all => 'This is unsupported for cross compiled configurations'
$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsinstall.conf'),
+ '-out', bldtop_file('providers', 'fipsinstall.cnf'),
'-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
unless ($no_fips) {
push @setups, {
cmd => app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsinstall.conf'),
+ '-out', bldtop_file('providers', 'fipsinstall.cnf'),
'-module', bldtop_file('providers', platform->dso('fips')),
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
if disabled("tls1_3") && disabled("tls1_2");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
use constant {
MULTIPLE_COMPRESSIONS => 0,
|| (!disabled("tls1_3") && disabled("tls1_2"));
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
my $proxy = TLSProxy::Proxy->new(
undef,
);
#We're just testing various negative and unusual scenarios here. ssltest with
-#02-protocol-version.conf should check all the various combinations of normal
+#02-protocol-version.cnf should check all the various combinations of normal
#version neg
#Test 1: An empty supported_versions extension should not succeed
if disabled("ec");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
@handmessages = (
if disabled("ec");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
@handmessages = (
if disabled("tls1_3");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
my $proxy = TLSProxy::Proxy->new(
undef,
use OpenSSL::Test::Simple;
setup("test_ct");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
$ENV{CT_DIR} = srctop_dir("test", "ct");
$ENV{CERTS_DIR} = srctop_dir("test", "certs");
simple_test("test_ct", "ct_test", "ct", "ec");
setup("test_ssl_new");
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
-my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
map { s/;.*// } @conf_srcs if $^O eq "VMS";
my @conf_files = map { basename($_, ".in") } @conf_srcs;
map { s/\^// } @conf_files if $^O eq "VMS";
# Add your test here if the test conf.in generates test cases and/or
# expectations dynamically based on the OpenSSL compile-time config.
my %conf_dependent_tests = (
- "02-protocol-version.conf" => !$is_default_tls,
- "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls
+ "02-protocol-version.cnf" => !$is_default_tls,
+ "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls
|| !disabled("sctp"),
- "05-sni.conf" => disabled("tls1_1"),
- "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),
- "10-resumption.conf" => !$is_default_tls || $no_ec,
- "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"),
- "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"),
- "17-renegotiate.conf" => disabled("tls1_2"),
- "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"),
- "19-mac-then-encrypt.conf" => !$is_default_tls,
- "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
- "22-compression.conf" => !$is_default_tls,
- "25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
- "27-ticket-appdata.conf" => !$is_default_tls,
- "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
- "30-extended-master-secret.conf" => disabled("tls1_2"),
+ "05-sni.cnf" => disabled("tls1_1"),
+ "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"),
+ "10-resumption.cnf" => !$is_default_tls || $no_ec,
+ "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"),
+ "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"),
+ "17-renegotiate.cnf" => disabled("tls1_2"),
+ "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"),
+ "19-mac-then-encrypt.cnf" => !$is_default_tls,
+ "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa,
+ "22-compression.cnf" => !$is_default_tls,
+ "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"),
+ "27-ticket-appdata.cnf" => !$is_default_tls,
+ "28-seclevel.cnf" => disabled("tls1_2") || $no_ec,
+ "30-extended-master-secret.cnf" => disabled("tls1_2"),
);
# Add your test here if it should be skipped for some compile-time
# configurations. Default is $no_tls but some tests have different skip
# conditions.
my %skip = (
- "06-sni-ticket.conf" => $no_tls_below1_3,
- "07-dtls-protocol-version.conf" => $no_dtls,
- "08-npn.conf" => (disabled("tls1") && disabled("tls1_1")
+ "06-sni-ticket.cnf" => $no_tls_below1_3,
+ "07-dtls-protocol-version.cnf" => $no_dtls,
+ "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1")
&& disabled("tls1_2")) || $no_npn,
- "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
- "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
- "12-ct.conf" => $no_tls || $no_ct || $no_ec,
+ "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"),
+ "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"),
+ "12-ct.cnf" => $no_tls || $no_ct || $no_ec,
# We could run some of these tests without TLS 1.2 if we had a per-test
# disable instruction but that's a bizarre configuration not worth
# special-casing for.
# TODO(TLS 1.3): We should review this once we have TLS 1.3.
- "13-fragmentation.conf" => disabled("tls1_2"),
- "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m,
- "15-certstatus.conf" => $no_tls || $no_ocsp,
- "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
- "17-renegotiate.conf" => $no_tls_below1_3,
- "18-dtls-renegotiate.conf" => $no_dtls,
- "19-mac-then-encrypt.conf" => $no_pre_tls1_3,
- "20-cert-select.conf" => disabled("tls1_2") || $no_ec,
- "21-key-update.conf" => disabled("tls1_3"),
- "22-compression.conf" => disabled("zlib") || $no_tls,
- "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1")
+ "13-fragmentation.cnf" => disabled("tls1_2"),
+ "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m,
+ "15-certstatus.cnf" => $no_tls || $no_ocsp,
+ "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp,
+ "17-renegotiate.cnf" => $no_tls_below1_3,
+ "18-dtls-renegotiate.cnf" => $no_dtls,
+ "19-mac-then-encrypt.cnf" => $no_pre_tls1_3,
+ "20-cert-select.cnf" => disabled("tls1_2") || $no_ec,
+ "21-key-update.cnf" => disabled("tls1_3"),
+ "22-compression.cnf" => disabled("zlib") || $no_tls,
+ "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1")
&& disabled("tls1_2")) || disabled("srp"),
- "24-padding.conf" => disabled("tls1_3"),
- "25-cipher.conf" => disabled("ec") || disabled("tls1_2"),
- "26-tls13_client_auth.conf" => disabled("tls1_3"),
- "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"),
+ "24-padding.cnf" => disabled("tls1_3"),
+ "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
+ "26-tls13_client_auth.cnf" => disabled("tls1_3"),
+ "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
);
foreach my $conf (@conf_files) {
"Getting output from generate_ssl_tests.pl.");
SKIP: {
- # Test 2. Compare against existing output in test/ssl_tests.conf.
+ # Test 2. Compare against existing output in test/ssl_tests.cnf.
skip "Skipping generated source test for $conf", 1
if !$check_source;
setup("test_ssl");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
$no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
setup("test_ssl_test_ctx");
plan tests => 1;
-ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])),
- "running ssl_test_ctx_test ssl_test_ctx_test.conf");
+ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.cnf")])),
+ "running ssl_test_ctx_test ssl_test_ctx_test.cnf");
plan tests => 1;
$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
- "gost.conf");
+ "gost.cnf");
ok(run(test(["gosttest",
srctop_file("test", "recipes", "90-test_gost_data",
# Example configuration file using includes.
#
-.include [.conf-includes]
+.include [.cnf-includes]
## Test TLSv1.3 certificate authentication
-## Similar to 04-client_auth.conf.in output, but specific for
+## Similar to 04-client_auth.cnf.in output, but specific for
## TLSv1.3 and post-handshake authentication
use strict;
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
- /* argument should point to test/ssl_test_ctx_test.conf */
+ /* argument should point to test/ssl_test_ctx_test.cnf */
if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0))
return 0;
-name '*.ec' -o \
-name 'README*' -o \
-name '*.pod' -o \
- -name '*.conf' \
+ -name '*.cnf' -o -name '*.conf' \
\) -exec sed -E -i \
-f util/fix-includes.sed {} \;