diff --git a/.gitignore b/.gitignore index 3b1a455209..f51ccce56d 100644 --- a/.gitignore +++ b/.gitignore @@ -96,9 +96,9 @@ doc/man1/openssl-x509.pod /test/confdump /test/bio_prefix_text # Other generated files in test/ -/test/provider_internal_test.conf -/test/fipsinstall.conf -/providers/fipsinstall.conf +/test/provider_internal_test.cnf +/test/fipsinstall.cnf +/providers/fipsinstall.cnf # Certain files that get created by tests on the fly /test-runs diff --git a/doc/man1/openssl-fipsinstall.pod b/doc/man1/openssl-fipsinstall.pod index 7cad6091e1..9c7c856b0d 100644 --- a/doc/man1/openssl-fipsinstall.pod +++ b/doc/man1/openssl-fipsinstall.pod @@ -128,21 +128,21 @@ values that can be used. =head1 EXAMPLES Calculate the mac of a FIPS module F and run a FIPS self test -for the module, and save the F configuration file: +for the module, and save the F configuration file: - openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \ + openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \ -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -Verify that the configuration file F contains the correct info: +Verify that the configuration file F contains the correct info: - openssl fipsinstall -module ./fips.so -in fips.conf -provider_name fips \ + openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips \ -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \ -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify Corrupt any self tests which have the description 'SHA1': - openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \ + openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \ -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ -corrupt_desc', 'SHA1' diff --git a/test/CAss.cnf b/test/CAss.cnf index 8ca62b5cf7..d63f85628b 100644 --- a/test/CAss.cnf +++ b/test/CAss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# #################################################################### [ req ] diff --git a/test/P1ss.cnf b/test/P1ss.cnf index 03f3cdb1ad..69baaaf849 100644 --- a/test/P1ss.cnf +++ b/test/P1ss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# #################################################################### [ req ] diff --git a/test/P2ss.cnf b/test/P2ss.cnf index 5adaecc7d5..8d4f3c8a68 100644 --- a/test/P2ss.cnf +++ b/test/P2ss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# #################################################################### [ req ] diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 30360f7652..6fc7301500 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -2,7 +2,7 @@ SSL testcases are configured in the `ssl-tests` directory. -Each `ssl_*.conf.in` file contains a number of test configurations. These files +Each `ssl_*.cnf.in` file contains a number of test configurations. These files are used to generate testcases in the OpenSSL CONF format. The precise test output can be dependent on the library configuration. The test @@ -10,9 +10,9 @@ harness generates the output files on the fly. However, for verification, we also include checked-in configuration outputs corresponding to the default configuration. These testcases live in -`test/ssl-tests/*.conf` files. +`test/ssl-tests/*.cnf` files. -For more details, see `ssl-tests/01-simple.conf.in` for an example. +For more details, see `ssl-tests/01-simple.cnf.in` for an example. ## Configuring the test @@ -219,24 +219,24 @@ client => { ## Adding a test to the test harness 1. Add a new test configuration to `test/ssl-tests`, following the examples of - existing `*.conf.in` files (for example, `01-simple.conf.in`). + existing `*.cnf.in` files (for example, `01-simple.cnf.in`). -2. Generate the generated `*.conf` test input file. You can do so by running +2. Generate the generated `*.cnf` test input file. You can do so by running `generate_ssl_tests.pl`: ``` $ ./config $ cd test -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \ - > ssl-tests/my.conf +$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in \ + > ssl-tests/my.cnf ``` -where `my.conf.in` is your test input file. +where `my.cnf.in` is your test input file. -For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do +For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do ``` -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf +$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in > ssl-tests/01-simple.cnf ``` Alternatively (hackish but simple), you can comment out @@ -273,15 +273,15 @@ environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do ``` -$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \ - test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.cnf ``` or for shared builds ``` -$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \ - util/wrap.pl test/ssl_test test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \ + util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf ``` Note that the test expectations sometimes depend on the Configure settings. For @@ -293,7 +293,7 @@ The Perl test harness automatically generates expected outputs, so users who just run `make test` do not need any extra steps. However, when running a test manually, keep in mind that the repository version -of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with +of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with the default Configure options. To run `ssl_test` manually from the command line in a build with a different configuration, you may need to generate the right -`*.conf` file from the `*.conf.in` input first. +`*.cnf` file from the `*.cnf.in` input first. diff --git a/test/Uss.cnf b/test/Uss.cnf index 27517bd106..95ffb67deb 100644 --- a/test/Uss.cnf +++ b/test/Uss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# CN2 = Brother 2 diff --git a/test/build.info b/test/build.info index ea350e5d6a..1573087c28 100644 --- a/test/build.info +++ b/test/build.info @@ -716,8 +716,8 @@ IF[{- !$disabled{tests} -}] DEFINE[provider_test]=NO_PROVIDER_MODULE DEFINE[provider_internal_test]=NO_PROVIDER_MODULE ENDIF - DEPEND[]=provider_internal_test.conf - GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in + DEPEND[]=provider_internal_test.cnf + GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in PROGRAMS{noinst}=params_test SOURCE[params_test]=params_test.c diff --git a/test/ct/log_list.conf b/test/ct/log_list.cnf similarity index 100% rename from test/ct/log_list.conf rename to test/ct/log_list.cnf diff --git a/test/default-and-fips.cnf b/test/default-and-fips.cnf index 6db1a940ee..03f5a83183 100644 --- a/test/default-and-fips.cnf +++ b/test/default-and-fips.cnf @@ -1,6 +1,6 @@ openssl_conf = openssl_init -.include fipsinstall.conf +.include fipsinstall.cnf [openssl_init] providers = provider_sect diff --git a/test/fips.cnf b/test/fips.cnf index d77d35b99f..32c18be671 100644 --- a/test/fips.cnf +++ b/test/fips.cnf @@ -1,6 +1,6 @@ openssl_conf = openssl_init -.include fipsinstall.conf +.include fipsinstall.cnf [openssl_init] providers = provider_sect diff --git a/test/provider_internal_test.conf.in b/test/provider_internal_test.cnf.in similarity index 100% rename from test/provider_internal_test.conf.in rename to test/provider_internal_test.cnf.in diff --git a/test/recipes/02-test_internal_provider.t b/test/recipes/02-test_internal_provider.t index 615d17a8d9..2b77d4b5f3 100644 --- a/test/recipes/02-test_internal_provider.t +++ b/test/recipes/02-test_internal_provider.t @@ -14,6 +14,6 @@ use OpenSSL::Test::Utils; setup("test_internal_provider"); $ENV{OPENSSL_MODULES} = bldtop_dir("test"); -$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf"); +$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.cnf"); simple_test("test_internal_provider", "provider_internal_test"); diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 71e8db10e4..3be6346ab9 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -30,7 +30,7 @@ my $infile = bldtop_file('providers', platform->dso('fips')); $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); # fail if no module name -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', '-provider_name', 'fips', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install'])), @@ -44,57 +44,57 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, "fipsinstall verify fail"); -# output a fips.conf file containing mac data -ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +# output a fips.cnf file containing mac data +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install'])), "fipsinstall"); -# verify the fips.conf file -ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, +# verify the fips.cnf file +ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify"); -# fail to verify the fips.conf file if a different key is used -ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, +# fail to verify the fips.cnf file if a different key is used +ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify fail bad key"); -# fail to verify the fips.conf file if a different mac digest is used -ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, +# fail to verify the fips.cnf file if a different mac digest is used +ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify fail incorrect digest"); # corrupt the module hmac -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])), "fipsinstall fails when the module integrity is corrupted"); # corrupt the first digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])), "fipsinstall fails when the digest result is corrupted"); # corrupt another digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])), "fipsinstall fails when the digest result is corrupted"); # corrupt DRBG -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])), diff --git a/test/recipes/04-test_conf.t b/test/recipes/04-test_conf.t index 9103cbc8eb..92a570c546 100644 --- a/test/recipes/04-test_conf.t +++ b/test/recipes/04-test_conf.t @@ -16,8 +16,8 @@ use File::Compare qw(compare_text); setup('test_conf'); my %input_result = ( - 'dollarid_on.conf' => 'dollarid_on.txt', - 'dollarid_off.conf' => 'dollarid_off.txt', + 'dollarid_on.cnf' => 'dollarid_on.txt', + 'dollarid_off.cnf' => 'dollarid_off.txt', ); plan skip_all => 'This is unsupported for cross compiled configurations' diff --git a/test/recipes/04-test_conf_data/dollarid_off.conf b/test/recipes/04-test_conf_data/dollarid_off.cnf similarity index 100% rename from test/recipes/04-test_conf_data/dollarid_off.conf rename to test/recipes/04-test_conf_data/dollarid_off.cnf diff --git a/test/recipes/04-test_conf_data/dollarid_on.conf b/test/recipes/04-test_conf_data/dollarid_on.cnf similarity index 100% rename from test/recipes/04-test_conf_data/dollarid_on.conf rename to test/recipes/04-test_conf_data/dollarid_on.cnf diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 575a471d2f..9b940aa5ec 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -84,7 +84,7 @@ unless ($no_fips) { $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsinstall.conf'), + '-out', bldtop_file('providers', 'fipsinstall.cnf'), '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index ce7c834039..8ffd2a50d8 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -48,7 +48,7 @@ my @testdata = ( unless ($no_fips) { push @setups, { cmd => app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsinstall.conf'), + '-out', bldtop_file('providers', 'fipsinstall.cnf'), '-module', bldtop_file('providers', platform->dso('fips')), '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index 9c5e16ed2d..9dc0cbb94c 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); use constant { MULTIPLE_COMPRESSIONS => 0, diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index 9f8c3226e6..95c4cbe553 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -30,7 +30,7 @@ plan skip_all => "$test_name needs TLS enabled" || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index 45ecf5c581..636d2e79fb 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -49,7 +49,7 @@ my $proxy = TLSProxy::Proxy->new( ); #We're just testing various negative and unusual scenarios here. ssltest with -#02-protocol-version.conf should check all the various combinations of normal +#02-protocol-version.cnf should check all the various combinations of normal #version neg #Test 1: An empty supported_versions extension should not succeed diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index ad10eddeb7..27cec7adf1 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 02afbdc4ff..d9ea211844 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index 11031f3f44..ea48599d13 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t index 87705cf664..0017cfdc39 100644 --- a/test/recipes/80-test_ct.t +++ b/test/recipes/80-test_ct.t @@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/; use OpenSSL::Test::Simple; setup("test_ct"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); $ENV{CT_DIR} = srctop_dir("test", "ct"); $ENV{CERTS_DIR} = srctop_dir("test", "certs"); simple_test("test_ct", "ct_test", "ct", "ec"); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 01a49173d6..3b1857cc79 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -19,9 +19,9 @@ use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/; setup("test_ssl_new"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); -my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in")); +my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); map { s/;.*// } @conf_srcs if $^O eq "VMS"; my @conf_files = map { basename($_, ".in") } @conf_srcs; map { s/\^// } @conf_files if $^O eq "VMS"; @@ -54,56 +54,56 @@ my $no_ocsp = disabled("ocsp"); # Add your test here if the test conf.in generates test cases and/or # expectations dynamically based on the OpenSSL compile-time config. my %conf_dependent_tests = ( - "02-protocol-version.conf" => !$is_default_tls, - "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls + "02-protocol-version.cnf" => !$is_default_tls, + "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls || !disabled("sctp"), - "05-sni.conf" => disabled("tls1_1"), - "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"), - "10-resumption.conf" => !$is_default_tls || $no_ec, - "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"), - "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"), - "17-renegotiate.conf" => disabled("tls1_2"), - "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"), - "19-mac-then-encrypt.conf" => !$is_default_tls, - "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa, - "22-compression.conf" => !$is_default_tls, - "25-cipher.conf" => disabled("poly1305") || disabled("chacha"), - "27-ticket-appdata.conf" => !$is_default_tls, - "28-seclevel.conf" => disabled("tls1_2") || $no_ec, - "30-extended-master-secret.conf" => disabled("tls1_2"), + "05-sni.cnf" => disabled("tls1_1"), + "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"), + "10-resumption.cnf" => !$is_default_tls || $no_ec, + "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"), + "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"), + "17-renegotiate.cnf" => disabled("tls1_2"), + "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"), + "19-mac-then-encrypt.cnf" => !$is_default_tls, + "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa, + "22-compression.cnf" => !$is_default_tls, + "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"), + "27-ticket-appdata.cnf" => !$is_default_tls, + "28-seclevel.cnf" => disabled("tls1_2") || $no_ec, + "30-extended-master-secret.cnf" => disabled("tls1_2"), ); # Add your test here if it should be skipped for some compile-time # configurations. Default is $no_tls but some tests have different skip # conditions. my %skip = ( - "06-sni-ticket.conf" => $no_tls_below1_3, - "07-dtls-protocol-version.conf" => $no_dtls, - "08-npn.conf" => (disabled("tls1") && disabled("tls1_1") + "06-sni-ticket.cnf" => $no_tls_below1_3, + "07-dtls-protocol-version.cnf" => $no_dtls, + "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1") && disabled("tls1_2")) || $no_npn, - "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"), - "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"), - "12-ct.conf" => $no_tls || $no_ct || $no_ec, + "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"), + "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"), + "12-ct.cnf" => $no_tls || $no_ct || $no_ec, # We could run some of these tests without TLS 1.2 if we had a per-test # disable instruction but that's a bizarre configuration not worth # special-casing for. # TODO(TLS 1.3): We should review this once we have TLS 1.3. - "13-fragmentation.conf" => disabled("tls1_2"), - "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, - "15-certstatus.conf" => $no_tls || $no_ocsp, - "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, - "17-renegotiate.conf" => $no_tls_below1_3, - "18-dtls-renegotiate.conf" => $no_dtls, - "19-mac-then-encrypt.conf" => $no_pre_tls1_3, - "20-cert-select.conf" => disabled("tls1_2") || $no_ec, - "21-key-update.conf" => disabled("tls1_3"), - "22-compression.conf" => disabled("zlib") || $no_tls, - "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1") + "13-fragmentation.cnf" => disabled("tls1_2"), + "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m, + "15-certstatus.cnf" => $no_tls || $no_ocsp, + "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp, + "17-renegotiate.cnf" => $no_tls_below1_3, + "18-dtls-renegotiate.cnf" => $no_dtls, + "19-mac-then-encrypt.cnf" => $no_pre_tls1_3, + "20-cert-select.cnf" => disabled("tls1_2") || $no_ec, + "21-key-update.cnf" => disabled("tls1_3"), + "22-compression.cnf" => disabled("zlib") || $no_tls, + "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1") && disabled("tls1_2")) || disabled("srp"), - "24-padding.conf" => disabled("tls1_3"), - "25-cipher.conf" => disabled("ec") || disabled("tls1_2"), - "26-tls13_client_auth.conf" => disabled("tls1_3"), - "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"), + "24-padding.cnf" => disabled("tls1_3"), + "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"), + "26-tls13_client_auth.cnf" => disabled("tls1_3"), + "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"), ); foreach my $conf (@conf_files) { @@ -133,7 +133,7 @@ sub test_conf { "Getting output from generate_ssl_tests.pl."); SKIP: { - # Test 2. Compare against existing output in test/ssl_tests.conf. + # Test 2. Compare against existing output in test/ssl_tests.cnf. skip "Skipping generated source test for $conf", 1 if !$check_source; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 76e0758adb..a4bdb6ddbb 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -18,7 +18,7 @@ use OpenSSL::Test::Utils; setup("test_ssl"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, diff --git a/test/recipes/80-test_ssl_test_ctx.t b/test/recipes/80-test_ssl_test_ctx.t index 5548f46d49..7775bd9351 100644 --- a/test/recipes/80-test_ssl_test_ctx.t +++ b/test/recipes/80-test_ssl_test_ctx.t @@ -15,5 +15,5 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_ssl_test_ctx"); plan tests => 1; -ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])), - "running ssl_test_ctx_test ssl_test_ctx_test.conf"); +ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.cnf")])), + "running ssl_test_ctx_test ssl_test_ctx_test.cnf"); diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t index b01243fa62..f2010967a2 100644 --- a/test/recipes/90-test_gost.t +++ b/test/recipes/90-test_gost.t @@ -31,7 +31,7 @@ plan skip_all => "No test GOST engine found" plan tests => 1; $ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data", - "gost.conf"); + "gost.cnf"); ok(run(test(["gosttest", srctop_file("test", "recipes", "90-test_gost_data", diff --git a/test/recipes/90-test_gost_data/gost.conf b/test/recipes/90-test_gost_data/gost.cnf similarity index 100% rename from test/recipes/90-test_gost_data/gost.conf rename to test/recipes/90-test_gost_data/gost.cnf diff --git a/test/recipes/90-test_includes_data/vms-includes.cnf b/test/recipes/90-test_includes_data/vms-includes.cnf index ed4367bcf0..30fc4ef8e1 100644 --- a/test/recipes/90-test_includes_data/vms-includes.cnf +++ b/test/recipes/90-test_includes_data/vms-includes.cnf @@ -2,4 +2,4 @@ # Example configuration file using includes. # -.include [.conf-includes] +.include [.cnf-includes] diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.cnf similarity index 100% rename from test/ssl-tests/01-simple.conf rename to test/ssl-tests/01-simple.cnf diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.cnf.in similarity index 100% rename from test/ssl-tests/01-simple.conf.in rename to test/ssl-tests/01-simple.cnf.in diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.cnf similarity index 100% rename from test/ssl-tests/02-protocol-version.conf rename to test/ssl-tests/02-protocol-version.cnf diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.cnf.in similarity index 100% rename from test/ssl-tests/02-protocol-version.conf.in rename to test/ssl-tests/02-protocol-version.cnf.in diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.cnf similarity index 100% rename from test/ssl-tests/03-custom_verify.conf rename to test/ssl-tests/03-custom_verify.cnf diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.cnf.in similarity index 100% rename from test/ssl-tests/03-custom_verify.conf.in rename to test/ssl-tests/03-custom_verify.cnf.in diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.cnf similarity index 100% rename from test/ssl-tests/04-client_auth.conf rename to test/ssl-tests/04-client_auth.cnf diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.cnf.in similarity index 100% rename from test/ssl-tests/04-client_auth.conf.in rename to test/ssl-tests/04-client_auth.cnf.in diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.cnf similarity index 100% rename from test/ssl-tests/05-sni.conf rename to test/ssl-tests/05-sni.cnf diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.cnf.in similarity index 100% rename from test/ssl-tests/05-sni.conf.in rename to test/ssl-tests/05-sni.cnf.in diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.cnf similarity index 100% rename from test/ssl-tests/06-sni-ticket.conf rename to test/ssl-tests/06-sni-ticket.cnf diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.cnf.in similarity index 100% rename from test/ssl-tests/06-sni-ticket.conf.in rename to test/ssl-tests/06-sni-ticket.cnf.in diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.cnf similarity index 100% rename from test/ssl-tests/07-dtls-protocol-version.conf rename to test/ssl-tests/07-dtls-protocol-version.cnf diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.cnf.in similarity index 100% rename from test/ssl-tests/07-dtls-protocol-version.conf.in rename to test/ssl-tests/07-dtls-protocol-version.cnf.in diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.cnf similarity index 100% rename from test/ssl-tests/08-npn.conf rename to test/ssl-tests/08-npn.cnf diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.cnf.in similarity index 100% rename from test/ssl-tests/08-npn.conf.in rename to test/ssl-tests/08-npn.cnf.in diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.cnf similarity index 100% rename from test/ssl-tests/09-alpn.conf rename to test/ssl-tests/09-alpn.cnf diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.cnf.in similarity index 100% rename from test/ssl-tests/09-alpn.conf.in rename to test/ssl-tests/09-alpn.cnf.in diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.cnf similarity index 100% rename from test/ssl-tests/10-resumption.conf rename to test/ssl-tests/10-resumption.cnf diff --git a/test/ssl-tests/10-resumption.conf.in b/test/ssl-tests/10-resumption.cnf.in similarity index 100% rename from test/ssl-tests/10-resumption.conf.in rename to test/ssl-tests/10-resumption.cnf.in diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.cnf similarity index 100% rename from test/ssl-tests/11-dtls_resumption.conf rename to test/ssl-tests/11-dtls_resumption.cnf diff --git a/test/ssl-tests/11-dtls_resumption.conf.in b/test/ssl-tests/11-dtls_resumption.cnf.in similarity index 100% rename from test/ssl-tests/11-dtls_resumption.conf.in rename to test/ssl-tests/11-dtls_resumption.cnf.in diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.cnf similarity index 100% rename from test/ssl-tests/12-ct.conf rename to test/ssl-tests/12-ct.cnf diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.cnf.in similarity index 100% rename from test/ssl-tests/12-ct.conf.in rename to test/ssl-tests/12-ct.cnf.in diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.cnf similarity index 100% rename from test/ssl-tests/13-fragmentation.conf rename to test/ssl-tests/13-fragmentation.cnf diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.cnf.in similarity index 100% rename from test/ssl-tests/13-fragmentation.conf.in rename to test/ssl-tests/13-fragmentation.cnf.in diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.cnf similarity index 100% rename from test/ssl-tests/14-curves.conf rename to test/ssl-tests/14-curves.cnf diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.cnf.in similarity index 100% rename from test/ssl-tests/14-curves.conf.in rename to test/ssl-tests/14-curves.cnf.in diff --git a/test/ssl-tests/15-certstatus.conf b/test/ssl-tests/15-certstatus.cnf similarity index 100% rename from test/ssl-tests/15-certstatus.conf rename to test/ssl-tests/15-certstatus.cnf diff --git a/test/ssl-tests/15-certstatus.conf.in b/test/ssl-tests/15-certstatus.cnf.in similarity index 100% rename from test/ssl-tests/15-certstatus.conf.in rename to test/ssl-tests/15-certstatus.cnf.in diff --git a/test/ssl-tests/16-dtls-certstatus.conf b/test/ssl-tests/16-dtls-certstatus.cnf similarity index 100% rename from test/ssl-tests/16-dtls-certstatus.conf rename to test/ssl-tests/16-dtls-certstatus.cnf diff --git a/test/ssl-tests/16-dtls-certstatus.conf.in b/test/ssl-tests/16-dtls-certstatus.cnf.in similarity index 100% rename from test/ssl-tests/16-dtls-certstatus.conf.in rename to test/ssl-tests/16-dtls-certstatus.cnf.in diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.cnf similarity index 100% rename from test/ssl-tests/17-renegotiate.conf rename to test/ssl-tests/17-renegotiate.cnf diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.cnf.in similarity index 100% rename from test/ssl-tests/17-renegotiate.conf.in rename to test/ssl-tests/17-renegotiate.cnf.in diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.cnf similarity index 100% rename from test/ssl-tests/18-dtls-renegotiate.conf rename to test/ssl-tests/18-dtls-renegotiate.cnf diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in similarity index 100% rename from test/ssl-tests/18-dtls-renegotiate.conf.in rename to test/ssl-tests/18-dtls-renegotiate.cnf.in diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.cnf similarity index 100% rename from test/ssl-tests/19-mac-then-encrypt.conf rename to test/ssl-tests/19-mac-then-encrypt.cnf diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in similarity index 100% rename from test/ssl-tests/19-mac-then-encrypt.conf.in rename to test/ssl-tests/19-mac-then-encrypt.cnf.in diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.cnf similarity index 100% rename from test/ssl-tests/20-cert-select.conf rename to test/ssl-tests/20-cert-select.cnf diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.cnf.in similarity index 100% rename from test/ssl-tests/20-cert-select.conf.in rename to test/ssl-tests/20-cert-select.cnf.in diff --git a/test/ssl-tests/21-key-update.conf b/test/ssl-tests/21-key-update.cnf similarity index 100% rename from test/ssl-tests/21-key-update.conf rename to test/ssl-tests/21-key-update.cnf diff --git a/test/ssl-tests/21-key-update.conf.in b/test/ssl-tests/21-key-update.cnf.in similarity index 100% rename from test/ssl-tests/21-key-update.conf.in rename to test/ssl-tests/21-key-update.cnf.in diff --git a/test/ssl-tests/22-compression.conf b/test/ssl-tests/22-compression.cnf similarity index 100% rename from test/ssl-tests/22-compression.conf rename to test/ssl-tests/22-compression.cnf diff --git a/test/ssl-tests/22-compression.conf.in b/test/ssl-tests/22-compression.cnf.in similarity index 100% rename from test/ssl-tests/22-compression.conf.in rename to test/ssl-tests/22-compression.cnf.in diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.cnf similarity index 100% rename from test/ssl-tests/23-srp.conf rename to test/ssl-tests/23-srp.cnf diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.cnf.in similarity index 100% rename from test/ssl-tests/23-srp.conf.in rename to test/ssl-tests/23-srp.cnf.in diff --git a/test/ssl-tests/24-padding.conf b/test/ssl-tests/24-padding.cnf similarity index 100% rename from test/ssl-tests/24-padding.conf rename to test/ssl-tests/24-padding.cnf diff --git a/test/ssl-tests/24-padding.conf.in b/test/ssl-tests/24-padding.cnf.in similarity index 100% rename from test/ssl-tests/24-padding.conf.in rename to test/ssl-tests/24-padding.cnf.in diff --git a/test/ssl-tests/25-cipher.conf b/test/ssl-tests/25-cipher.cnf similarity index 100% rename from test/ssl-tests/25-cipher.conf rename to test/ssl-tests/25-cipher.cnf diff --git a/test/ssl-tests/25-cipher.conf.in b/test/ssl-tests/25-cipher.cnf.in similarity index 100% rename from test/ssl-tests/25-cipher.conf.in rename to test/ssl-tests/25-cipher.cnf.in diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.cnf similarity index 100% rename from test/ssl-tests/26-tls13_client_auth.conf rename to test/ssl-tests/26-tls13_client_auth.cnf diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.cnf.in similarity index 99% rename from test/ssl-tests/26-tls13_client_auth.conf.in rename to test/ssl-tests/26-tls13_client_auth.cnf.in index 02a1ee2d27..82d3ac2d2b 100644 --- a/test/ssl-tests/26-tls13_client_auth.conf.in +++ b/test/ssl-tests/26-tls13_client_auth.cnf.in @@ -8,7 +8,7 @@ ## Test TLSv1.3 certificate authentication -## Similar to 04-client_auth.conf.in output, but specific for +## Similar to 04-client_auth.cnf.in output, but specific for ## TLSv1.3 and post-handshake authentication use strict; diff --git a/test/ssl-tests/27-ticket-appdata.conf b/test/ssl-tests/27-ticket-appdata.cnf similarity index 100% rename from test/ssl-tests/27-ticket-appdata.conf rename to test/ssl-tests/27-ticket-appdata.cnf diff --git a/test/ssl-tests/27-ticket-appdata.conf.in b/test/ssl-tests/27-ticket-appdata.cnf.in similarity index 100% rename from test/ssl-tests/27-ticket-appdata.conf.in rename to test/ssl-tests/27-ticket-appdata.cnf.in diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.cnf similarity index 100% rename from test/ssl-tests/28-seclevel.conf rename to test/ssl-tests/28-seclevel.cnf diff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.cnf.in similarity index 100% rename from test/ssl-tests/28-seclevel.conf.in rename to test/ssl-tests/28-seclevel.cnf.in diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf b/test/ssl-tests/29-dtls-sctp-label-bug.cnf similarity index 100% rename from test/ssl-tests/29-dtls-sctp-label-bug.conf rename to test/ssl-tests/29-dtls-sctp-label-bug.cnf diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf.in b/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in similarity index 100% rename from test/ssl-tests/29-dtls-sctp-label-bug.conf.in rename to test/ssl-tests/29-dtls-sctp-label-bug.cnf.in diff --git a/test/ssl-tests/30-extended-master-secret.conf b/test/ssl-tests/30-extended-master-secret.cnf similarity index 100% rename from test/ssl-tests/30-extended-master-secret.conf rename to test/ssl-tests/30-extended-master-secret.cnf diff --git a/test/ssl-tests/30-extended-master-secret.conf.in b/test/ssl-tests/30-extended-master-secret.cnf.in similarity index 100% rename from test/ssl-tests/30-extended-master-secret.conf.in rename to test/ssl-tests/30-extended-master-secret.cnf.in diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index fc7ec68f29..877c8607e3 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -251,7 +251,7 @@ int setup_tests(void) if (!TEST_ptr(conf = NCONF_new(NULL))) return 0; - /* argument should point to test/ssl_test_ctx_test.conf */ + /* argument should point to test/ssl_test_ctx_test.cnf */ if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) return 0; diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.cnf similarity index 100% rename from test/ssl_test_ctx_test.conf rename to test/ssl_test_ctx_test.cnf diff --git a/util/fix-includes b/util/fix-includes index c49163875b..c1435a7628 100755 --- a/util/fix-includes +++ b/util/fix-includes @@ -14,6 +14,6 @@ find -name ossl_typ.h -o \( \ -name '*.ec' -o \ -name 'README*' -o \ -name '*.pod' -o \ - -name '*.conf' \ + -name '*.cnf' -o -name '*.conf' \ \) -exec sed -E -i \ -f util/fix-includes.sed {} \;