Use .cnf for config files, not .conf

The default is openssl.cnf  The project seems to prefer xxx.conf these
days, but we should use the default convention.

Rename all foo.conf (except for Configurations) to foo.cnf

Fixes #11174
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com>
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)

.gitignore

@@ -96,9 +96,9 @@ doc/man1/openssl-x509.pod
 /test/confdump
 /test/bio_prefix_text
 # Other generated files in test/
-/test/provider_internal_test.conf
-/test/fipsinstall.conf
-/providers/fipsinstall.conf
+/test/provider_internal_test.cnf
+/test/fipsinstall.cnf
+/providers/fipsinstall.cnf
 
 # Certain files that get created by tests on the fly
 /test-runs

doc/man1/openssl-fipsinstall.pod

@@ -128,21 +128,21 @@ values that can be used.
 =head1 EXAMPLES
 
 Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
-for the module, and save the F<fips.conf> configuration file:
+for the module, and save the F<fips.cnf> configuration file:
 
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
          -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213
 
-Verify that the configuration file F<fips.conf> contains the correct info:
+Verify that the configuration file F<fips.cnf> contains the correct info:
 
- openssl fipsinstall -module ./fips.so -in fips.conf  -provider_name fips \
+ openssl fipsinstall -module ./fips.so -in fips.cnf  -provider_name fips \
           -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \
           -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify
 
 Corrupt any self tests which have the description 'SHA1':
 
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
          -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
          -corrupt_desc', 'SHA1'

test/CAss.cnf

-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 ####################################################################
 [ req ]

test/P1ss.cnf

-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 ####################################################################
 [ req ]

test/P2ss.cnf

-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 ####################################################################
 [ req ]

test/README.ssltest.md

@@ -2,7 +2,7 @@
 
 SSL testcases are configured in the `ssl-tests` directory.
 
-Each `ssl_*.conf.in` file contains a number of test configurations. These files
+Each `ssl_*.cnf.in` file contains a number of test configurations. These files
 are used to generate testcases in the OpenSSL CONF format.
 
 The precise test output can be dependent on the library configuration. The test
@@ -10,9 +10,9 @@ harness generates the output files on the fly.
 
 However, for verification, we also include checked-in configuration outputs
 corresponding to the default configuration. These testcases live in
-`test/ssl-tests/*.conf` files.
+`test/ssl-tests/*.cnf` files.
 
-For more details, see `ssl-tests/01-simple.conf.in` for an example.
+For more details, see `ssl-tests/01-simple.cnf.in` for an example.
 
 ## Configuring the test
 
@@ -219,24 +219,24 @@ client => {
 ## Adding a test to the test harness
 
 1. Add a new test configuration to `test/ssl-tests`, following the examples of
-   existing `*.conf.in` files (for example, `01-simple.conf.in`).
+   existing `*.cnf.in` files (for example, `01-simple.cnf.in`).
 
-2. Generate the generated `*.conf` test input file. You can do so by running
+2. Generate the generated `*.cnf` test input file. You can do so by running
    `generate_ssl_tests.pl`:
 
 ```
 $ ./config
 $ cd test
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \
-  > ssl-tests/my.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in \
+  > ssl-tests/my.cnf
 ```
 
-where `my.conf.in` is your test input file.
+where `my.cnf.in` is your test input file.
 
-For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
+For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do
 
 ```
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in > ssl-tests/01-simple.cnf
 ```
 
 Alternatively (hackish but simple), you can comment out
@@ -273,15 +273,15 @@ environment variable to point to the location of the certs. E.g., from the root
 OpenSSL directory, do
 
 ```
-$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
-  test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \
+  test/ssl-tests/01-simple.cnf
 ```
 
 or for shared builds
 
 ```
-$ CTLOG_FILE=test/ct/log_list.conf  TEST_CERTS_DIR=test/certs \
-  util/wrap.pl test/ssl_test test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf  TEST_CERTS_DIR=test/certs \
+  util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf
 ```
 
 Note that the test expectations sometimes depend on the Configure settings. For
@@ -293,7 +293,7 @@ The Perl test harness automatically generates expected outputs, so users who
 just run `make test` do not need any extra steps.
 
 However, when running a test manually, keep in mind that the repository version
-of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
+of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with
 the default Configure options. To run `ssl_test` manually from the command line
 in a build with a different configuration, you may need to generate the right
-`*.conf` file from the `*.conf.in` input first.
+`*.cnf` file from the `*.cnf.in` input first.

test/Uss.cnf

-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
 
 CN2 = Brother 2
 

test/build.info

@@ -716,8 +716,8 @@ IF[{- !$disabled{tests} -}]
     DEFINE[provider_test]=NO_PROVIDER_MODULE
     DEFINE[provider_internal_test]=NO_PROVIDER_MODULE
   ENDIF
-  DEPEND[]=provider_internal_test.conf
-  GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in
+  DEPEND[]=provider_internal_test.cnf
+  GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in
 
   PROGRAMS{noinst}=params_test
   SOURCE[params_test]=params_test.c

test/default-and-fips.cnf

 openssl_conf = openssl_init
 
-.include fipsinstall.conf
+.include fipsinstall.cnf
 
 [openssl_init]
 providers = provider_sect

test/fips.cnf

 openssl_conf = openssl_init
 
-.include fipsinstall.conf
+.include fipsinstall.cnf
 
 [openssl_init]
 providers = provider_sect

test/recipes/02-test_internal_provider.t

@@ -14,6 +14,6 @@ use OpenSSL::Test::Utils;
 setup("test_internal_provider");
 
 $ENV{OPENSSL_MODULES} = bldtop_dir("test");
-$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf");
+$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.cnf");
 
 simple_test("test_internal_provider", "provider_internal_test");

test/recipes/03-test_fipsinstall.t

@@ -30,7 +30,7 @@ my $infile = bldtop_file('providers', platform->dso('fips'));
 $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
 
 # fail if no module name
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module',
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module',
              '-provider_name', 'fips',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install'])),
@@ -44,57 +44,57 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile,
    "fipsinstall verify fail");
 
 
-# output a fips.conf file containing mac data
-ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+# output a fips.cnf file containing mac data
+ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install'])),
    "fipsinstall");
 
-# verify the fips.conf file
-ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# verify the fips.cnf file
+ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-verify'])),
    "fipsinstall verify");
 
-# fail to verify the fips.conf file if a different key is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different key is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01',
              '-section_name', 'fips_install', '-verify'])),
    "fipsinstall verify fail bad key");
 
-# fail to verify the fips.conf file if a different mac digest is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different mac digest is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-verify'])),
    "fipsinstall verify fail incorrect digest");
 
 # corrupt the module hmac
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])),
    "fipsinstall fails when the module integrity is corrupted");
 
 # corrupt the first digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])),
    "fipsinstall fails when the digest result is corrupted");
 
 # corrupt another digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])),
    "fipsinstall fails when the digest result is corrupted");
 
 # corrupt DRBG
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),

test/recipes/04-test_conf.t

@@ -16,8 +16,8 @@ use File::Compare qw(compare_text);
 setup('test_conf');
 
 my %input_result = (
-    'dollarid_on.conf'  => 'dollarid_on.txt',
-    'dollarid_off.conf' => 'dollarid_off.txt',
+    'dollarid_on.cnf'  => 'dollarid_on.txt',
+    'dollarid_off.cnf' => 'dollarid_off.txt',
 );
 
 plan skip_all => 'This is unsupported for cross compiled configurations'

test/recipes/30-test_evp.t

@@ -84,7 +84,7 @@ unless ($no_fips) {
     $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
 
     ok(run(app(['openssl', 'fipsinstall',
-                '-out', bldtop_file('providers', 'fipsinstall.conf'),
+                '-out', bldtop_file('providers', 'fipsinstall.cnf'),
                 '-module', $infile,
                 '-provider_name', 'fips', '-mac_name', 'HMAC',
                 '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',

test/recipes/30-test_evp_fetch_prov.t

@@ -48,7 +48,7 @@ my @testdata = (
 unless ($no_fips) {
     push @setups, {
         cmd     => app(['openssl', 'fipsinstall',
-                        '-out', bldtop_file('providers', 'fipsinstall.conf'),
+                        '-out', bldtop_file('providers', 'fipsinstall.cnf'),
                         '-module', bldtop_file('providers', platform->dso('fips')),
                         '-provider_name', 'fips', '-mac_name', 'HMAC',
                         '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',

test/recipes/70-test_comp.t

@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled"
     if disabled("tls1_3") && disabled("tls1_2");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 use constant {
     MULTIPLE_COMPRESSIONS => 0,

test/recipes/70-test_sslmessages.t

@@ -30,7 +30,7 @@ plan skip_all => "$test_name needs TLS enabled"
        || (!disabled("tls1_3") && disabled("tls1_2"));
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,

test/recipes/70-test_sslversions.t

@@ -49,7 +49,7 @@ my $proxy = TLSProxy::Proxy->new(
 );
 
 #We're just testing various negative and unusual scenarios here. ssltest with
-#02-protocol-version.conf should check all the various combinations of normal
+#02-protocol-version.cnf should check all the various combinations of normal
 #version neg
 
 #Test 1: An empty supported_versions extension should not succeed

test/recipes/70-test_tls13kexmodes.t

@@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled"
     if disabled("ec");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 
 @handmessages = (

test/recipes/70-test_tls13messages.t

@@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled"
     if disabled("ec");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 
 @handmessages = (

test/recipes/70-test_tls13psk.t

@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 enabled"
     if disabled("tls1_3");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,

test/recipes/80-test_ct.t

@@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
 use OpenSSL::Test::Simple;
 
 setup("test_ct");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 $ENV{CT_DIR} = srctop_dir("test", "ct");
 $ENV{CERTS_DIR} = srctop_dir("test", "certs");
 simple_test("test_ct", "ct_test", "ct", "ec");

test/recipes/80-test_ssl_new.t

@@ -19,9 +19,9 @@ use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
 setup("test_ssl_new");
 
 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
-my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
 map { s/;.*// } @conf_srcs if $^O eq "VMS";
 my @conf_files = map { basename($_, ".in") } @conf_srcs;
 map { s/\^// } @conf_files if $^O eq "VMS";
@@ -54,56 +54,56 @@ my $no_ocsp = disabled("ocsp");
 # Add your test here if the test conf.in generates test cases and/or
 # expectations dynamically based on the OpenSSL compile-time config.
 my %conf_dependent_tests = (
-  "02-protocol-version.conf" => !$is_default_tls,
-  "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls
+  "02-protocol-version.cnf" => !$is_default_tls,
+  "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls
                            || !disabled("sctp"),
-  "05-sni.conf" => disabled("tls1_1"),
-  "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),
-  "10-resumption.conf" => !$is_default_tls || $no_ec,
-  "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"),
-  "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"),
-  "17-renegotiate.conf" => disabled("tls1_2"),
-  "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"),
-  "19-mac-then-encrypt.conf" => !$is_default_tls,
-  "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
-  "22-compression.conf" => !$is_default_tls,
-  "25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
-  "27-ticket-appdata.conf" => !$is_default_tls,
-  "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
-  "30-extended-master-secret.conf" => disabled("tls1_2"),
+  "05-sni.cnf" => disabled("tls1_1"),
+  "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "10-resumption.cnf" => !$is_default_tls || $no_ec,
+  "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "17-renegotiate.cnf" => disabled("tls1_2"),
+  "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"),
+  "19-mac-then-encrypt.cnf" => !$is_default_tls,
+  "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa,
+  "22-compression.cnf" => !$is_default_tls,
+  "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"),
+  "27-ticket-appdata.cnf" => !$is_default_tls,
+  "28-seclevel.cnf" => disabled("tls1_2") || $no_ec,
+  "30-extended-master-secret.cnf" => disabled("tls1_2"),
 );
 
 # Add your test here if it should be skipped for some compile-time
 # configurations. Default is $no_tls but some tests have different skip
 # conditions.
 my %skip = (
-  "06-sni-ticket.conf" => $no_tls_below1_3,
-  "07-dtls-protocol-version.conf" => $no_dtls,
-  "08-npn.conf" => (disabled("tls1") && disabled("tls1_1")
+  "06-sni-ticket.cnf" => $no_tls_below1_3,
+  "07-dtls-protocol-version.cnf" => $no_dtls,
+  "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1")
                     && disabled("tls1_2")) || $no_npn,
-  "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
-  "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
-  "12-ct.conf" => $no_tls || $no_ct || $no_ec,
+  "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"),
+  "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"),
+  "12-ct.cnf" => $no_tls || $no_ct || $no_ec,
   # We could run some of these tests without TLS 1.2 if we had a per-test
   # disable instruction but that's a bizarre configuration not worth
   # special-casing for.
   # TODO(TLS 1.3): We should review this once we have TLS 1.3.
-  "13-fragmentation.conf" => disabled("tls1_2"),
-  "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m,
-  "15-certstatus.conf" => $no_tls || $no_ocsp,
-  "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
-  "17-renegotiate.conf" => $no_tls_below1_3,
-  "18-dtls-renegotiate.conf" => $no_dtls,
-  "19-mac-then-encrypt.conf" => $no_pre_tls1_3,
-  "20-cert-select.conf" => disabled("tls1_2") || $no_ec,
-  "21-key-update.conf" => disabled("tls1_3"),
-  "22-compression.conf" => disabled("zlib") || $no_tls,
-  "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1")
+  "13-fragmentation.cnf" => disabled("tls1_2"),
+  "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m,
+  "15-certstatus.cnf" => $no_tls || $no_ocsp,
+  "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp,
+  "17-renegotiate.cnf" => $no_tls_below1_3,
+  "18-dtls-renegotiate.cnf" => $no_dtls,
+  "19-mac-then-encrypt.cnf" => $no_pre_tls1_3,
+  "20-cert-select.cnf" => disabled("tls1_2") || $no_ec,
+  "21-key-update.cnf" => disabled("tls1_3"),
+  "22-compression.cnf" => disabled("zlib") || $no_tls,
+  "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1")
                     && disabled("tls1_2")) || disabled("srp"),
-  "24-padding.conf" => disabled("tls1_3"),
-  "25-cipher.conf" => disabled("ec") || disabled("tls1_2"),
-  "26-tls13_client_auth.conf" => disabled("tls1_3"),
-  "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"),
+  "24-padding.cnf" => disabled("tls1_3"),
+  "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
+  "26-tls13_client_auth.cnf" => disabled("tls1_3"),
+  "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
 );
 
 foreach my $conf (@conf_files) {
@@ -133,7 +133,7 @@ sub test_conf {
            "Getting output from generate_ssl_tests.pl.");
 
     SKIP: {
-        # Test 2. Compare against existing output in test/ssl_tests.conf.
+        # Test 2. Compare against existing output in test/ssl_tests.cnf.
         skip "Skipping generated source test for $conf", 1
           if !$check_source;
 

test/recipes/80-test_ssl_old.t

@@ -18,7 +18,7 @@ use OpenSSL::Test::Utils;
 
 setup("test_ssl");
 
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
     $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,

test/recipes/80-test_ssl_test_ctx.t

@@ -15,5 +15,5 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 setup("test_ssl_test_ctx");
 
 plan tests => 1;
-ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])),
-   "running ssl_test_ctx_test ssl_test_ctx_test.conf");
+ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.cnf")])),
+   "running ssl_test_ctx_test ssl_test_ctx_test.cnf");

test/recipes/90-test_gost.t

@@ -31,7 +31,7 @@ plan skip_all => "No test GOST engine found"
 plan tests => 1;
 
 $ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
-                                 "gost.conf");
+                                 "gost.cnf");
 
 ok(run(test(["gosttest",
              srctop_file("test", "recipes", "90-test_gost_data",

test/recipes/90-test_includes_data/vms-includes.cnf

@@ -2,4 +2,4 @@
 # Example configuration file using includes.
 #
 
-.include [.conf-includes]
+.include [.cnf-includes]

test/ssl-tests/26-tls13_client_auth.conf.in → test/ssl-tests/26-tls13_client_auth.cnf.in

@@ -8,7 +8,7 @@
 
 
 ## Test TLSv1.3 certificate authentication
-## Similar to 04-client_auth.conf.in output, but specific for
+## Similar to 04-client_auth.cnf.in output, but specific for
 ## TLSv1.3 and post-handshake authentication
 
 use strict;

test/ssl_test_ctx_test.c

@@ -251,7 +251,7 @@ int setup_tests(void)
 
     if (!TEST_ptr(conf = NCONF_new(NULL)))
         return 0;
-    /* argument should point to test/ssl_test_ctx_test.conf */
+    /* argument should point to test/ssl_test_ctx_test.cnf */
     if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0))
         return 0;
 

util/fix-includes

@@ -14,6 +14,6 @@ find -name ossl_typ.h -o \( \
 	 -name '*.ec' -o \
 	 -name 'README*' -o \
 	 -name '*.pod' -o \
-	 -name '*.conf' \
+	 -name '*.cnf' -o -name '*.conf' \
 	 \) -exec sed -E -i \
 	 -f util/fix-includes.sed {} \;