diff -ur libressl-3.9.2.orig/apps/openssl/apps.c libressl-3.9.2/apps/openssl/apps.c --- libressl-3.9.2.orig/apps/openssl/apps.c 2024-04-24 06:40:07.000000000 -0700 +++ libressl-3.9.2/apps/openssl/apps.c 2024-10-05 04:27:00.444876765 -0700 @@ -1069,7 +1069,7 @@ const char *t = X509_get_default_cert_area(); char *p; - if (asprintf(&p, "%s/openssl.cnf", t) == -1) + if (asprintf(&p, "%s/libressl.cnf", t) == -1) return NULL; return p; } diff -ur libressl-3.9.2.orig/apps/openssl/openssl.1 libressl-3.9.2/apps/openssl/openssl.1 --- libressl-3.9.2.orig/apps/openssl/openssl.1 2024-04-24 06:40:07.000000000 -0700 +++ libressl-3.9.2/apps/openssl/openssl.1 2024-10-05 04:26:14.517878020 -0700 @@ -6870,12 +6870,12 @@ .Sh ENVIRONMENT The following environment variables affect the execution of .Nm openssl : -.Bl -tag -width "/etc/ssl/openssl.cnf" +.Bl -tag -width "/etc/ssl/libressl.cnf" .It Ev OPENSSL_CONF The location of the master configuration file. .El .Sh FILES -.Bl -tag -width "/etc/ssl/openssl.cnf" -compact +.Bl -tag -width "/etc/ssl/libressl.cnf" -compact .It Pa /etc/ssl/ Default config directory for .Nm openssl . @@ -6883,7 +6883,7 @@ Unused. .It Pa /etc/ssl/private/ Default private key directory. -.It Pa /etc/ssl/openssl.cnf +.It Pa /etc/ssl/libressl.cnf Default configuration file for .Nm openssl . .It Pa /etc/ssl/x509v3.cnf @@ -6894,7 +6894,7 @@ .Sh SEE ALSO .Xr acme-client 1 , .Xr nc 1 , -.Xr openssl.cnf 5 , +.Xr libressl.cnf 5 , .Xr x509v3.cnf 5 , .Xr ssl 8 , .Xr starttls 8 diff -ur libressl-3.9.2.orig/ChangeLog libressl-3.9.2/ChangeLog --- libressl-3.9.2.orig/ChangeLog 2024-05-11 20:13:20.000000000 -0700 +++ libressl-3.9.2/ChangeLog 2024-10-05 04:27:47.668875473 -0700 @@ -2758,7 +2758,7 @@ * --with-enginesdir is removed as a configuration parameter - * Default cert.pem, openssl.cnf, and x509v3.cnf files are now + * Default cert.pem, libressl.cnf, and x509v3.cnf files are now installed under $sysconfdir/ssl or the directory specified by --with-openssldir. Previous versions of LibreSSL left these empty. diff -ur libressl-3.9.2.orig/CMakeLists.txt libressl-3.9.2/CMakeLists.txt --- libressl-3.9.2.orig/CMakeLists.txt 2024-05-11 20:07:31.000000000 -0700 +++ libressl-3.9.2/CMakeLists.txt 2024-10-05 04:28:38.420874086 -0700 @@ -533,7 +533,7 @@ endif(ENABLE_LIBRESSL_INSTALL) if(ENABLE_LIBRESSL_INSTALL) - install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) + install(FILES cert.pem libressl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) install(DIRECTORY DESTINATION ${CONF_DIR}/certs) endif(ENABLE_LIBRESSL_INSTALL) diff -ur libressl-3.9.2.orig/crypto/conf/conf_mod.c libressl-3.9.2/crypto/conf/conf_mod.c --- libressl-3.9.2.orig/crypto/conf/conf_mod.c 2024-05-11 20:07:56.000000000 -0700 +++ libressl-3.9.2/crypto/conf/conf_mod.c 2024-10-05 04:29:31.220872642 -0700 @@ -474,7 +474,7 @@ { char *file = NULL; - if (asprintf(&file, "%s/openssl.cnf", + if (asprintf(&file, "%s/libressl.cnf", X509_get_default_cert_area()) == -1) return (NULL); return file; diff -ur libressl-3.9.2.orig/Makefile.am libressl-3.9.2/Makefile.am --- libressl-3.9.2.orig/Makefile.am 2023-11-01 19:17:51.000000000 -0700 +++ libressl-3.9.2/Makefile.am 2024-10-05 04:30:30.596871018 -0700 @@ -12,7 +12,7 @@ EXTRA_DIST = README.md README.windows VERSION config scripts EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake LibreSSLConfig.cmake.in -EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf +EXTRA_DIST += cert.pem libressl.cnf x509v3.cnf .PHONY: install_sw install_sw: install @@ -24,7 +24,7 @@ OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ fi; \ mkdir -p "$$OPENSSLDIR/certs"; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ + for i in cert.pem libressl.cnf x509v3.cnf; do \ if [ ! -f "$$OPENSSLDIR/$i" ]; then \ $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ else \ @@ -38,7 +38,7 @@ else \ OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ fi; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ + for i in cert.pem libressl.cnf x509v3.cnf; do \ if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ rm -f "$$OPENSSLDIR/$$i"; \ fi \ diff -ur libressl-3.9.2.orig/Makefile.in libressl-3.9.2/Makefile.in --- libressl-3.9.2.orig/Makefile.in 2024-05-11 20:15:07.000000000 -0700 +++ libressl-3.9.2/Makefile.in 2024-10-05 04:31:30.707869375 -0700 @@ -374,7 +374,7 @@ EXTRA_DIST = README.md README.windows VERSION config scripts \ CMakeLists.txt cmake_export_symbol.cmake \ cmake_uninstall.cmake.in FindLibreSSL.cmake \ - LibreSSLConfig.cmake.in cert.pem openssl.cnf x509v3.cnf + LibreSSLConfig.cmake.in cert.pem libressl.cnf x509v3.cnf all: all-recursive .SUFFIXES: @@ -895,7 +895,7 @@ OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ fi; \ mkdir -p "$$OPENSSLDIR/certs"; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ + for i in cert.pem libressl.cnf x509v3.cnf; do \ if [ ! -f "$$OPENSSLDIR/$i" ]; then \ $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ else \ @@ -909,7 +909,7 @@ else \ OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ fi; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ + for i in cert.pem libressl.cnf x509v3.cnf; do \ if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ rm -f "$$OPENSSLDIR/$$i"; \ fi \ diff -ur libressl-3.9.2.orig/man/CONF_modules_load_file.3 libressl-3.9.2/man/CONF_modules_load_file.3 --- libressl-3.9.2.orig/man/CONF_modules_load_file.3 2024-04-24 06:40:06.000000000 -0700 +++ libressl-3.9.2/man/CONF_modules_load_file.3 2024-10-05 04:36:47.643860709 -0700 @@ -97,7 +97,7 @@ configures OpenSSL using the file .Fa filename in -.Xr openssl.cnf 5 +.Xr libressl.cnf 5 format and the application name .Fa appname . If @@ -105,7 +105,7 @@ is .Dv NULL , the standard OpenSSL configuration file -.Pa /etc/ssl/openssl.cnf +.Pa /etc/ssl/libressl.cnf is used. If .Fa appname @@ -190,10 +190,10 @@ returns a pointer to the constant string .Qq "/etc/ssl" . .Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact +.Bl -tag -width /etc/ssl/libressl.cnf -compact .It Pa /etc/ssl standard configuration directory -.It Pa /etc/ssl/openssl.cnf +.It Pa /etc/ssl/libressl.cnf standard configuration file .El .Sh EXAMPLES diff -ur libressl-3.9.2.orig/man/Makefile.am libressl-3.9.2/man/Makefile.am --- libressl-3.9.2.orig/man/Makefile.am 2024-05-11 20:14:58.000000000 -0700 +++ libressl-3.9.2/man/Makefile.am 2024-10-05 04:41:40.555852699 -0700 @@ -566,7 +566,7 @@ dist_man3_MANS += tls_load_file.3 dist_man3_MANS += tls_ocsp_process_response.3 dist_man3_MANS += tls_read.3 -dist_man5_MANS += openssl.cnf.5 +dist_man5_MANS += libressl.cnf.5 dist_man5_MANS += x509v3.cnf.5 install-data-hook: ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3" diff -ur libressl-3.9.2.orig/man/Makefile.in libressl-3.9.2/man/Makefile.in --- libressl-3.9.2.orig/man/Makefile.in 2024-05-11 20:15:10.000000000 -0700 +++ libressl-3.9.2/man/Makefile.in 2024-10-05 04:35:10.692863360 -0700 @@ -690,7 +690,7 @@ @ENABLE_LIBTLS_ONLY_FALSE@ tls_init.3 tls_load_file.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ tls_ocsp_process_response.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ tls_read.3 -@ENABLE_LIBTLS_ONLY_FALSE@dist_man5_MANS = openssl.cnf.5 x509v3.cnf.5 +@ENABLE_LIBTLS_ONLY_FALSE@dist_man5_MANS = libressl.cnf.5 x509v3.cnf.5 all: all-am .SUFFIXES: diff -ur libressl-3.9.2.orig/man/openssl.cnf.5 libressl-3.9.2/man/openssl.cnf.5 --- libressl-3.9.2.orig/man/openssl.cnf.5 2024-04-24 06:40:06.000000000 -0700 +++ libressl-3.9.2/man/openssl.cnf.5 2024-10-05 04:40:00.122855446 -0700 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $ +.\" $OpenBSD: libressl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $ .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 .\" @@ -51,16 +51,16 @@ .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 19 2023 $ -.Dt OPENSSL.CNF 5 +.Dt LIBRESSL.CNF 5 .Os .Sh NAME -.Nm openssl.cnf +.Nm libressl.cnf .Nd OpenSSL configuration files .Sh DESCRIPTION The OpenSSL CONF library can be used to read configuration files; see .Xr CONF_modules_load_file 3 . It is used for the OpenSSL master configuration file -.Pa /etc/ssl/openssl.cnf +.Pa /etc/ssl/libressl.cnf and in a few other places like .Sy SPKAC files and certificate extension files for the @@ -225,8 +225,8 @@ .Pp .Dl shortName = some object long name, 1.2.3.4 .Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl/openssl.cnf +.Bl -tag -width /etc/ssl/libressl.cnf -compact +.It Pa /etc/ssl/libressl.cnf standard configuration file .El .Sh EXAMPLES diff -ur libressl-3.9.2.orig/man/OPENSSL_config.3 libressl-3.9.2/man/OPENSSL_config.3 --- libressl-3.9.2.orig/man/OPENSSL_config.3 2024-04-24 06:40:06.000000000 -0700 +++ libressl-3.9.2/man/OPENSSL_config.3 2024-10-05 04:33:10.827866637 -0700 @@ -132,8 +132,8 @@ calling .Xr CONF_modules_free 3 . .Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl/openssl.cnf +.Bl -tag -width /etc/ssl/libressl.cnf -compact +.It Pa /etc/ssl/libressl.cnf standard configuration file .El .Sh SEE ALSO @@ -142,7 +142,7 @@ .Xr crypto 3 , .Xr OPENSSL_load_builtin_modules 3 , .Xr OPENSSL_VERSION_NUMBER 3 , -.Xr openssl.cnf 5 , +.Xr libressl.cnf 5 , .Xr x509v3.cnf 5 .Sh HISTORY .Fn OPENSSL_config diff -ur libressl-3.9.2.orig/man/OPENSSL_init_crypto.3 libressl-3.9.2/man/OPENSSL_init_crypto.3 --- libressl-3.9.2.orig/man/OPENSSL_init_crypto.3 2024-03-25 00:32:30.000000000 -0700 +++ libressl-3.9.2/man/OPENSSL_init_crypto.3 2024-10-05 04:40:52.698854008 -0700 @@ -93,7 +93,7 @@ .Xr CONF_modules_load_file 3 , .Xr OPENSSL_config 3 , .Xr OPENSSL_load_builtin_modules 3 , -.Xr openssl.cnf 5 +.Xr libressl.cnf 5 .Sh HISTORY .Fn OPENSSL_init first appeared in OpenSSL 1.0.0e and has been available since diff -ur libressl-3.9.2.orig/man/x509v3.cnf.5 libressl-3.9.2/man/x509v3.cnf.5 --- libressl-3.9.2.orig/man/x509v3.cnf.5 2024-03-25 00:32:31.000000000 -0700 +++ libressl-3.9.2/man/x509v3.cnf.5 2024-10-05 04:34:16.643864837 -0700 @@ -61,7 +61,7 @@ Several of the OpenSSL utilities can add extensions to a certificate or certificate request based on the contents of a configuration file. The file format is based on the -.Xr openssl.cnf 5 +.Xr libressl.cnf 5 format. .Pp Typically the application will contain an option to point to an @@ -685,7 +685,7 @@ .Xr openssl 1 , .Xr ASN1_generate_nconf 3 , .Xr OPENSSL_config 3 , -.Xr openssl.cnf 5 +.Xr libressl.cnf 5 .Sh HISTORY X509v3 extension code was first added to OpenSSL 0.9.2. .Sh CAVEATS diff -ur libressl-3.9.2.orig/tests/Makefile.am libressl-3.9.2/tests/Makefile.am --- libressl-3.9.2.orig/tests/Makefile.am 2024-05-11 20:07:31.000000000 -0700 +++ libressl-3.9.2/tests/Makefile.am 2024-10-05 04:48:08.961842079 -0700 @@ -707,7 +707,7 @@ # testdsa TESTS += testdsa.sh EXTRA_DIST += testdsa.sh testdsa.bat -EXTRA_DIST += openssl.cnf +EXTRA_DIST += libressl.cnf # testenc TESTS += testenc.sh diff -ur libressl-3.9.2.orig/tests/Makefile.in libressl-3.9.2/tests/Makefile.in --- libressl-3.9.2.orig/tests/Makefile.in 2024-05-11 20:15:11.000000000 -0700 +++ libressl-3.9.2/tests/Makefile.in 2024-10-05 04:46:07.250845407 -0700 @@ -1508,7 +1508,7 @@ server2-ecdsa-chain.pem server2-ecdsa.pem \ server2-rsa-chain.pem server2-rsa.pem server3-ecdsa-chain.pem \ server3-ecdsa.pem server3-rsa-chain.pem server3-rsa.pem \ - testdsa.sh testdsa.bat openssl.cnf testenc.sh testenc.bat \ + testdsa.sh testdsa.bat libressl.cnf testenc.sh testenc.bat \ testrsa.sh testrsa.bat tlstest.sh tlstest.bat DISTCLEANFILES = pidwraptest.txt aeadtest_SOURCES = aeadtest.c diff -ur libressl-3.9.2.orig/tests/openssl.cnf libressl-3.9.2/tests/openssl.cnf --- libressl-3.9.2.orig/tests/openssl.cnf 2019-04-22 23:55:18.000000000 -0700 +++ libressl-3.9.2/tests/openssl.cnf 2024-10-05 04:45:30.594846409 -0700 @@ -1,4 +1,4 @@ -# $OpenBSD: openssl.cnf,v 1.1 2014/08/26 17:50:07 jsing Exp $ +# $OpenBSD: libressl.cnf,v 1.1 2014/08/26 17:50:07 jsing Exp $ # # SSLeay example configuration file. diff -ur libressl-3.9.2.orig/tests/testdsa.bat libressl-3.9.2/tests/testdsa.bat --- libressl-3.9.2.orig/tests/testdsa.bat 2021-09-28 12:05:18.000000000 -0700 +++ libressl-3.9.2/tests/testdsa.bat 2024-10-05 04:44:42.746847718 -0700 @@ -17,7 +17,7 @@ REM # Generate a DSA certificate -%openssl_bin% req -config %srcdir%\openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key +%openssl_bin% req -config %srcdir%\libressl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key if !errorlevel! neq 0 ( exit /b 1 ) diff -ur libressl-3.9.2.orig/tests/testdsa.sh libressl-3.9.2/tests/testdsa.sh --- libressl-3.9.2.orig/tests/testdsa.sh 2021-09-28 12:05:18.000000000 -0700 +++ libressl-3.9.2/tests/testdsa.sh 2024-10-05 04:47:31.697843098 -0700 @@ -28,7 +28,7 @@ # Denerate a DSA certificate -$cmd req -config $srcdir/openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key +$cmd req -config $srcdir/libressl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key if [ $? != 0 ]; then exit 1; fi diff -ur libressl-3.9.2.orig/tests/testenc.bat libressl-3.9.2/tests/testenc.bat --- libressl-3.9.2.orig/tests/testenc.bat 2024-03-06 07:03:41.000000000 -0800 +++ libressl-3.9.2/tests/testenc.bat 2024-10-05 04:44:00.474848874 -0700 @@ -8,8 +8,8 @@ set openssl_bin=%openssl_bin:/=\% if not exist %openssl_bin% exit /b 1 -echo copy %srcdir%\openssl.cnf %test% -copy %srcdir%\openssl.cnf %test% +echo copy %srcdir%\libressl.cnf %test% +copy %srcdir%\libressl.cnf %test% echo cat echo %openssl_bin% enc -in %test% -out %test%.CIPHER diff -ur libressl-3.9.2.orig/tests/testenc.sh libressl-3.9.2/tests/testenc.sh --- libressl-3.9.2.orig/tests/testenc.sh 2021-09-28 12:05:18.000000000 -0700 +++ libressl-3.9.2/tests/testenc.sh 2024-10-05 04:42:38.122851125 -0700 @@ -18,7 +18,7 @@ srcdir=. fi -cat $srcdir/openssl.cnf >$test; +cat $srcdir/libressl.cnf >$test; echo cat $cmd enc < $test > $test.cipher diff -ur libressl-3.9.2.orig/tests/testrsa.bat libressl-3.9.2/tests/testrsa.bat --- libressl-3.9.2.orig/tests/testrsa.bat 2021-09-28 12:05:18.000000000 -0700 +++ libressl-3.9.2/tests/testrsa.bat 2024-10-05 04:43:15.242850110 -0700 @@ -17,7 +17,7 @@ REM # Generate an RSA certificate -%openssl_bin% req -config %srcdir%\openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem +%openssl_bin% req -config %srcdir%\libressl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem if !errorlevel! neq 0 ( exit /b 1 ) diff -ur libressl-3.9.2.orig/tests/testrsa.sh libressl-3.9.2/tests/testrsa.sh --- libressl-3.9.2.orig/tests/testrsa.sh 2021-09-28 12:05:18.000000000 -0700 +++ libressl-3.9.2/tests/testrsa.sh 2024-10-05 04:47:05.649843810 -0700 @@ -28,7 +28,7 @@ # Generate an RSA certificate -$cmd req -config $srcdir/openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem +$cmd req -config $srcdir/libressl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem if [ $? != 0 ]; then exit 1; fi