diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index f18e63c351..4d96a1f32d 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -16,8 +16,7 @@ HOME = . # Use this in order to automatically load providers. openssl_conf = openssl_init -# Comment this out if you deliberately want to ignore -# configuration errors +# Comment out the next line to ignore configuration errors config_diagnostics = 1 # Extra OBJECT IDENTIFIER info: diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 97567a67be..ffb424a871 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -16,8 +16,7 @@ HOME = . # Use this in order to automatically load providers. openssl_conf = openssl_init -# Comment this out if you deliberately want to ignore -# configuration errors +# Comment out the next line to ignore configuration errors config_diagnostics = 1 # Extra OBJECT IDENTIFIER info: diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf index cb0cefba75..ce36678ee9 100644 --- a/demos/bio/accept.cnf +++ b/demos/bio/accept.cnf @@ -1,10 +1,16 @@ # Example configuration file + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # Port to listen on Port = 4433 + # Disable TLS v1.2 for test. # Protocol = ALL, -TLSv1.2 # Only support 3 curves Curves = P-521:P-384:P-256 + # Restricted signature algorithms SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 Certificate=server.pem diff --git a/demos/bio/cmod.cnf b/demos/bio/cmod.cnf index 39ac54edd9..df514dba79 100644 --- a/demos/bio/cmod.cnf +++ b/demos/bio/cmod.cnf @@ -4,6 +4,9 @@ # and section containing configuration testapp = test_sect +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [test_sect] # list of configuration modules diff --git a/demos/bio/connect.cnf b/demos/bio/connect.cnf index ab764403a4..0049a77b2d 100644 --- a/demos/bio/connect.cnf +++ b/demos/bio/connect.cnf @@ -1,9 +1,15 @@ # Example configuration file + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # Connects to the default port of s_server Connect = localhost:4433 + # Disable TLS v1.2 for test. # Protocol = ALL, -TLSv1.2 # Only support 3 curves Curves = P-521:P-384:P-256 + # Restricted signature algorithms SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf index 07a3d10b55..72ed70de75 100644 --- a/demos/certs/apps/apps.cnf +++ b/demos/certs/apps/apps.cnf @@ -7,6 +7,10 @@ HOME = . CN = "Not Defined" +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + + #################################################################### [ req ] default_bits = 2048 diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index 2fbf20490b..e0c73c4eef 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -8,6 +8,9 @@ HOME = . CN = "Not Defined" default_ca = ca +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + #################################################################### [ req ] default_bits = 1024 diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index e232e7023e..50f68cbc19 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -3,6 +3,9 @@ # This config is used by the Time Stamp Authority tests. # +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # Extra OBJECT IDENTIFIER info: oid_section = new_oids diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf index f6663924ae..463b49954c 100644 --- a/test/ca-and-certs.cnf +++ b/test/ca-and-certs.cnf @@ -1,4 +1,7 @@ +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + CN2 = Brother 2 #################################################################### diff --git a/test/ct/log_list.cnf b/test/ct/log_list.cnf index 4b68e53558..b723b8c9f6 100644 --- a/test/ct/log_list.cnf +++ b/test/ct/log_list.cnf @@ -1,5 +1,8 @@ enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [test] description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== diff --git a/test/default-and-fips.cnf b/test/default-and-fips.cnf index 7a4d765591..2ca6487fd2 100644 --- a/test/default-and-fips.cnf +++ b/test/default-and-fips.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + .include fipsmodule.cnf [openssl_init] diff --git a/test/default-and-legacy.cnf b/test/default-and-legacy.cnf index adfa225f64..4e288a45ea 100644 --- a/test/default-and-legacy.cnf +++ b/test/default-and-legacy.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [openssl_init] providers = provider_sect diff --git a/test/default.cnf b/test/default.cnf index 12da8cb5bd..f29d0e92ba 100644 --- a/test/default.cnf +++ b/test/default.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [openssl_init] providers = provider_sect diff --git a/test/fips-and-base.cnf b/test/fips-and-base.cnf index 0caf2b88a4..494e96a87e 100644 --- a/test/fips-and-base.cnf +++ b/test/fips-and-base.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + .include fipsmodule.cnf [openssl_init] diff --git a/test/fips.cnf b/test/fips.cnf index fa131a8bf6..74349c80ae 100644 --- a/test/fips.cnf +++ b/test/fips.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + .include fipsmodule.cnf [openssl_init] diff --git a/test/legacy.cnf b/test/legacy.cnf index 60b09a1e34..ffbcbd16ba 100644 --- a/test/legacy.cnf +++ b/test/legacy.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [openssl_init] providers = provider_sect diff --git a/test/provider_internal_test.cnf.in b/test/provider_internal_test.cnf.in index 12c292437e..16c555c844 100644 --- a/test/provider_internal_test.cnf.in +++ b/test/provider_internal_test.cnf.in @@ -1,3 +1,6 @@ +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + {- use platform -} openssl_conf = openssl_init diff --git a/test/proxy.cnf b/test/proxy.cnf index ceac227c04..cfb862cbda 100644 --- a/test/proxy.cnf +++ b/test/proxy.cnf @@ -1,6 +1,9 @@ ## Config file for proxy certificate testing. +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [ req ] distinguished_name = req_distinguished_name_p1 encrypt_rsa_key = no diff --git a/test/smime-certs/ca.cnf b/test/smime-certs/ca.cnf index 00d40e7479..31bddea1fa 100644 --- a/test/smime-certs/ca.cnf +++ b/test/smime-certs/ca.cnf @@ -2,6 +2,9 @@ # OpenSSL example configuration file for automated certificate creation. # +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # This definition stops the following lines choking if HOME or CN # is undefined. HOME = . diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf index 5473d837c1..0094831608 100644 --- a/test/sysdefault.cnf +++ b/test/sysdefault.cnf @@ -1,5 +1,8 @@ # Configuration file to test system default SSL configuration +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + openssl_conf = default_conf [ default_conf ]