diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2008-07-15 20:39:32 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2008-07-15 20:39:32 +0000 |
| commit | 1c11568c0c5e5c80719de03f72fac4f9663eaee3 (patch) | |
| tree | b0f21dc5e63b4b43ab504fb9e67aa86c66807cb2 | |
| parent | 2da3445bc0f02d9ba60e358935b7bf86516180e5 (diff) | |
| download | acf-openssl-1c11568c0c5e5c80719de03f72fac4f9663eaee3.tar.bz2 acf-openssl-1c11568c0c5e5c80719de03f72fac4f9663eaee3.tar.xz | |
Modified openssl-ca-acf.cnf to fix x509 extensions.
git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1307 ab2d0c66-481e-0410-8bed-d214d4d58bed
| -rw-r--r-- | openssl-ca-acf.cnf | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf index 73db0c6..7530240 100644 --- a/openssl-ca-acf.cnf +++ b/openssl-ca-acf.cnf @@ -69,14 +69,13 @@ countryName = optional commonName = supplied emailAddress = optional localityName = optional -subjectAltName = optional - +subjectAltName = optional [ policy_acf_cert ] organizationalUnitName = optional commonName = supplied emailAddress = optional -subjectAltName = optional +subjectAltName = optional #################################################################### @@ -147,34 +146,42 @@ authorityKeyIdentifier = keyid,issuer:always [ general_cert ] # Non-specific +policy = policy_acf_cert +x509_extensions = general +[ general ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always -policy = policy_acf_cert - [ ssl_server_cert ] # SSL server +policy = policy_acf_cert +x509_extensions = ssl_server +[ ssl_server ] basicConstraints = CA:FALSE nsCertType = server keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always -policy = policy_acf_cert [ ssl_client_cert ] # SSL client +policy = policy_acf_cert +x509_extensions = ssl_client +[ ssl_client ] basicConstraints = CA:FALSE nsCertType = client keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always -policy = policy_acf_cert [ ssl_ca_cert ] # SSL Certifying Authority +policy = policy_acf_ca +x509_extensions = ssl_ca +[ ssl_ca ] basicConstraints = critical, CA:true nsCertType = sslCA # Below is correct, but may prevent self-signed certs from working @@ -182,7 +189,6 @@ keyUsage = cRLSign, keyCertSign extendedKeyUsage = subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always -policy = policy_acf_ca [ crl_ext ] authorityKeyIdentifier = keyid,issuer:always |