projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Exdata test was never enabled.
[oweals/openssl.git]
/
apps
/
openssl-vms.cnf
diff --git
a/apps/openssl-vms.cnf
b/apps/openssl-vms.cnf
index 45e46a0fb4394b90e2dac09acf8a3c8d849769a6..0092a650cb97bfbe687b04e9d5d7f929235ca42d 100644
(file)
--- a/
apps/openssl-vms.cnf
+++ b/
apps/openssl-vms.cnf
@@
-44,7
+44,7
@@
certs = $dir.certs] # Where the issued certs are kept
crl_dir = $dir.crl] # Where the issued crl are kept
database = $dir]index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
crl_dir = $dir.crl] # Where the issued crl are kept
database = $dir]index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
- # several c
tificate
s with same subject.
+ # several c
ert
s with same subject.
new_certs_dir = $dir.newcerts] # default place for new certs.
certificate = $dir]cacert.pem # The CA certificate
new_certs_dir = $dir.newcerts] # default place for new certs.
certificate = $dir]cacert.pem # The CA certificate
@@
-55,7
+55,7
@@
crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file
private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file
-x509_extensions = usr_cert # The exten
t
ions to add to the cert
+x509_extensions = usr_cert # The exten
s
ions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@@
-103,11
+103,11
@@
emailAddress = optional
####################################################################
[ req ]
####################################################################
[ req ]
-default_bits =
1024
+default_bits =
2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
-x509_extensions = v3_ca # The exten
t
ions to add to the self signed cert
+x509_extensions = v3_ca # The exten
s
ions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# Passwords for private keys if not present they will be prompted for
# input_password = secret
@@
-233,11
+233,7
@@
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
authorityKeyIdentifier=keyid:always,issuer
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
+basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
@@
-335,11
+331,11
@@
signer_cert = $dir/tsacert.pem # The TSA signing certificate
certs = $dir.cacert.pem] # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
certs = $dir.cacert.pem] # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
-
+signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests
= md5, sha1
# Acceptable message digests (mandatory)
+digests
= sha1, sha256, sha384, sha512
# Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?