projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use default digest implementation in dgst.c
[oweals/openssl.git]
/
apps
/
openssl.cnf
diff --git
a/apps/openssl.cnf
b/apps/openssl.cnf
index 2995800d96565247b86ec820c8d59dcac9106b86..18760c6e673d76ea7d83995e7b6dc5ec48839adb 100644
(file)
--- a/
apps/openssl.cnf
+++ b/
apps/openssl.cnf
@@
-145,7
+145,7
@@
localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (e
g,
YOUR name)
+commonName = Common Name (e
.g. server FQDN or
YOUR name)
commonName_max = 64
emailAddress = Email Address
commonName_max = 64
emailAddress = Email Address
@@
-212,7
+212,7
@@
authorityKeyIdentifier=keyid,issuer
#nsSslServerName
# This is required for TSA certificates.
#nsSslServerName
# This is required for TSA certificates.
-extendedKeyUsage = critical,timeStamping
+
#
extendedKeyUsage = critical,timeStamping
[ v3_req ]
[ v3_req ]
@@
-231,7
+231,7
@@
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
:always
+authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
@@
-264,7
+264,7
@@
basicConstraints = CA:true
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
,issuer:always
+authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
@@
-297,7
+297,7
@@
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
:always
+authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.