projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add extra checks for odd-length EC curve lists.
[oweals/openssl.git]
/
apps
/
openssl.cnf
diff --git
a/apps/openssl.cnf
b/apps/openssl.cnf
index 7bcaa53ede5faa99fe77d2a0e737ce4ac51616a4..1eb86c40126308376e1c6e816d4988badd369fb8 100644
(file)
--- a/
apps/openssl.cnf
+++ b/
apps/openssl.cnf
@@
-103,7
+103,7
@@
emailAddress = optional
####################################################################
[ req ]
####################################################################
[ req ]
-default_bits =
1024
+default_bits =
2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@
-145,7
+145,7
@@
localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (e
g,
YOUR name)
+commonName = Common Name (e
.g. server FQDN or
YOUR name)
commonName_max = 64
emailAddress = Email Address
commonName_max = 64
emailAddress = Email Address
@@
-231,7
+231,7
@@
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
:always
+authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
@@
-264,7
+264,7
@@
basicConstraints = CA:true
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
,issuer:always
+authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
@@
-297,7
+297,7
@@
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
:always
+authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.