/out32dll.dbg
/inc32
/MINFO
-/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
# This definition stops the following lines choking if HOME or CN
# is undefined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
CN = "Not Defined"
####################################################################
# This definition stops the following lines choking if HOME or CN
# is undefined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
CN = "Not Defined"
default_ca = ca
=item B<RANDFILE>
At startup the specified file is loaded into the random number generator,
-and at exit 256 bytes will be written to it.
+and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is
+not necessary anymore, see the L</HISTORY> section.
=item B<default_days>
serial = $dir/serial # serial no file
#rand_serial = yes # for random serial#'s
private_key = $dir/private/cakey.pem# CA private key
- RANDFILE = $dir/private/.rand # random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
./demoCA/index.txt - CA text database file
./demoCA/index.txt.old - CA text database backup file
./demoCA/certs - certificate output file
- ./demoCA/.rnd - CA random seed information
=head1 RESTRICTIONS
earlier than year 2049 (included), and as GeneralizedTime if the dates
are in year 2050 or later.
+OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
+seeding mechanism. The new seeding mechanism makes it unnecessary to
+define a RANDFILE for saving and restoring randomness. This option is
+retained mainly for compatibility reasons.
+
=head1 SEE ALSO
L<openssl(1)>,
Sample configuration containing all field values:
- RANDFILE = $ENV::HOME/.rnd
-
[ req ]
default_bits = 2048
default_keyfile = keyfile.pem
=item B<oid_file>
-See L<openssl-ca(1)> for description. (Optional)
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name. (Optional)
=item B<oid_section>
-See L<openssl-ca(1)> for description. (Optional)
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used. (Optional)
=item B<RANDFILE>
-See L<openssl-ca(1)> for description. (Optional)
+At startup the specified file is loaded into the random number generator,
+and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is
+not necessary anymore, see the L</HISTORY> section.
=item B<serial>
=back
+=head1 HISTORY
+
+OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
+seeding mechanism. The new seeding mechanism makes it unnecessary to
+define a RANDFILE for saving and restoring randomness. This option is
+retained mainly for compatibility reasons.
+
=head1 SEE ALSO
L<openssl(1)>,
# This is the default section.
HOME=/temp
- RANDFILE= ${ENV::HOME}/.rnd
configdir=$ENV::HOME/config
[ section_one ]
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
default_bits = 2048
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
x509_extensions = v3_ca # The extensions to add to the cert
#
# hacked by iang to do DH certs - CA
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
distinguished_name = req_distinguished_name
#
# hacked by iang to do DSA certs - CA
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
distinguished_name = req_distinguished_name
#
# create RSA certs - CA
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
distinguished_name = req_distinguished_name
# This config is used by the Time Stamp Authority tests.
#
-RANDFILE = ./.rnd
-
# Extra OBJECT IDENTIFIER info:
oid_section = new_oids
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
default_md = sha256 # which md to use.
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
default_bits = 2048
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
default_bits = 2048
#
# hacked by iang to do DSA certs - Server
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
distinguished_name = req_distinguished_name
#
# create RSA certs - Server
-RANDFILE = ./.rnd
-
####################################################################
[ req ]
distinguished_name = req_distinguished_name
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = ./.rnd
CN2 = Brother 2
####################################################################
return 0;
}
- /* verify whether RANDFILE is set correctly */
- str = NCONF_get_string(conf, "", "RANDFILE");
- if (!TEST_ptr(str) || !TEST_str_eq(str, "./.rnd")) {
- TEST_note("RANDFILE incorrect");
- return 0;
- }
-
/* verify whether CA_default/default_days is set */
val = 0;
if (!TEST_int_eq(NCONF_get_number(conf, "CA_default", "default_days", &val), 1)
require_ok(srctop_file('test','recipes','tconversion.pl'));
-open RND, ">>", ".rnd";
-print RND "string to make the random number generator think it has randomness";
-close RND;
-
# What type of key to generate?
my @req_new;
if (disabled("rsa")) {
# -----------
# subtest functions
sub testss {
- open RND, ">>", ".rnd";
- print RND "string to make the random number generator think it has randomness";
- close RND;
-
my @req_dsa = ("-newkey",
"dsa:".srctop_file("apps", "dsa1024.pem"));
my $dsaparams = srctop_file("apps", "dsa1024.pem");
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = ./.rnd
-
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/CAkey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
# This definition stops the following lines choking if HOME or CN
# is undefined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
CN = "Not Defined"
default_ca = ca
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = ./.rnd
-
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/CAkey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
projects / oweals / openssl.git / commitdiff