From 54565832949c64d715d9e09cc8d4b52a755a5e9d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 7 Nov 2006 14:27:55 +0000
Subject: [PATCH] Don't add the TS EKU by default in openssl.cnf because it
 then makes certificates genereated by ca, CA.pl etc useless for anything
 else.

---
 apps/openssl.cnf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 2995800d96..7bcaa53ede 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -212,7 +212,7 @@ authorityKeyIdentifier=keyid,issuer
 #nsSslServerName
 
 # This is required for TSA certificates.
-extendedKeyUsage = critical,timeStamping
+# extendedKeyUsage = critical,timeStamping
 
 [ v3_req ]
 
-- 
2.25.1