RT3809: basicConstraints is critical

[openssl.git] / apps / openssl-vms.cnf

diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
index 5b3a27fc4b5ac55b1329ac193cd52a7d206aa33d..0092a650cb97bfbe687b04e9d5d7f929235ca42d 100644 (file)
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
 
 authorityKeyIdentifier=keyid:always,issuer
 
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
+basicConstraints = critical,CA:true
 
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best