nistp521: add a comment to the P+P exceptional case in point_add.

[openssl.git] / apps / openssl-vms.cnf

diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
index 94caf45abb4fd549b9d27aa332c0f377f80dbaee..a3ca3930184d49a10b51c1ada98ade97643bb473 100644 (file)
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
 
 authorityKeyIdentifier=keyid:always,issuer
 
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
+basicConstraints = critical,CA:true
 
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
@@ -336,7 +332,6 @@ certs               = $dir.cacert.pem]      # Certificate chain to include in reply
                                        # (optional)
 signer_key     = $dir/private/tsakey.pem # The TSA private key (optional)
 signer_digest  = sha256                        # Signing digest to use. (Optional)
-
 default_policy = tsa_policy1           # Policy if request did not specify it
                                        # (optional)
 other_policies = tsa_policy2, tsa_policy3      # acceptable policies (optional)
@@ -349,3 +344,5 @@ tsa_name            = yes   # Must the TSA name be included in the reply?
                                # (optional, default: no)
 ess_cert_id_chain      = no    # Must the ESS cert id chain be included?
                                # (optional, default: no)
+ess_cert_id_alg                = sha1  # algorithm to compute certificate
+                               # identifier (optional, default: sha1)