X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2FCAtsa.cnf;h=d1642879be3baee737bc019b2f8e91ad4641ea02;hp=732e9996d6f7e92b72bd26e6e17c24e16c3c160f;hb=1a54618ba6ec09b85f00f5ca12ef275b429ff18a;hpb=8573552e8c3eed250dfc2031dd794500f343ac94 diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index 732e9996d6..d1642879be 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -3,14 +3,14 @@ # This config is used by the Time Stamp Authority tests. # -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . -RANDFILE = $ENV::HOME/.rnd +RANDFILE = ./.rnd # Extra OBJECT IDENTIFIER info: oid_section = new_oids +TSDNSECT = ts_cert_dn +INDEX = 1 + [ new_oids ] # Policies used by the TSA tests. @@ -35,7 +35,7 @@ private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file default_days = 365 # how long to certify for -default_md = sha1 # which md to use. +default_md = sha256 # which md to use. preserve = no # keep passed DN ordering policy = policy_match @@ -51,38 +51,29 @@ emailAddress = optional #---------------------------------------------------------------------- [ req ] -default_bits = 1024 +default_bits = 2048 default_md = sha1 -distinguished_name = req_distinguished_name +distinguished_name = $ENV::TSDNSECT encrypt_rsa_key = no +prompt = no # attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert +x509_extensions = v3_ca # The extensions to add to the self signed cert string_mask = nombstr -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = HU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = - -commonName = Common Name (eg, YOUR name) -commonName_max = 64 +[ ts_ca_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Budapest +organizationName = Gov-CA Ltd. +commonName = ca1 -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name +[ ts_cert_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Buda +organizationName = Hun-TSA Ltd. +commonName = tsa$ENV::INDEX [ tsa_cert ] @@ -138,14 +129,14 @@ dir = . # TSA root directory serial = $dir/tsa_serial # The current serial number (mandatory) signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate # (optional) -certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply +certs = $dir/tsaca.pem # Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key1.pem # The TSA private key (optional) - +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) ordering = yes # Is ordering defined for timestamps? # (optional, default: no) @@ -153,6 +144,8 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = yes # Must the ESS cert id chain be included? # (optional, default: no) +ess_cert_id_alg = sha256 # algorithm to compute certificate + # identifier (optional, default: sha1) [ tsa_config2 ] @@ -165,8 +158,8 @@ signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key2.pem # The TSA private key (optional) - +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)