X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2FCAtsa.cnf;h=d1642879be3baee737bc019b2f8e91ad4641ea02;hp=f5a275bfc23c1d6747e3de5b04849669ee0c0b1a;hb=459217237640369a092084ccb80175b5758f40b1;hpb=2d851ab919ecf052d2ff8d6b2a044ad3e1cd7e81 diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index f5a275bfc2..d1642879be 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -35,7 +35,7 @@ private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file default_days = 365 # how long to certify for -default_md = sha1 # which md to use. +default_md = sha256 # which md to use. preserve = no # keep passed DN ordering policy = policy_match @@ -51,13 +51,13 @@ emailAddress = optional #---------------------------------------------------------------------- [ req ] -default_bits = 1024 +default_bits = 2048 default_md = sha1 distinguished_name = $ENV::TSDNSECT encrypt_rsa_key = no prompt = no # attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert +x509_extensions = v3_ca # The extensions to add to the self signed cert string_mask = nombstr @@ -132,11 +132,11 @@ signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate certs = $dir/tsaca.pem # Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key1.pem # The TSA private key (optional) - +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) ordering = yes # Is ordering defined for timestamps? # (optional, default: no) @@ -144,6 +144,8 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = yes # Must the ESS cert id chain be included? # (optional, default: no) +ess_cert_id_alg = sha256 # algorithm to compute certificate + # identifier (optional, default: sha1) [ tsa_config2 ] @@ -156,8 +158,8 @@ signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key2.pem # The TSA private key (optional) - +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)