From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 7 Nov 2006 14:27:55 +0000 (+0000)
Subject: Don't add the TS EKU by default in openssl.cnf because it then
X-Git-Tag: OpenSSL_0_9_8k^2~1078
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=54565832949c64d715d9e09cc8d4b52a755a5e9d

Don't add the TS EKU by default in openssl.cnf because it then
makes certificates genereated by ca, CA.pl etc useless for anything else.
---

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 2995800d96..7bcaa53ede 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -212,7 +212,7 @@ authorityKeyIdentifier=keyid,issuer
 #nsSslServerName
 
 # This is required for TSA certificates.
-extendedKeyUsage = critical,timeStamping
+# extendedKeyUsage = critical,timeStamping
 
 [ v3_req ]