projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
new option "openssl ciphers -V"
[openssl.git]
/
apps
/
openssl.cnf
diff --git
a/apps/openssl.cnf
b/apps/openssl.cnf
index 04710f87d57785d714a49e7305a9ba383defc10e..f58a30af432976499d3cf39c8b6557341e8e0eac 100644
(file)
--- a/
apps/openssl.cnf
+++ b/
apps/openssl.cnf
@@
-110,13
+110,12
@@
x509_extensions = v3_ca # The extentions to add to the self signed cert
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString
.
-# utf8only: only UTF8Strings.
+# pkix : PrintableString, BMPString
(PKIX recommendation before 2004)
+# utf8only: only UTF8Strings
(PKIX recommendation after 2004)
.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
# req_extensions = v3_req # The extensions to add to a certificate request
@@
-188,7
+187,7
@@
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
:always
+authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.