X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fopenssl-vms.cnf;h=f4a25112dc820e169cb32431f77c338b18676e4b;hb=48bc0d99af6df9919ddbe71e4bc6d8690e9b5174;hp=ba6977c01cf62a89d660659e27930a4f5e002e83;hpb=e20b47275109aafc559446d731e6baad4a1f55d1;p=openssl.git diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index ba6977c01c..f4a25112dc 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -3,6 +3,10 @@ # This is mostly being used for generation of certificate requests. # +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + # This definition stops the following lines choking if HOME isn't # defined. HOME = . @@ -233,11 +237,7 @@ subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer -# This is what PKIX recommends but some broken software chokes on critical -# extensions. -#basicConstraints = critical,CA:true -# So we do this instead. -basicConstraints = CA:true +basicConstraints = critical,CA:true # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best @@ -335,12 +335,11 @@ signer_cert = $dir/tsacert.pem # The TSA signing certificate certs = $dir.cacert.pem] # Certificate chain to include in reply # (optional) signer_key = $dir/private/tsakey.pem # The TSA private key (optional) -signer_digest = sha1 # Signing digest to use. (Optional) - +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) clock_precision_digits = 0 # number of digits after dot. (optional) ordering = yes # Is ordering defined for timestamps? @@ -349,3 +348,5 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1)