projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix a slightly confusing if condition in a2i_ASN1_INTEGER.
[openssl.git]
/
apps
/
openssl-vms.cnf
diff --git
a/apps/openssl-vms.cnf
b/apps/openssl-vms.cnf
index 51a296b2d857da4cee6526c0cd473e968d7b2313..0092a650cb97bfbe687b04e9d5d7f929235ca42d 100644
(file)
--- a/
apps/openssl-vms.cnf
+++ b/
apps/openssl-vms.cnf
@@
-233,11
+233,7
@@
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
authorityKeyIdentifier=keyid:always,issuer
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
+basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
@@
-335,8
+331,7
@@
signer_cert = $dir/tsacert.pem # The TSA signing certificate
certs = $dir.cacert.pem] # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
certs = $dir.cacert.pem] # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
-signer_digest = sha1 # Signing digest to use. (Optional)
-
+signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)