Add tests for new extension code

[openssl.git] / apps / openssl-vms.cnf

diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
index c0ded4a5f18f73cbcb42ef8fafa52465a472d86b..0092a650cb97bfbe687b04e9d5d7f929235ca42d 100644 (file)
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
 
 authorityKeyIdentifier=keyid:always,issuer
 
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
+basicConstraints = critical,CA:true
 
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
@@ -335,11 +331,11 @@ signer_cert       = $dir/tsacert.pem      # The TSA signing certificate
 certs          = $dir.cacert.pem]      # Certificate chain to include in reply
                                        # (optional)
 signer_key     = $dir/private/tsakey.pem # The TSA private key (optional)
-
+signer_digest  = sha256                        # Signing digest to use. (Optional)
 default_policy = tsa_policy1           # Policy if request did not specify it
                                        # (optional)
 other_policies = tsa_policy2, tsa_policy3      # acceptable policies (optional)
-digests                = md5, sha1             # Acceptable message digests (mandatory)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
 accuracy       = secs:1, millisecs:500, microsecs:100  # (optional)
 clock_precision_digits  = 0    # number of digits after dot. (optional)
 ordering               = yes   # Is ordering defined for timestamps?