Fix some of the command line password stuff. New function

[openssl.git] / apps / openssl.cnf

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 8d044fb6b281678e297033efceeb863432b0b817..13aeb9b0bad70e4359eabcc64f0a9cef11ce9b86 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -3,8 +3,13 @@
 # This is mostly being used for generation of certificate requests.
 #
 
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME                   = .
 RANDFILE               = $ENV::HOME/.rnd
-oid_file               = $ENV::HOME/.oid
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file              = $ENV::HOME/.oid
 oid_section            = new_oids
 
 # To use this configuration file with the "-extfile" option of the
@@ -86,6 +91,21 @@ distinguished_name   = req_distinguished_name
 attributes             = req_attributes
 x509_extensions        = v3_ca # The extentions to add to the self signed cert
 
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets the permitted types in a DirectoryString. There are several
+# options. 
+# default: PrintableString, T61String, BMPString.
+# pkix  : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nobmp : PrintableString, T61String (no BMPStrings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+dirstring_type = nobmp
+
 # req_extensions = v3_req # The extensions to add to a certificate request
 
 [ req_distinguished_name ]