projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
storeutl: make sure s2i_ASN1_INTEGER is correctly declared
[openssl.git] / apps / openssl.cnf
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 53c4bef04481f40ab70e7c2cec9eee45357ff05b..32ee9e9fbbba56f8cb8590766796fd0c88c520af 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
 
 authorityKeyIdentifier=keyid:always,issuer
 
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
+basicConstraints = critical,CA:true
 
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
@@ -348,3 +344,5 @@ tsa_name            = yes   # Must the TSA name be included in the reply?
                                # (optional, default: no)
 ess_cert_id_chain      = no    # Must the ESS cert id chain be included?
                                # (optional, default: no)
+ess_cert_id_alg                = sha1  # algorithm to compute certificate
+                               # identifier (optional, default: sha1)
Unnamed repository; edit this file 'description' to name the repository.