x509_extensions = usr_cert # The extentions to add to the cert
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
# input_password = secret
# output_password = secret
-# This sets the permitted types in a DirectoryString. There are several
-# options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
-# nobmp : PrintableString, T61String (no BMPStrings).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
-dirstring_type = nobmp
+string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
commonName_max = 64
emailAddress = Email Address
-emailAddress_max = 40
+emailAddress_max = 64
# SET-ex3 = SET extension number 3
projects / openssl.git / blobdiff