projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix no-ct
[openssl.git]
/
test
/
CAss.cnf
diff --git
a/test/CAss.cnf
b/test/CAss.cnf
index 0884fee36159c3fdba98084f49cbff30a3e1e7db..b20a2427603ba9f9507a76251a31706497417e4c 100644
(file)
--- a/
test/CAss.cnf
+++ b/
test/CAss.cnf
@@
-7,7
+7,7
@@
RANDFILE = ./.rnd
####################################################################
[ req ]
####################################################################
[ req ]
-default_bits =
512
+default_bits =
2048
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
@@
-36,7
+36,7
@@
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
+ # several c
er
tificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
@@
-45,7
+45,7
@@
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
-x509_extensions = v3_ca # The exten
t
ions to add to the cert
+x509_extensions = v3_ca # The exten
s
ions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
@@
-71,4
+71,6
@@
emailAddress = optional
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
+basicConstraints = critical,CA:true,pathlen:1
+keyUsage = cRLSign, keyCertSign
+issuerAltName=issuer:copy