generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change default openssl.cnf to only use issuer+serial option in AKID if no

Browse Source 
SKID.
This commit is contained in:
Dr. Stephen Henson 2009-04-04 18:09:43 +00:00
parent 2dd5ca1fbc
commit 326794e9c6
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/openssl.cnf
View File

@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical # This is what PKIX recommends but some broken software chokes on critical
# extensions. # extensions.
@ -264,7 +264,7 @@ basicConstraints = CA:true
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy # issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ] [ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate # These extensions should be added when creating a proxy certificate
@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates. # PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname. # This stuff is for subjectAltName and issuerAltname.
# Import the email address. # Import the email address.