diff options
Diffstat (limited to 'crypto/heimdal/lib/hx509/data/openssl.cnf')
-rw-r--r-- | crypto/heimdal/lib/hx509/data/openssl.cnf | 182 |
1 files changed, 0 insertions, 182 deletions
diff --git a/crypto/heimdal/lib/hx509/data/openssl.cnf b/crypto/heimdal/lib/hx509/data/openssl.cnf deleted file mode 100644 index 7fe3b64..0000000 --- a/crypto/heimdal/lib/hx509/data/openssl.cnf +++ /dev/null @@ -1,182 +0,0 @@ -oid_section = new_oids - -[ new_oids ] -pkkdcekuoid = 1.3.6.1.5.2.3.5 - -[ca] - -default_ca = user - -[usr] -database = index.txt -serial = serial -x509_extensions = usr_cert -default_md=sha1 -policy = policy_match -certs = . - -[ocsp] -database = index.txt -serial = serial -x509_extensions = ocsp_cert -default_md=sha1 -policy = policy_match -certs = . - -[usr_ke] -database = index.txt -serial = serial -x509_extensions = usr_cert_ke -default_md=sha1 -policy = policy_match -certs = . - -[usr_ds] -database = index.txt -serial = serial -x509_extensions = usr_cert_ds -default_md=sha1 -policy = policy_match -certs = . - -[pkinit_client] -database = index.txt -serial = serial -x509_extensions = pkinit_client_cert -default_md=sha1 -policy = policy_match -certs = . - -[pkinit_kdc] -database = index.txt -serial = serial -x509_extensions = pkinit_kdc_cert -default_md=sha1 -policy = policy_match -certs = . - -[https] -database = index.txt -serial = serial -x509_extensions = https_cert -default_md=sha1 -policy = policy_match -certs = . - -[subca] -database = index.txt -serial = serial -x509_extensions = v3_ca -default_md=sha1 -policy = policy_match -certs = . - - -[ req ] -distinguished_name = req_distinguished_name -x509_extensions = v3_ca # The extentions to add to the self signed cert - -string_mask = utf8only - -[ v3_ca ] - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true -keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature - -[ usr_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash - -[ usr_cert_ke ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, keyEncipherment -subjectKeyIdentifier = hash - -[ proxy_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo - -[pkinitc_princ_name] -realm = EXP:0, GeneralString:TEST.H5L.SE -principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq - -[ pkinit_client_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name - -[pkinitc_principal_seq] -name_type = EXP:0, INTEGER:1 -name_string = EXP:1, SEQUENCE:pkinitc_principals - -[pkinitc_principals] -princ1 = GeneralString:bar - -[ https_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -#extendedKeyUsage = https-server XXX -subjectKeyIdentifier = hash - -[ pkinit_kdc_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = pkkdcekuoid -subjectKeyIdentifier = hash -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name - -[pkinitkdc_princ_name] -realm = EXP:0, GeneralString:TEST.H5L.SE -principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq - -[pkinitkdc_principal_seq] -name_type = EXP:0, INTEGER:1 -name_string = EXP:1, SEQUENCE:pkinitkdc_principals - -[pkinitkdc_principals] -princ1 = GeneralString:krbtgt -princ2 = GeneralString:TEST.H5L.SE - -[ proxy10_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo - -[ usr_cert_ds ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature -subjectKeyIdentifier = hash - -[ ocsp_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -# ocsp-nocheck and kp-OCSPSigning -extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9 -subjectKeyIdentifier = hash - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = SE -countryName_min = 2 -countryName_max = 2 - -organizationalName = Organizational Unit Name (eg, section) - -commonName = Common Name (eg, YOUR name) -commonName_max = 64 - -#[ req_attributes ] -#challengePassword = A challenge password -#challengePassword_min = 4 -#challengePassword_max = 20 - -[ policy_match ] -countryName = match -commonName = supplied |