summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/hx509/data/openssl.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/hx509/data/openssl.cnf')
-rw-r--r--crypto/heimdal/lib/hx509/data/openssl.cnf182
1 files changed, 0 insertions, 182 deletions
diff --git a/crypto/heimdal/lib/hx509/data/openssl.cnf b/crypto/heimdal/lib/hx509/data/openssl.cnf
deleted file mode 100644
index 7fe3b64..0000000
--- a/crypto/heimdal/lib/hx509/data/openssl.cnf
+++ /dev/null
@@ -1,182 +0,0 @@
-oid_section = new_oids
-
-[ new_oids ]
-pkkdcekuoid = 1.3.6.1.5.2.3.5
-
-[ca]
-
-default_ca = user
-
-[usr]
-database = index.txt
-serial = serial
-x509_extensions = usr_cert
-default_md=sha1
-policy = policy_match
-certs = .
-
-[ocsp]
-database = index.txt
-serial = serial
-x509_extensions = ocsp_cert
-default_md=sha1
-policy = policy_match
-certs = .
-
-[usr_ke]
-database = index.txt
-serial = serial
-x509_extensions = usr_cert_ke
-default_md=sha1
-policy = policy_match
-certs = .
-
-[usr_ds]
-database = index.txt
-serial = serial
-x509_extensions = usr_cert_ds
-default_md=sha1
-policy = policy_match
-certs = .
-
-[pkinit_client]
-database = index.txt
-serial = serial
-x509_extensions = pkinit_client_cert
-default_md=sha1
-policy = policy_match
-certs = .
-
-[pkinit_kdc]
-database = index.txt
-serial = serial
-x509_extensions = pkinit_kdc_cert
-default_md=sha1
-policy = policy_match
-certs = .
-
-[https]
-database = index.txt
-serial = serial
-x509_extensions = https_cert
-default_md=sha1
-policy = policy_match
-certs = .
-
-[subca]
-database = index.txt
-serial = serial
-x509_extensions = v3_ca
-default_md=sha1
-policy = policy_match
-certs = .
-
-
-[ req ]
-distinguished_name = req_distinguished_name
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-string_mask = utf8only
-
-[ v3_ca ]
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
-keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier = hash
-
-[ usr_cert_ke ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, keyEncipherment
-subjectKeyIdentifier = hash
-
-[ proxy_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier = hash
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
-
-[pkinitc_princ_name]
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
-
-[ pkinit_client_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier = hash
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
-
-[pkinitc_principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:pkinitc_principals
-
-[pkinitc_principals]
-princ1 = GeneralString:bar
-
-[ https_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-#extendedKeyUsage = https-server XXX
-subjectKeyIdentifier = hash
-
-[ pkinit_kdc_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = pkkdcekuoid
-subjectKeyIdentifier = hash
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
-
-[pkinitkdc_princ_name]
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
-
-[pkinitkdc_principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:pkinitkdc_principals
-
-[pkinitkdc_principals]
-princ1 = GeneralString:krbtgt
-princ2 = GeneralString:TEST.H5L.SE
-
-[ proxy10_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier = hash
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
-
-[ usr_cert_ds ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature
-subjectKeyIdentifier = hash
-
-[ ocsp_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-# ocsp-nocheck and kp-OCSPSigning
-extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
-subjectKeyIdentifier = hash
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = SE
-countryName_min = 2
-countryName_max = 2
-
-organizationalName = Organizational Unit Name (eg, section)
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-#[ req_attributes ]
-#challengePassword = A challenge password
-#challengePassword_min = 4
-#challengePassword_max = 20
-
-[ policy_match ]
-countryName = match
-commonName = supplied
OpenPOWER on IntegriCloud