[BACK]Return to x509v3.cnf CVS log [TXT][DIR] Up to [local] / src / lib / libcrypto
File: [local] / src / lib / libcrypto / x509v3.cnf (download)

Revision 1.2, Thu Aug 14 17:55:28 2014 UTC (9 years, 9 months ago) by tobias
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, OPENBSD_7_3_BASE, OPENBSD_7_3, OPENBSD_7_2_BASE, OPENBSD_7_2, OPENBSD_7_1_BASE, OPENBSD_7_1, OPENBSD_7_0_BASE, OPENBSD_7_0, OPENBSD_6_9_BASE, OPENBSD_6_9, OPENBSD_6_8_BASE, OPENBSD_6_8, OPENBSD_6_7_BASE, OPENBSD_6_7, OPENBSD_6_6_BASE, OPENBSD_6_6, OPENBSD_6_5_BASE, OPENBSD_6_5, OPENBSD_6_4_BASE, OPENBSD_6_4, OPENBSD_6_3_BASE, OPENBSD_6_3, OPENBSD_6_2_BASE, OPENBSD_6_2, OPENBSD_6_1_BASE, OPENBSD_6_1, OPENBSD_6_0_BASE, OPENBSD_6_0, OPENBSD_5_9_BASE, OPENBSD_5_9, OPENBSD_5_8_BASE, OPENBSD_5_8, OPENBSD_5_7_BASE, OPENBSD_5_7, HEAD
Changes since 1.1: +1 -1 lines 

fixed overrid(d)en typo

millert@ and jmc@ agree that "overriden" is wrong

# default settings
CERTPATHLEN		= 1
CERTUSAGE		= digitalSignature,keyCertSign,cRLSign
EXTCERTUSAGE		= serverAuth,clientAuth
CERTIP			= 0.0.0.0
CERTFQDN		= nohost.nodomain

# This section should be referenced when building an x509v3 CA
# Certificate.
# The default path length and the key usage can be overridden
# modified by setting the CERTPATHLEN and CERTUSAGE environment 
# variables.
[x509v3_CA]
basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
keyUsage=$ENV::CERTUSAGE

# This section should be referenced to add an IP Address
# as an alternate subject name, needed by isakmpd
# The address must be provided in the CERTIP environment variable
[x509v3_IPAddr]
subjectAltName=IP:$ENV::CERTIP
extendedKeyUsage=$ENV::EXTCERTUSAGE

# This section should be referenced to add a FQDN hostname
# as an alternate subject name, needed by isakmpd
# The address must be provided in the CERTFQDN environment variable
[x509v3_FQDN]
subjectAltName=DNS:$ENV::CERTFQDN
extendedKeyUsage=$ENV::EXTCERTUSAGE