Added a real key purpose OID as example

1 files changed, 7 insertions, 3 deletions

diff --git a/src/certtool-args.def b/src/certtool-args.def
index a3d45764d1..6dcb11d37f 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -554,9 +554,6 @@ email = "none@@none.org"
 # Challenge password used in certificate requests
 challenge_passwd = 123456
 
-# key_purpose_oid = 1.2.3.4.5.6.7
-# key_purpose_oid = 1.2.3.4.5.6.7.9
-
 # An URL that has CRLs (certificate revocation lists)
 # available. Needed in CA certificates.
 #crl_dist_points = "http://www.getcrl.crl/getcrl/"
@@ -564,6 +561,11 @@ challenge_passwd = 123456
 # Whether this is a CA certificate or not
 #ca
 
+# for microsoft smart card logon
+# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
+
+### Other predefined key purpose OIDs
+
 # Whether this certificate will be used for a TLS client
 #tls_www_client
 
@@ -597,6 +599,8 @@ signing_key
 # Whether this key will be used for IPsec IKE operations.
 #ipsec_ike_key
 
+### end of key purpose OIDs
+
 # When generating a certificate from a certificate
 # request, then honor the extensions stored in the request
 # and store them in the real certificate.