More extension code. Incomplete support for subject and issuer alt

name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
author: Dr. Stephen Henson <steve@openssl.org> 1999-02-10 01:12:59 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-02-10 01:12:59 +0000
commit: 175b0942ec7e82f86831916d325922817872e657 (patch)
tree: 44262b09075d8ca2b46b4819069f4a5df304ae89 /apps/openssl.cnf
parent: c45beb91b3ddf18b29c65b64b9e0ee74497a7f27 (diff)
download: openssl-new-175b0942ec7e82f86831916d325922817872e657.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 27abc08bad..81dee57055 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -127,6 +127,7 @@ basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 nsComment			= "OpenSSL Generated Certificate"
+subjectKeyIdentifier=hash
 
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -142,6 +143,10 @@ nsComment			= "OpenSSL Generated Certificate"
 # It's a CA certificate
 basicConstraints = CA:true
 
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
author	Dr. Stephen Henson <steve@openssl.org>	1999-02-10 01:12:59 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-02-10 01:12:59 +0000
commit	175b0942ec7e82f86831916d325922817872e657 (patch)
tree	44262b09075d8ca2b46b4819069f4a5df304ae89 /apps/openssl.cnf
parent	c45beb91b3ddf18b29c65b64b9e0ee74497a7f27 (diff)
download	openssl-new-175b0942ec7e82f86831916d325922817872e657.tar.gz