diff options
| author | beck <> | 2001-04-17 19:55:19 +0000 |
|---|---|---|
| committer | beck <> | 2001-04-17 19:55:19 +0000 |
| commit | 0bb3e562ad53319ea23679c1be3ae6b91f792384 (patch) | |
| tree | 25e6ddec167faa0cc433c9038880b615a7e4da1b | |
| parent | 5a2671698fcabd80e14ab78e7b130c60dd6ed2c5 (diff) | |
| download | openbsd-0bb3e562ad53319ea23679c1be3ae6b91f792384.tar.gz openbsd-0bb3e562ad53319ea23679c1be3ae6b91f792384.tar.bz2 openbsd-0bb3e562ad53319ea23679c1be3ae6b91f792384.zip | |
Add an x509v3.cnf in /etc/ssl so that creating certificate authorities
form isakmpd works. From Tim Newsham <newsham@lava.net>
ok provos@
| -rw-r--r-- | src/lib/libssl/Makefile.bsd-wrapper | 6 | ||||
| -rw-r--r-- | src/lib/libssl/x509v3.cnf | 19 |
2 files changed, 23 insertions, 2 deletions
diff --git a/src/lib/libssl/Makefile.bsd-wrapper b/src/lib/libssl/Makefile.bsd-wrapper index 6061ab8671..5aee2465f3 100644 --- a/src/lib/libssl/Makefile.bsd-wrapper +++ b/src/lib/libssl/Makefile.bsd-wrapper | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | # Build wrapper for OpenSSL | 1 | # Build wrapper for OpenSSL |
| 2 | # $OpenBSD: Makefile.bsd-wrapper,v 1.34 2001/03/09 23:06:57 deraadt Exp $ | 2 | # $OpenBSD: Makefile.bsd-wrapper,v 1.35 2001/04/17 19:55:19 beck Exp $ |
| 3 | 3 | ||
| 4 | # Our lndir is hacked; specify a full path to avoid potential conflicts | 4 | # Our lndir is hacked; specify a full path to avoid potential conflicts |
| 5 | # with the one installed with X11. | 5 | # with the one installed with X11. |
| @@ -588,7 +588,9 @@ tags: | |||
| 588 | 588 | ||
| 589 | distribution: | 589 | distribution: |
| 590 | ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ | 590 | ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ |
| 591 | ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf | 591 | ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf && \ |
| 592 | ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ | ||
| 593 | ${.CURDIR}/x509v3.cnf ${DESTDIR}/etc/ssl/x509v3.cnf | ||
| 592 | 594 | ||
| 593 | .include <bsd.obj.mk> | 595 | .include <bsd.obj.mk> |
| 594 | .include <bsd.subdir.mk> | 596 | .include <bsd.subdir.mk> |
diff --git a/src/lib/libssl/x509v3.cnf b/src/lib/libssl/x509v3.cnf new file mode 100644 index 0000000000..f1e3c741bc --- /dev/null +++ b/src/lib/libssl/x509v3.cnf | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | # default settings | ||
| 2 | CERTPATHLEN = 1 | ||
| 3 | CERTUSAGE = digitalSignature,keyCertSign | ||
| 4 | CERTIP = 0.0.0.0 | ||
| 5 | |||
| 6 | # This section should be referenced when building an x509v3 CA | ||
| 7 | # Certificate. | ||
| 8 | # The default path length and the key usage can be overriden | ||
| 9 | # modified by setting the CERTPATHLEN and CERTUSAGE environment | ||
| 10 | # variables. | ||
| 11 | [x509v3_CA] | ||
| 12 | basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN | ||
| 13 | keyUsage=$ENV::CERTUSAGE | ||
| 14 | |||
| 15 | # This section should be referenced to add an IP Address | ||
| 16 | # as an alternate subject name, needed by isakmpd | ||
| 17 | # The address must be provided in the CERTIP environment variable | ||
| 18 | [x509v3_IPAddr] | ||
| 19 | subjectAltName=IP:$ENV::CERTIP | ||