diff options
| author | ho <> | 2001-12-11 20:24:53 +0000 |
|---|---|---|
| committer | ho <> | 2001-12-11 20:24:53 +0000 |
| commit | 5350d20c661ce6484258b9c95d65c215de6bae48 (patch) | |
| tree | 0b476bf21d17140b8ef9e5382bea7580656c868d | |
| parent | e5c0bcf0a1bf83998cce5c66cc9fb31068867108 (diff) | |
| download | openbsd-5350d20c661ce6484258b9c95d65c215de6bae48.tar.gz openbsd-5350d20c661ce6484258b9c95d65c215de6bae48.tar.bz2 openbsd-5350d20c661ce6484258b9c95d65c215de6bae48.zip | |
FQDN subjectAltName in certs, used in isakmpd(8) examples. beck@ ok.
| -rw-r--r-- | src/lib/libssl/x509v3.cnf | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/libssl/x509v3.cnf b/src/lib/libssl/x509v3.cnf index f1e3c741bc..e430088671 100644 --- a/src/lib/libssl/x509v3.cnf +++ b/src/lib/libssl/x509v3.cnf | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | CERTPATHLEN = 1 | 2 | CERTPATHLEN = 1 |
| 3 | CERTUSAGE = digitalSignature,keyCertSign | 3 | CERTUSAGE = digitalSignature,keyCertSign |
| 4 | CERTIP = 0.0.0.0 | 4 | CERTIP = 0.0.0.0 |
| 5 | CERTFQDN = nohost.nodomain | ||
| 5 | 6 | ||
| 6 | # This section should be referenced when building an x509v3 CA | 7 | # This section should be referenced when building an x509v3 CA |
| 7 | # Certificate. | 8 | # Certificate. |
| @@ -17,3 +18,9 @@ keyUsage=$ENV::CERTUSAGE | |||
| 17 | # The address must be provided in the CERTIP environment variable | 18 | # The address must be provided in the CERTIP environment variable |
| 18 | [x509v3_IPAddr] | 19 | [x509v3_IPAddr] |
| 19 | subjectAltName=IP:$ENV::CERTIP | 20 | subjectAltName=IP:$ENV::CERTIP |
| 21 | |||
| 22 | # This section should be referenced to add a FQDN hostname | ||
| 23 | # as an alternate subject name, needed by isakmpd | ||
| 24 | # The address must be provided in the CERTFQDN environment variable | ||
| 25 | [x509v3_FQDN] | ||
| 26 | subjectAltName=DNS:$ENV::CERTFQDN | ||