summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsthen <>2014-10-01 13:19:51 +0000
committersthen <>2014-10-01 13:19:51 +0000
commit8b25549254bce5b7fc083b5930f89878aa04174f (patch)
treee855eaefae7874a11e341f09f2e4e7aee0034a49
parent5c5b544c2aae06ec114cfeaf631cd09a331ce9ea (diff)
downloadopenbsd-8b25549254bce5b7fc083b5930f89878aa04174f.tar.gz
openbsd-8b25549254bce5b7fc083b5930f89878aa04174f.tar.bz2
openbsd-8b25549254bce5b7fc083b5930f89878aa04174f.zip
openssl.cnf tweaks following recent changes to usr.bin/openssl:
- don't define default_bits, allowing the compiled-in default (now 2048 bits) to take priority. - add commented-out default_md line in case somebody needs an easy way to change this. - remove some sample sections which aren't really useful in the default file (/etc/examples is the place for a more descriptive config, this file should be barebones). Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@.
Diffstat
-rw-r--r--src/lib/libcrypto/openssl.cnf47
1 files changed, 3 insertions, 44 deletions
diff --git a/src/lib/libcrypto/openssl.cnf b/src/lib/libcrypto/openssl.cnf
index bb97b155b8..8ce83bf90d 100644
--- a/src/lib/libcrypto/openssl.cnf
+++ b/src/lib/libcrypto/openssl.cnf
@@ -1,41 +1,20 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = /dev/arandom
7
8####################################################################
9[ req ] 1[ req ]
10default_bits = 1024 2#default_bits = 2048
11default_keyfile = privkey.pem 3#default_md = sha256
4#default_keyfile = privkey.pem
12distinguished_name = req_distinguished_name 5distinguished_name = req_distinguished_name
13attributes = req_attributes 6attributes = req_attributes
14 7
15[ req_distinguished_name ] 8[ req_distinguished_name ]
16countryName = Country Name (2 letter code) 9countryName = Country Name (2 letter code)
17#countryName_default = AU
18countryName_min = 2 10countryName_min = 2
19countryName_max = 2 11countryName_max = 2
20
21stateOrProvinceName = State or Province Name (full name) 12stateOrProvinceName = State or Province Name (full name)
22#stateOrProvinceName_default = Some-State
23
24localityName = Locality Name (eg, city) 13localityName = Locality Name (eg, city)
25
260.organizationName = Organization Name (eg, company) 140.organizationName = Organization Name (eg, company)
27#0.organizationName_default = Internet Widgits Pty Ltd
28
29# we can do this but it is not needed normally :-)
30#1.organizationName = Second Organization Name (eg, company)
31#1.organizationName_default = CryptSoft Pty Ltd
32
33organizationalUnitName = Organizational Unit Name (eg, section) 15organizationalUnitName = Organizational Unit Name (eg, section)
34#organizationalUnitName_default =
35
36commonName = Common Name (eg, fully qualified host name) 16commonName = Common Name (eg, fully qualified host name)
37commonName_max = 64 17commonName_max = 64
38
39emailAddress = Email Address 18emailAddress = Email Address
40emailAddress_max = 64 19emailAddress_max = 64
41 20
@@ -43,23 +22,3 @@ emailAddress_max = 64
43challengePassword = A challenge password 22challengePassword = A challenge password
44challengePassword_min = 4 23challengePassword_min = 4
45challengePassword_max = 20 24challengePassword_max = 20
46
47unstructuredName = An optional company name
48
49[ x509v3_extensions ]
50
51nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
52nsComment = "This is a comment"
53
54# under ASN.1, the 0 bit would be encoded as 80
55nsCertType = 0x40
56
57#nsBaseUrl
58#nsRevocationUrl
59#nsRenewalUrl
60#nsCaPolicyUrl
61#nsSslServerName
62#nsCertSequence
63#nsCertExt
64#nsDataType
65
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 08:24:49 +0000