1 files changed, 34 insertions, 4 deletions
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index d70dd25622..dbe8cbefe0 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -3,8 +3,13 @@
 # This is mostly being used for generation of certificate requests.
 #
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME                    = .
 RANDFILE                = $ENV::HOME/.rnd
-oid_file                = $ENV::HOME/.oid
+# Extra OBJECT IDENTIFIER info:
+#oid_file               = $ENV::HOME/.oid
 oid_section             = new_oids
 # To use this configuration file with the "-extfile" option of the
@@ -86,6 +91,22 @@ distinguished_name	= req_distinguished_name
 attributes              = req_attributes
 x509_extensions = v3_ca # The extentions to add to the self signed cert
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix   : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+# req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = AU
@@ -170,8 +191,16 @@ authorityKeyIdentifier=keyid,issuer:always
 #nsCaPolicyUrl
 #nsSslServerName
+[ v3_req ]
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
@@ -200,10 +229,11 @@ basicConstraints = CA:true
 # Copy issuer details
 # issuerAltName=issuer:copy
-# RAW DER hex encoding of an extension: beware experts only!
+# DER hex encoding of an extension: beware experts only!
-# 1.2.3.5=RAW:02:03
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
 # You can even override a supported extension:
-# basicConstraints= critical, RAW:30:03:01:01:FF
+# basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]

diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf index d70dd25622..dbe8cbefe0 100644 --- a/src/lib/libssl/doc/openssl.cnf +++ b/src/lib/libssl/doc/openssl.cnf
@@ -3,8 +3,13 @@
3	# This is mostly being used for generation of certificate requests.	3	# This is mostly being used for generation of certificate requests.
4	#	4	#
5		5
		6	# This definition stops the following lines choking if HOME isn't
		7	# defined.
		8	HOME = .
6	RANDFILE = $ENV::HOME/.rnd	9	RANDFILE = $ENV::HOME/.rnd
7	oid_file = $ENV::HOME/.oid	10
		11	# Extra OBJECT IDENTIFIER info:
		12	#oid_file = $ENV::HOME/.oid
8	oid_section = new_oids	13	oid_section = new_oids
9		14
10	# To use this configuration file with the "-extfile" option of the	15	# To use this configuration file with the "-extfile" option of the
@@ -86,6 +91,22 @@ distinguished_name = req_distinguished_name
86	attributes = req_attributes	91	attributes = req_attributes
87	x509_extensions = v3_ca # The extentions to add to the self signed cert	92	x509_extensions = v3_ca # The extentions to add to the self signed cert
88		93
		94	# Passwords for private keys if not present they will be prompted for
		95	# input_password = secret
		96	# output_password = secret
		97
		98	# This sets a mask for permitted string types. There are several options.
		99	# default: PrintableString, T61String, BMPString.
		100	# pkix : PrintableString, BMPString.
		101	# utf8only: only UTF8Strings.
		102	# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
		103	# MASK:XXXX a literal mask value.
		104	# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
		105	# so use this option with caution!
		106	string_mask = nombstr
		107
		108	# req_extensions = v3_req # The extensions to add to a certificate request
		109
89	[ req_distinguished_name ]	110	[ req_distinguished_name ]
90	countryName = Country Name (2 letter code)	111	countryName = Country Name (2 letter code)
91	countryName_default = AU	112	countryName_default = AU
@@ -170,8 +191,16 @@ authorityKeyIdentifier=keyid,issuer:always
170	#nsCaPolicyUrl	191	#nsCaPolicyUrl
171	#nsSslServerName	192	#nsSslServerName
172		193
		194	[ v3_req ]
		195
		196	# Extensions to add to a certificate request
		197
		198	basicConstraints = CA:FALSE
		199	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
		200
173	[ v3_ca ]	201	[ v3_ca ]
174		202
		203
175	# Extensions for a typical CA	204	# Extensions for a typical CA
176		205
177		206
@@ -200,10 +229,11 @@ basicConstraints = CA:true
200	# Copy issuer details	229	# Copy issuer details
201	# issuerAltName=issuer:copy	230	# issuerAltName=issuer:copy
202		231
203	# RAW DER hex encoding of an extension: beware experts only!	232	# DER hex encoding of an extension: beware experts only!
204	# 1.2.3.5=RAW:02:03	233	# obj=DER:02:03
		234	# Where 'obj' is a standard or added object
205	# You can even override a supported extension:	235	# You can even override a supported extension:
206	# basicConstraints= critical, RAW:30:03:01:01:FF	236	# basicConstraints= critical, DER:30:03:01:01:FF
207		237
208	[ crl_ext ]	238	[ crl_ext ]
209		239