2 files changed, 26 insertions, 6 deletions

diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index dbe8cbefe0..eca51c3322 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -48,6 +48,14 @@ RANDFILE	= $dir/private/.rand	# private random number file
 
 x509_extensions = usr_cert              # The extentions to add to the cert
 
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt        = ca_default            # Subject Name options
+cert_opt        = ca_default            # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions        = crl_ext
@@ -132,7 +140,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max                  = 64
 
 emailAddress                    = Email Address
-emailAddress_max                = 40
+emailAddress_max                = 64
 
 # SET-ex3                       = SET extension number 3
 
@@ -180,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
 
 # Copy subject details
 # issuerAltName=issuer:copy
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
index 61ccc5d7e0..596d9001e6 100644
--- a/src/lib/libssl/doc/standards.txt
+++ b/src/lib/libssl/doc/standards.txt
@@ -24,7 +24,8 @@ http://www.rsasecurity.com/rsalabs/pkcs/.
 Implemented:
 ------------
 
-These are documents that describe things that are implemented in OpenSSL.
+These are documents that describe things that are implemented (in
+whole or at least great parts) in OpenSSL.
 
 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
      (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
@@ -59,6 +60,11 @@ PKCS#8: Private-Key Information Syntax Standard
 
 PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
 
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)
+
 
 Related:
 --------
@@ -84,6 +90,10 @@ STARTTLS documents.
      Certification and Related Services. B. Kaliski. February 1993.
      (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
 
+2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M.
+     Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED
+     STANDARD)
+
 2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
      January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
 
@@ -114,8 +124,7 @@ To be implemented:
 These are documents that describe things that are planed to be
 implemented in the hopefully short future.
 
-2560 X.509 Internet Public Key Infrastructure Online Certificate
-     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
-     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
-     STANDARD)
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)