1 files changed, 0 insertions, 130 deletions
diff --git a/src/regress/lib/libcrypto/CA/intermediate.cnf b/src/regress/lib/libcrypto/CA/intermediate.cnf
deleted file mode 100644
index 9a95487c00..0000000000
--- a/src/regress/lib/libcrypto/CA/intermediate.cnf
+++ /dev/null
@@ -1,130 +0,0 @@
-#       $OpenBSD: intermediate.cnf,v 1.2 2018/07/17 17:06:49 tb Exp $
-# For regression tests
-default_ca = CA_regress
-[ CA_regress ]
-# Directory and file locations.
-dir               = .
-certs             = $dir
-crl_dir           = $dir
-database          = $dir/int.txt
-serial            = $dir/intserial
-new_certs_dir     = $dir
-# The root key and root certificate.
-private_key       = $dir/intermediate.key.pem
-certificate       = $dir/intermediate.cert.pem
-# For certificate revocation lists.
-crlnumber         = $dir/crlnumber
-crl               = $dir/ca.crl.pem
-crl_extensions    = crl_ext
-default_crl_days  = 30
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md        = sha256
-name_opt          = ca_default
-cert_opt          = ca_default
-default_days      = 10
-preserve          = no
-policy            = policy_loose
-[ policy_strict ]
-# The root CA should only sign intermediate certificates that match.
-# See the POLICY FORMAT section of `man ca`.
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-[ policy_loose ]
-# Allow the intermediate CA to sign a more diverse range of certificates.
-# See the POLICY FORMAT section of the `ca` man page.
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-[ req ]
-# Options for the `req` tool (`man req`).
-default_bits        = 2048
-distinguished_name  = req_distinguished_name
-string_mask         = utf8only
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md          = sha256
-# Extension to add when the -x509 option is used.
-x509_extensions     = v3_ca
-[ req_distinguished_name ]
-# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
-# Optionally, specify some defaults.
-countryName_default             = CA
-stateOrProvinceName_default     = Alberta
-localityName_default            = Edmonton
-0.organizationName_default      = OpenBSD
-organizationalUnitName_default  = So and Sos
-emailAddress_default            = evilsoandsos@openbsd.org
-commonName_default              = Regress Intermediate CA
-[ v3_ca ]
-# Extensions for a typical CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-[ v3_intermediate_ca ]
-# Extensions for a typical intermediate CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-[ usr_cert ]
-# Extensions for client certificates (`man x509v3_config`).
-basicConstraints = CA:FALSE
-nsCertType = client, email
-nsComment = "OpenSSL Generated Client Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, emailProtection
-[ server_cert ]
-# Extensions for server certificates (`man x509v3_config`).
-basicConstraints = CA:FALSE
-nsCertType = server
-nsComment = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-keyUsage = critical, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth
-[ crl_ext ]
-# Extension for CRLs (`man x509v3_config`).
-authorityKeyIdentifier=keyid:always
-[ ocsp ]
-# Extension for OCSP signing certificates (`man ocsp`).
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, digitalSignature
-extendedKeyUsage = critical, OCSPSigning

diff --git a/src/regress/lib/libcrypto/CA/intermediate.cnf b/src/regress/lib/libcrypto/CA/intermediate.cnf deleted file mode 100644 index 9a95487c00..0000000000 --- a/src/regress/lib/libcrypto/CA/intermediate.cnf +++ /dev/null
@@ -1,130 +0,0 @@
1	# $OpenBSD: intermediate.cnf,v 1.2 2018/07/17 17:06:49 tb Exp $
2	# For regression tests
3	default_ca = CA_regress
4
5	[ CA_regress ]
6	# Directory and file locations.
7	dir = .
8	certs = $dir
9	crl_dir = $dir
10	database = $dir/int.txt
11	serial = $dir/intserial
12	new_certs_dir = $dir
13
14	# The root key and root certificate.
15	private_key = $dir/intermediate.key.pem
16	certificate = $dir/intermediate.cert.pem
17
18	# For certificate revocation lists.
19	crlnumber = $dir/crlnumber
20	crl = $dir/ca.crl.pem
21	crl_extensions = crl_ext
22	default_crl_days = 30
23
24	# SHA-1 is deprecated, so use SHA-2 instead.
25	default_md = sha256
26
27	name_opt = ca_default
28	cert_opt = ca_default
29	default_days = 10
30	preserve = no
31	policy = policy_loose
32
33	[ policy_strict ]
34	# The root CA should only sign intermediate certificates that match.
35	# See the POLICY FORMAT section of `man ca`.
36	countryName = match
37	stateOrProvinceName = match
38	organizationName = match
39	organizationalUnitName = optional
40	commonName = supplied
41	emailAddress = optional
42
43	[ policy_loose ]
44	# Allow the intermediate CA to sign a more diverse range of certificates.
45	# See the POLICY FORMAT section of the `ca` man page.
46	countryName = optional
47	stateOrProvinceName = optional
48	localityName = optional
49	organizationName = optional
50	organizationalUnitName = optional
51	commonName = supplied
52	emailAddress = optional
53
54	[ req ]
55	# Options for the `req` tool (`man req`).
56	default_bits = 2048
57	distinguished_name = req_distinguished_name
58	string_mask = utf8only
59
60	# SHA-1 is deprecated, so use SHA-2 instead.
61	default_md = sha256
62
63	# Extension to add when the -x509 option is used.
64	x509_extensions = v3_ca
65
66	[ req_distinguished_name ]
67	# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
68	countryName = Country Name (2 letter code)
69	stateOrProvinceName = State or Province Name
70	localityName = Locality Name
71	0.organizationName = Organization Name
72	organizationalUnitName = Organizational Unit Name
73	commonName = Common Name
74	emailAddress = Email Address
75
76	# Optionally, specify some defaults.
77	countryName_default = CA
78	stateOrProvinceName_default = Alberta
79	localityName_default = Edmonton
80	0.organizationName_default = OpenBSD
81	organizationalUnitName_default = So and Sos
82	emailAddress_default = evilsoandsos@openbsd.org
83	commonName_default = Regress Intermediate CA
84
85	[ v3_ca ]
86	# Extensions for a typical CA (`man x509v3_config`).
87	subjectKeyIdentifier = hash
88	authorityKeyIdentifier = keyid:always,issuer
89	basicConstraints = critical, CA:true
90	keyUsage = critical, digitalSignature, cRLSign, keyCertSign
91
92	[ v3_intermediate_ca ]
93	# Extensions for a typical intermediate CA (`man x509v3_config`).
94	subjectKeyIdentifier = hash
95	authorityKeyIdentifier = keyid:always,issuer
96	basicConstraints = critical, CA:true, pathlen:0
97	keyUsage = critical, digitalSignature, cRLSign, keyCertSign
98
99	[ usr_cert ]
100	# Extensions for client certificates (`man x509v3_config`).
101	basicConstraints = CA:FALSE
102	nsCertType = client, email
103	nsComment = "OpenSSL Generated Client Certificate"
104	subjectKeyIdentifier = hash
105	authorityKeyIdentifier = keyid,issuer
106	keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
107	extendedKeyUsage = clientAuth, emailProtection
108
109	[ server_cert ]
110	# Extensions for server certificates (`man x509v3_config`).
111	basicConstraints = CA:FALSE
112	nsCertType = server
113	nsComment = "OpenSSL Generated Server Certificate"
114	subjectKeyIdentifier = hash
115	authorityKeyIdentifier = keyid,issuer:always
116	keyUsage = critical, digitalSignature, keyEncipherment
117	extendedKeyUsage = serverAuth
118
119	[ crl_ext ]
120	# Extension for CRLs (`man x509v3_config`).
121	authorityKeyIdentifier=keyid:always
122
123	[ ocsp ]
124	# Extension for OCSP signing certificates (`man ocsp`).
125	basicConstraints = CA:FALSE
126	subjectKeyIdentifier = hash
127	authorityKeyIdentifier = keyid,issuer
128	keyUsage = critical, digitalSignature
129	extendedKeyUsage = critical, OCSPSigning
130