From 0bb3e562ad53319ea23679c1be3ae6b91f792384 Mon Sep 17 00:00:00 2001 From: beck <> Date: Tue, 17 Apr 2001 19:55:19 +0000 Subject: Add an x509v3.cnf in /etc/ssl so that creating certificate authorities form isakmpd works. From Tim Newsham ok provos@ --- src/lib/libssl/Makefile.bsd-wrapper | 6 ++++-- src/lib/libssl/x509v3.cnf | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 src/lib/libssl/x509v3.cnf diff --git a/src/lib/libssl/Makefile.bsd-wrapper b/src/lib/libssl/Makefile.bsd-wrapper index 6061ab8671..5aee2465f3 100644 --- a/src/lib/libssl/Makefile.bsd-wrapper +++ b/src/lib/libssl/Makefile.bsd-wrapper @@ -1,5 +1,5 @@ # Build wrapper for OpenSSL -# $OpenBSD: Makefile.bsd-wrapper,v 1.34 2001/03/09 23:06:57 deraadt Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.35 2001/04/17 19:55:19 beck Exp $ # Our lndir is hacked; specify a full path to avoid potential conflicts # with the one installed with X11. @@ -588,7 +588,9 @@ tags: distribution: ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf + ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf && \ + ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ + ${.CURDIR}/x509v3.cnf ${DESTDIR}/etc/ssl/x509v3.cnf .include .include diff --git a/src/lib/libssl/x509v3.cnf b/src/lib/libssl/x509v3.cnf new file mode 100644 index 0000000000..f1e3c741bc --- /dev/null +++ b/src/lib/libssl/x509v3.cnf @@ -0,0 +1,19 @@ +# default settings +CERTPATHLEN = 1 +CERTUSAGE = digitalSignature,keyCertSign +CERTIP = 0.0.0.0 + +# This section should be referenced when building an x509v3 CA +# Certificate. +# The default path length and the key usage can be overriden +# modified by setting the CERTPATHLEN and CERTUSAGE environment +# variables. +[x509v3_CA] +basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN +keyUsage=$ENV::CERTUSAGE + +# This section should be referenced to add an IP Address +# as an alternate subject name, needed by isakmpd +# The address must be provided in the CERTIP environment variable +[x509v3_IPAddr] +subjectAltName=IP:$ENV::CERTIP -- cgit v1.2.3-55-g6feb