From b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 15 May 2002 02:29:21 +0000 Subject: OpenSSL 0.9.7 stable 2002 05 08 merge --- src/lib/libssl/doc/openssl.cnf | 13 ++++++++++++- src/lib/libssl/doc/standards.txt | 19 ++++++++++++++----- 2 files changed, 26 insertions(+), 6 deletions(-) (limited to 'src/lib/libssl/doc') diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf index dbe8cbefe0..eca51c3322 100644 --- a/src/lib/libssl/doc/openssl.cnf +++ b/src/lib/libssl/doc/openssl.cnf @@ -48,6 +48,14 @@ RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext @@ -132,7 +140,7 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address -emailAddress_max = 40 +emailAddress_max = 64 # SET-ex3 = SET extension number 3 @@ -180,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt index 61ccc5d7e0..596d9001e6 100644 --- a/src/lib/libssl/doc/standards.txt +++ b/src/lib/libssl/doc/standards.txt @@ -24,7 +24,8 @@ http://www.rsasecurity.com/rsalabs/pkcs/. Implemented: ------------ -These are documents that describe things that are implemented in OpenSSL. +These are documents that describe things that are implemented (in +whole or at least great parts) in OpenSSL. 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. (Format: TXT=25661 bytes) (Status: INFORMATIONAL) @@ -59,6 +60,11 @@ PKCS#8: Private-Key Information Syntax Standard PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. +2560 X.509 Internet Public Key Infrastructure Online Certificate + Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, + C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED + STANDARD) + Related: -------- @@ -84,6 +90,10 @@ STARTTLS documents. Certification and Related Services. B. Kaliski. February 1993. (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) +2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M. + Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED + STANDARD) + 2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman. January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD) @@ -114,8 +124,7 @@ To be implemented: These are documents that describe things that are planed to be implemented in the hopefully short future. -2560 X.509 Internet Public Key Infrastructure Online Certificate - Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, - C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED - STANDARD) +2712 Addition of Kerberos Cipher Suites to Transport Layer Security + (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) + (Status: PROPOSED STANDARD) -- cgit v1.2.3-55-g6feb