Menu
▾
▴
[openca-cvsdev] CVS: openca-0.9/src/conf/openssl ca-openssl.cnf.in,1.2,1.3
|
From: <ope...@li...> - 2001-10-11 10:57:00
|
Update of /cvsroot/openca/openca-0.9/src/conf/openssl In directory usw-pr-cvs1:/tmp/cvs-serv1119 Modified Files: ca-openssl.cnf.in Log Message: added a critical bit for the ca Index: ca-openssl.cnf.in =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/conf/openssl/ca-openssl.cnf.in,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** ca-openssl.cnf.in 2001/09/06 11:44:14 1.2 --- ca-openssl.cnf.in 2001/10/11 10:56:57 1.3 *************** *** 184,188 **** # It's a CA certificate ! basicConstraints = CA:true # PKIX recommendation. --- 184,188 ---- # It's a CA certificate ! basicConstraints = critical,CA:true # PKIX recommendation. *************** *** 192,201 **** authorityKeyIdentifier=keyid:always,issuer:always - # This is what PKIX recommends but some broken software chokes on critical - # extensions. - #basicConstraints = critical,CA:true - # Key usage: again this should really be critical. ! keyUsage = cRLSign, keyCertSign # Some might want this also --- 192,197 ---- authorityKeyIdentifier=keyid:always,issuer:always # Key usage: again this should really be critical. ! keyUsage = digitalSignature, nonRepudiation, cRLSign, keyCertSign # Some might want this also |
