diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-02-21 01:46:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-02-21 01:46:45 +0000 |
commit | aa066b9e6e44297a00e641e200bf48b5728ae5c3 (patch) | |
tree | fceb166c14070cc27c1da8156f3bf78c042bfc24 /apps | |
parent | a67a9694f7fb5cf96cf0c370f3494111a05770be (diff) | |
download | openssl-aa066b9e6e44297a00e641e200bf48b5728ae5c3.tar.gz |
Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ca.c | 1 | ||||
-rw-r--r-- | apps/openssl.cnf | 12 |
2 files changed, 13 insertions, 0 deletions
@@ -695,6 +695,7 @@ bad: BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); + ret = 1; goto err; } } diff --git a/apps/openssl.cnf b/apps/openssl.cnf index fbf0a1ba7f..7dee6432a8 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -132,6 +132,13 @@ nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always +# Import the email address. + +subjectAltName=email:copy + +# Copy subject details + +issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl @@ -163,6 +170,11 @@ keyUsage = cRLSign, keyCertSign # Some might want this also #nsCertType = sslCA, emailCA +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + # RAW DER hex encoding of an extension: beware experts only! # 1.2.3.5=RAW:02:03 # You can even override a supported extension: |