diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-01 14:37:32 +1000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-07-15 23:20:32 +0200 |
commit | e45d943665e806ff49d06cfbdd566a8e2d57d56d (patch) | |
tree | 95d67681934d74ddb0976759d2a5b6eb218956b6 /apps | |
parent | 5744dacb3a9d785d587afb61831cb1ff2be6ed0d (diff) | |
download | openssl-e45d943665e806ff49d06cfbdd566a8e2d57d56d.tar.gz |
Add FIPS related configuration data to the default openssl application configuration file
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12333)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/openssl-vms.cnf | 34 | ||||
-rw-r--r-- | apps/openssl.cnf | 34 |
2 files changed, 60 insertions, 8 deletions
diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index 2420e9c9f5..ca21149efd 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -1,7 +1,9 @@ # # OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. +# See doc/man5/config.pod for more info. # +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers # Note that you can include other files from the main configuration # file using the .include directive. @@ -11,9 +13,12 @@ # defined. HOME = . + # Use this in order to automatically load providers. +openssl_conf = openssl_init + # Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids +# oid_file = $ENV::HOME/.oid +oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the @@ -23,7 +28,6 @@ oid_section = new_oids # X.509v3 extensions in its main [= default] section.) [ new_oids ] - # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 @@ -35,6 +39,28 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +default = default_sect +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +[default_sect] +# activate = 1 + + #################################################################### [ ca ] default_ca = CA_default # The default ca section diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 4fd5286d2e..3e8c0cbb2c 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -1,7 +1,9 @@ # # OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. +# See doc/man5/config.pod for more info. # +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers # Note that you can include other files from the main configuration # file using the .include directive. @@ -11,9 +13,12 @@ # defined. HOME = . + # Use this in order to automatically load providers. +openssl_conf = openssl_init + # Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids +# oid_file = $ENV::HOME/.oid +oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the @@ -23,7 +28,6 @@ oid_section = new_oids # X.509v3 extensions in its main [= default] section.) [ new_oids ] - # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 @@ -35,6 +39,28 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +default = default_sect +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +[default_sect] +# activate = 1 + + #################################################################### [ ca ] default_ca = CA_default # The default ca section |