diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-03-06 19:33:29 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-03-06 19:33:29 +0000 |
commit | 1756d405cc0d5bf8fd0a40b8d103ee9314522171 (patch) | |
tree | fb862f3f0c53144b518ebf0eec245a10a355fa90 /doc | |
parent | 116e315303d87c1974500a89dc3ff2fe7f88e59d (diff) | |
download | openssl-1756d405cc0d5bf8fd0a40b8d103ee9314522171.tar.gz |
Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/README | 3 | ||||
-rw-r--r-- | doc/ext-conf.txt | 14 |
2 files changed, 14 insertions, 3 deletions
diff --git a/doc/README b/doc/README index 81c59803fd..669106854b 100644 --- a/doc/README +++ b/doc/README @@ -3,4 +3,5 @@ crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete} - + ext-conf.txt .... Text documentation about configuring new extension code. + buffer.txt ...... Text documentation about the buffer library. diff --git a/doc/ext-conf.txt b/doc/ext-conf.txt index b9cf5a5ab9..1d0f6fb3c3 100644 --- a/doc/ext-conf.txt +++ b/doc/ext-conf.txt @@ -14,8 +14,8 @@ PRINTING EXTENSIONS. Extension values are automatically printed out for supported extensions. -x509 -in cert.pem -text -crl -in crl.pem -text +openssl x509 -in cert.pem -text +openssl crl -in crl.pem -text will give information in the extension printout, for example: @@ -43,6 +43,16 @@ indicates which section contains the extensions. In the case of 'req' the extension section is used when the -x509 option is present to create a self signed root certificate. +You can also add extensions to CRLs: a line + +crl_extensions = crl_extension_section + +will include extensions when the -gencrl option is used with the 'ca' utility. +You can add any extension to a CRL but of the supported extensions only +issuerAltName and authorityKeyIdentifier make any real sense. Note: these are +CRL extensions NOT CRL *entry* extensions which cannot currently be generated. +CRL entry extensions can be displayed. + EXTENSION SYNTAX. Extensions have the basic form: |