diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/README | 3 | ||||
-rw-r--r-- | doc/ext-conf.txt | 14 |
2 files changed, 14 insertions, 3 deletions
diff --git a/doc/README b/doc/README index 81c59803fd..669106854b 100644 --- a/doc/README +++ b/doc/README @@ -3,4 +3,5 @@ crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete} - + ext-conf.txt .... Text documentation about configuring new extension code. + buffer.txt ...... Text documentation about the buffer library. diff --git a/doc/ext-conf.txt b/doc/ext-conf.txt index b9cf5a5ab9..1d0f6fb3c3 100644 --- a/doc/ext-conf.txt +++ b/doc/ext-conf.txt @@ -14,8 +14,8 @@ PRINTING EXTENSIONS. Extension values are automatically printed out for supported extensions. -x509 -in cert.pem -text -crl -in crl.pem -text +openssl x509 -in cert.pem -text +openssl crl -in crl.pem -text will give information in the extension printout, for example: @@ -43,6 +43,16 @@ indicates which section contains the extensions. In the case of 'req' the extension section is used when the -x509 option is present to create a self signed root certificate. +You can also add extensions to CRLs: a line + +crl_extensions = crl_extension_section + +will include extensions when the -gencrl option is used with the 'ca' utility. +You can add any extension to a CRL but of the supported extensions only +issuerAltName and authorityKeyIdentifier make any real sense. Note: these are +CRL extensions NOT CRL *entry* extensions which cannot currently be generated. +CRL entry extensions can be displayed. + EXTENSION SYNTAX. Extensions have the basic form: |