aboutsummaryrefslogtreecommitdiffstats
path: root/apps/openssl.cnf
Commit message (Collapse)AuthorAgeFilesLines
* Use better defaults for TSA.Dr. Stephen Henson2015-11-201-2/+2
| | | | | | | | Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org>
* Add support for signer_digest option in TS.Dr. Stephen Henson2015-11-201-1/+1
| | | | | | Based on PR#2145 Reviewed-by: Matt Caswell <matt@openssl.org>
* RT2626: Change default_bits from 1K to 2KKurt Roeckx2014-09-081-1/+1
| | | | | | | | | | This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* RT3408; fix some (not all suggested) typo's in openssl.cnfRich Salz2014-07-021-1/+1
|
* misspellings fixes by https://github.com/vlajos/misspell_fixerVeres Lajos2013-09-051-2/+2
|
* The default CN prompt message can be confusing when often the CN needs toDr. Stephen Henson2011-12-061-1/+1
| | | | | be the server FQDN: change it. [Reported by PSW Group]
* Updates from 1.0.0-stableDr. Stephen Henson2009-04-041-3/+3
|
* Don't add the TS EKU by default in openssl.cnf because it thenDr. Stephen Henson2006-11-071-1/+1
| | | | makes certificates genereated by ca, CA.pl etc useless for anything else.
* Add support for default public key digest type ctrl.Dr. Stephen Henson2006-05-071-1/+1
|
* RFC 3161 compliant time stamp request creation, response generationUlf Möller2006-02-121-1/+39
| | | | | | | and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller
* Change openssl.cnf to use UTF8Strings by default and not always include issuerDr. Stephen Henson2005-09-161-6/+5
| | | | and serial versions of AKID.
* use SHA-1 as the default digest for the apps/openssl commandsNils Larsch2005-04-021-1/+1
|
* Add functionality needed to process proxy certificates.Richard Levitte2004-12-281-0/+53
|
* Implement CRL numbers.Richard Levitte2003-06-191-0/+3
| | | | | Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
* Make it possible to have multiple active certificates with the sameRichard Levitte2003-04-031-0/+2
| | | | subject.
* Show an example of moving the emailAddress object from the subkect DNRichard Levitte2001-04-111-0/+3
| | | | to subjectAltName when signing a certificate.
* Add copy_extensions option to 'ca' utility.Dr. Stephen Henson2001-03-161-0/+3
|
* Add 'align' option to nameopt.Dr. Stephen Henson2001-03-151-0/+5
| | | | | | | Add default values for display by the 'ca' utility to openssl.cnf Update docs.
* increase emailAddress_maxBodo Möller2001-03-041-1/+1
|
* Initial automation changes to 'req' and X509_ATTRIBUTE functions.Dr. Stephen Henson2000-01-061-4/+3
|
* Fix some of the command line password stuff. New functionDr. Stephen Henson2000-01-011-1/+3
| | | | | | | that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
* Allow passwords to be included on command line for a fewDr. Stephen Henson1999-12-241-0/+7
| | | | more utilities.
* Continued multibyte character support.Dr. Stephen Henson1999-10-271-0/+11
| | | | | | | Add a bunch of functions to simplify the creation of X509_NAME structures. Change the X509_NAME_entry_add stuff in req/ca so it no longer uses X509_NAME_entry_count(): passing -1 has the same effect.
* Allow extensions to be added to certificate requests, update the sampleDr. Stephen Henson1999-08-251-3/+14
| | | | config file (change RAW to DER).
* consistent styleRalf S. Engelschall1999-08-081-1/+1
|
* Include some notes on basic extension usage and change openssl.cnf to usuallyDr. Stephen Henson1999-05-191-19/+27
| | | | do sensible things with extensions.
* Rename "openssl x509" option "-config" to "-extfile", because itBodo Möller1999-05-171-1/+1
| | | | | doesn't have a default value like the "-config" options of other openssl subprograms.
* Added a comment pointing out the behaviour of "openssl x509 -conf ...",Bodo Möller1999-05-161-0/+7
| | | | which cost me some time to find out about.
* Added support for adding extensions to CRLs, also fix a memory leak andDr. Stephen Henson1999-03-061-0/+9
| | | | | make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well.
* Redo the way 'req' and 'ca' add objects: add support for oid_section.Dr. Stephen Henson1999-02-231-1/+10
|
* Add more functionality to issuer alt name and subject alt name. New optionsDr. Stephen Henson1999-02-211-0/+12
| | | | | to include email addresses from DN and copy details from issuer certificate. Include examples in openssl.cnf, update Win32 ordinals.
* Oops! Remeber to include the other patches this time...Dr. Stephen Henson1999-02-171-0/+6
|
* Add support for raw extensions. This means that you can include the DER encodingDr. Stephen Henson1999-02-141-0/+5
| | | | | | | | of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension.
* More extension code. Incomplete support for subject and issuer altDr. Stephen Henson1999-02-101-0/+5
| | | | | | | name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
* Still more X509 V3 stuff. Modify ca.c to work with the new code and modifyDr. Stephen Henson1999-01-261-11/+36
| | | | openssl.cnf for the new syntax.
* More X509 V3 stuff. Add support for extensions in the 'req' applicationDr. Stephen Henson1999-01-251-0/+9
| | | | | | | so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built.
* First cut of a cleanup for apps/. First the `ssleay' program is now namedRalf S. Engelschall1999-01-021-3/+3
| | | | | | | | | `openssl' and second, the shortcut symlinks for the `openssl <command>' are no longer created. This way we have a single and consistent command line interface `openssl <command>', similar to `cvs <command>'. Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a repository copy, i.e. they still contain the complete file history.
* Import of old SSLeay release: SSLeay 0.9.1b (unreleased)Ralf S. Engelschall1998-12-211-0/+3
|
* Import of old SSLeay release: SSLeay 0.8.1bRalf S. Engelschall1998-12-211-0/+116
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 10:57:08 +0000