From 0be9747b39568ff4974335836369726f8b3bcf35 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 17 Feb 1999 23:22:57 +0000
Subject: Oops! Remeber to include the other patches this time...

---
 apps/openssl.cnf | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'apps/openssl.cnf')

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index e5e2eee56f..fbf0a1ba7f 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -127,7 +127,11 @@ basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations
 subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
 
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -147,6 +151,8 @@ basicConstraints = CA:true
 
 subjectKeyIdentifier=hash
 
+authorityKeyIdentifier=keyid:always,issuer:always
+
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
-- 
cgit v1.2.3