summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/hx509/data/openssl.1.0.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/hx509/data/openssl.1.0.cnf')
-rw-r--r--third_party/heimdal/lib/hx509/data/openssl.1.0.cnf190
1 files changed, 190 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/hx509/data/openssl.1.0.cnf b/third_party/heimdal/lib/hx509/data/openssl.1.0.cnf
new file mode 100644
index 0000000..b014656
--- /dev/null
+++ b/third_party/heimdal/lib/hx509/data/openssl.1.0.cnf
@@ -0,0 +1,190 @@
+oid_section = new_oids
+
+[new_oids]
+pkkdcekuoid = 1.3.6.1.5.2.3.5
+
+[ca]
+
+default_ca = user
+
+[usr]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[ocsp]
+database = index.txt
+serial = serial
+x509_extensions = ocsp_cert
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[usr_ke]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert_ke
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[usr_ds]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert_ds
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[pkinit_client]
+database = index.txt
+serial = serial
+x509_extensions = pkinit_client_cert
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[pkinit_kdc]
+database = index.txt
+serial = serial
+x509_extensions = pkinit_kdc_cert
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[https]
+database = index.txt
+serial = serial
+x509_extensions = https_cert
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+[subca]
+database = index.txt
+serial = serial
+x509_extensions = v3_ca
+default_md=sha1
+policy = policy_match
+email_in_dn = no
+certs = .
+
+
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca # The extensions to add to the self signed cert
+
+string_mask = utf8only
+
+[v3_ca]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
+
+[usr_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+
+[usr_cert_ke]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, keyEncipherment
+subjectKeyIdentifier = hash
+
+[proxy_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
+
+[pkinitc_principals]
+princ1 = GeneralString:bar
+
+[pkinitc_principal_seq]
+name_type = EXP:0,INTEGER:1
+name_string = EXP:1,SEQUENCE:pkinitc_principals
+
+[pkinitc_princ_name]
+realm = EXP:0,GeneralString:TEST.H5L.SE
+principal_name = EXP:1,SEQUENCE:pkinitc_principal_seq
+
+[pkinit_client_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
+
+[https_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#extendedKeyUsage = https-server XXX
+subjectKeyIdentifier = hash
+
+[pkinit_kdc_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = pkkdcekuoid
+subjectKeyIdentifier = hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
+
+[pkinitkdc_princ_name]
+realm = EXP:0,GeneralString:TEST.H5L.SE
+principal_name = EXP:1,SEQUENCE:pkinitkdc_principal_seq
+
+[pkinitkdc_principal_seq]
+name_type = EXP:0,INTEGER:1
+name_string = EXP:1,SEQUENCE:pkinitkdc_principals
+
+[pkinitkdc_principals]
+princ1 = GeneralString:krbtgt
+princ2 = GeneralString:TEST.H5L.SE
+
+[proxy10_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
+
+[usr_cert_ds]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature
+subjectKeyIdentifier = hash
+
+[ocsp_cert]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# ocsp-nocheck and kp-OCSPSigning
+extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
+subjectKeyIdentifier = hash
+
+[req_distinguished_name]
+countryName = Country Name (2 letter code)
+countryName_default = SE
+countryName_min = 2
+countryName_max = 2
+
+organizationalName = Organizational Unit Name (eg, section)
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+#[req_attributes]
+#challengePassword = A challenge password
+#challengePassword_min = 4
+#challengePassword_max = 20
+
+[policy_match]
+countryName = match
+commonName = supplied