Add support for raw extensions. This means that you can include the DER encoding

of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension.
author: Dr. Stephen Henson <steve@openssl.org> 1999-02-14 16:48:22 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-02-14 16:48:22 +0000
commit: 388ff0b076430b4fbcf5cf30575a304def28bf2d (patch)
tree: a63b9651f5f241e4a88319efdccefd0bb30f5186 /apps/openssl.cnf
parent: 6013fa839537b820c0a19d77344dc03392174a8b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 81dee57055..e5e2eee56f 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -156,3 +156,8 @@ keyUsage = cRLSign, keyCertSign
 
 # Some might want this also
 #nsCertType = sslCA, emailCA
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
author	Dr. Stephen Henson <steve@openssl.org>	1999-02-14 16:48:22 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-02-14 16:48:22 +0000
commit	388ff0b076430b4fbcf5cf30575a304def28bf2d (patch)
tree	a63b9651f5f241e4a88319efdccefd0bb30f5186 /apps/openssl.cnf
parent	6013fa839537b820c0a19d77344dc03392174a8b (diff)