Added support for adding extensions to CRLs, also fix a memory leak and

make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well.
author: Dr. Stephen Henson <steve@openssl.org> 1999-03-06 19:33:29 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-03-06 19:33:29 +0000
commit: 1756d405cc0d5bf8fd0a40b8d103ee9314522171 (patch)
tree: fb862f3f0c53144b518ebf0eec245a10a355fa90 /apps/openssl.cnf
parent: 116e315303d87c1974500a89dc3ff2fe7f88e59d (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 49cff56f35..ac442a732b 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -35,6 +35,7 @@ private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
 x509_extensions	= usr_cert		# The extentions to add to the cert
+crl_extensions	= crl_ext		# Extensions to add to CRL
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
@@ -188,3 +189,11 @@ issuerAltName=issuer:copy
 # 1.2.3.5=RAW:02:03
 # You can even override a supported extension:
 # basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
author	Dr. Stephen Henson <steve@openssl.org>	1999-03-06 19:33:29 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-03-06 19:33:29 +0000
commit	1756d405cc0d5bf8fd0a40b8d103ee9314522171 (patch)
tree	fb862f3f0c53144b518ebf0eec245a10a355fa90 /apps/openssl.cnf
parent	116e315303d87c1974500a89dc3ff2fe7f88e59d (diff)