diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-03-06 19:33:29 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-03-06 19:33:29 +0000 |
commit | 1756d405cc0d5bf8fd0a40b8d103ee9314522171 (patch) | |
tree | fb862f3f0c53144b518ebf0eec245a10a355fa90 /apps/openssl.cnf | |
parent | 116e315303d87c1974500a89dc3ff2fe7f88e59d (diff) |
Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
Diffstat (limited to 'apps/openssl.cnf')
-rw-r--r-- | apps/openssl.cnf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 49cff56f35..ac442a732b 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -35,6 +35,7 @@ private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert +crl_extensions = crl_ext # Extensions to add to CRL default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # which md to use. @@ -188,3 +189,11 @@ issuerAltName=issuer:copy # 1.2.3.5=RAW:02:03 # You can even override a supported extension: # basicConstraints= critical, RAW:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always |