diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-02-14 16:48:22 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-02-14 16:48:22 +0000 |
commit | 388ff0b076430b4fbcf5cf30575a304def28bf2d (patch) | |
tree | a63b9651f5f241e4a88319efdccefd0bb30f5186 /apps/openssl.cnf | |
parent | 6013fa839537b820c0a19d77344dc03392174a8b (diff) |
Add support for raw extensions. This means that you can include the DER encoding
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
Diffstat (limited to 'apps/openssl.cnf')
-rw-r--r-- | apps/openssl.cnf | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 81dee57055..e5e2eee56f 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -156,3 +156,8 @@ keyUsage = cRLSign, keyCertSign # Some might want this also #nsCertType = sslCA, emailCA + +# RAW DER hex encoding of an extension: beware experts only! +# 1.2.3.5=RAW:02:03 +# You can even override a supported extension: +# basicConstraints= critical, RAW:30:03:01:01:FF |