Oops! Remeber to include the other patches this time...

author: Dr. Stephen Henson <steve@openssl.org> 1999-02-17 23:22:57 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-02-17 23:22:57 +0000
commit: 0be9747b39568ff4974335836369726f8b3bcf35 (patch)
tree: 2cd5381297f7a617fcb760ad3b0be925185d8074 /apps/openssl.cnf
parent: 3d8accc3ae7a6899ac67719bd9e7f24892de4f21 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index e5e2eee56f..fbf0a1ba7f 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -127,7 +127,11 @@ basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations
 subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
 
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -147,6 +151,8 @@ basicConstraints = CA:true
 
 subjectKeyIdentifier=hash
 
+authorityKeyIdentifier=keyid:always,issuer:always
+
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
author	Dr. Stephen Henson <steve@openssl.org>	1999-02-17 23:22:57 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-02-17 23:22:57 +0000
commit	0be9747b39568ff4974335836369726f8b3bcf35 (patch)
tree	2cd5381297f7a617fcb760ad3b0be925185d8074 /apps/openssl.cnf
parent	3d8accc3ae7a6899ac67719bd9e7f24892de4f21 (diff)