diff options
Diffstat (limited to 'doc/man5/x509v3_config.pod')
-rw-r--r-- | doc/man5/x509v3_config.pod | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index f8bc6d0ff1..fb7c3aaff7 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -142,15 +142,15 @@ Examples: =head2 Extended Key Usage This extension consists of a list of values indicating purposes for which -the certificate public key can be used for, Each value can be either a -short text name or an OID. +the certificate public key can be used. +Each value can be either a short text name or an OID. The following text names, and their intended meaning, are known: - Value Meaning - ----- ------- - serverAuth SSL/TLS Web Server Authentication - clientAuth SSL/TLS Web Client Authentication - codeSigning Code signing + Value Meaning according to RFC 5280 etc. + ----- ---------------------------------- + serverAuth SSL/TLS WWW Server Authentication + clientAuth SSL/TLS WWW Client Authentication + codeSigning Code Signing emailProtection E-mail Protection (S/MIME) timeStamping Trusted Timestamping OCSPSigning OCSP Signing @@ -160,6 +160,10 @@ The following text names, and their intended meaning, are known: msCTLSign Microsoft Trust List Signing msEFS Microsoft Encrypted File System +While IETF RFC 5280 says that B<id-kp-serverAuth> and B<id-kp-clientAuth> +are only for WWW use, in practice they are used for all kinds of TLS clients +and servers, and this is what OpenSSL assumes as well. + Examples: extendedKeyUsage = critical, codeSigning, 1.2.3.4 |