summaryrefslogtreecommitdiffstats
path: root/apps/openssl.cnf
AgeCommit message (Collapse)Author
2011-12-06The default CN prompt message can be confusing when often the CN needs toDr. Stephen Henson
be the server FQDN: change it. [Reported by PSW Group]
2009-04-04Change default openssl.cnf to only use issuer+serial option in AKID if noDr. Stephen Henson
SKID.
2006-11-07Don't add the TS EKU by default in openssl.cnf because it thenDr. Stephen Henson
makes certificates genereated by ca, CA.pl etc useless for anything else.
2006-05-07Add support for default public key digest type ctrl.Dr. Stephen Henson
2006-02-12RFC 3161 compliant time stamp request creation, response generationUlf Möller
and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller
2005-09-16Change openssl.cnf to use UTF8Strings by default and not always include issuerDr. Stephen Henson
and serial versions of AKID.
2005-04-02use SHA-1 as the default digest for the apps/openssl commandsNils Larsch
2004-12-28Add functionality needed to process proxy certificates.Richard Levitte
2003-06-19Implement CRL numbers.Richard Levitte
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
2003-04-03Make it possible to have multiple active certificates with the sameRichard Levitte
subject.
2001-04-11Show an example of moving the emailAddress object from the subkect DNRichard Levitte
to subjectAltName when signing a certificate.
2001-03-16Add copy_extensions option to 'ca' utility.Dr. Stephen Henson
2001-03-15Add 'align' option to nameopt.Dr. Stephen Henson
Add default values for display by the 'ca' utility to openssl.cnf Update docs.
2001-03-04increase emailAddress_maxBodo Möller
2000-01-06Initial automation changes to 'req' and X509_ATTRIBUTE functions.Dr. Stephen Henson
2000-01-01Fix some of the command line password stuff. New functionDr. Stephen Henson
that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
1999-12-24Allow passwords to be included on command line for a fewDr. Stephen Henson
more utilities.
1999-10-27Continued multibyte character support.Dr. Stephen Henson
Add a bunch of functions to simplify the creation of X509_NAME structures. Change the X509_NAME_entry_add stuff in req/ca so it no longer uses X509_NAME_entry_count(): passing -1 has the same effect.
1999-08-25Allow extensions to be added to certificate requests, update the sampleDr. Stephen Henson
config file (change RAW to DER).
1999-08-08consistent styleRalf S. Engelschall
1999-05-19Include some notes on basic extension usage and change openssl.cnf to usuallyDr. Stephen Henson
do sensible things with extensions.
1999-05-17Rename "openssl x509" option "-config" to "-extfile", because itBodo Möller
doesn't have a default value like the "-config" options of other openssl subprograms.
1999-05-16Added a comment pointing out the behaviour of "openssl x509 -conf ...",Bodo Möller
which cost me some time to find out about.
1999-03-06Added support for adding extensions to CRLs, also fix a memory leak andDr. Stephen Henson
make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well.
1999-02-23Redo the way 'req' and 'ca' add objects: add support for oid_section.Dr. Stephen Henson
1999-02-21Add more functionality to issuer alt name and subject alt name. New optionsDr. Stephen Henson
to include email addresses from DN and copy details from issuer certificate. Include examples in openssl.cnf, update Win32 ordinals.
1999-02-17Oops! Remeber to include the other patches this time...Dr. Stephen Henson
1999-02-14Add support for raw extensions. This means that you can include the DER encodingDr. Stephen Henson
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension.
1999-02-10More extension code. Incomplete support for subject and issuer altDr. Stephen Henson
name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
1999-01-26Still more X509 V3 stuff. Modify ca.c to work with the new code and modifyDr. Stephen Henson
openssl.cnf for the new syntax.
1999-01-25More X509 V3 stuff. Add support for extensions in the 'req' applicationDr. Stephen Henson
so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built.
1999-01-02First cut of a cleanup for apps/. First the `ssleay' program is now namedRalf S. Engelschall
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no longer created. This way we have a single and consistent command line interface `openssl <command>', similar to `cvs <command>'. Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a repository copy, i.e. they still contain the complete file history.
1998-12-21Import of old SSLeay release: SSLeay 0.9.1b (unreleased)SSLeayRalf S. Engelschall
1998-12-21Import of old SSLeay release: SSLeay 0.8.1bRalf S. Engelschall
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 17:49:21 +0000