From 388ff0b076430b4fbcf5cf30575a304def28bf2d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 14 Feb 1999 16:48:22 +0000
Subject: Add support for raw extensions. This means that you can include the
 DER encoding of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56
 Using this technique currently unsupported extensions can be generated if you
 know their DER encoding. Even if the extension is supported in future the raw
 extension will still work: that is the raw version can always be used even if
 it is a supported extension.

---
 apps/openssl.cnf | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'apps/openssl.cnf')

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 81dee57055..e5e2eee56f 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -156,3 +156,8 @@ keyUsage = cRLSign, keyCertSign
 
 # Some might want this also
 #nsCertType = sslCA, emailCA
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
-- 
cgit v1.2.3