From 1756d405cc0d5bf8fd0a40b8d103ee9314522171 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 6 Mar 1999 19:33:29 +0000 Subject: Added support for adding extensions to CRLs, also fix a memory leak and make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well. --- doc/README | 3 ++- doc/ext-conf.txt | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/README b/doc/README index 81c59803fd..669106854b 100644 --- a/doc/README +++ b/doc/README @@ -3,4 +3,5 @@ crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete} - + ext-conf.txt .... Text documentation about configuring new extension code. + buffer.txt ...... Text documentation about the buffer library. diff --git a/doc/ext-conf.txt b/doc/ext-conf.txt index b9cf5a5ab9..1d0f6fb3c3 100644 --- a/doc/ext-conf.txt +++ b/doc/ext-conf.txt @@ -14,8 +14,8 @@ PRINTING EXTENSIONS. Extension values are automatically printed out for supported extensions. -x509 -in cert.pem -text -crl -in crl.pem -text +openssl x509 -in cert.pem -text +openssl crl -in crl.pem -text will give information in the extension printout, for example: @@ -43,6 +43,16 @@ indicates which section contains the extensions. In the case of 'req' the extension section is used when the -x509 option is present to create a self signed root certificate. +You can also add extensions to CRLs: a line + +crl_extensions = crl_extension_section + +will include extensions when the -gencrl option is used with the 'ca' utility. +You can add any extension to a CRL but of the supported extensions only +issuerAltName and authorityKeyIdentifier make any real sense. Note: these are +CRL extensions NOT CRL *entry* extensions which cannot currently be generated. +CRL entry extensions can be displayed. + EXTENSION SYNTAX. Extensions have the basic form: -- cgit v1.2.3