net/data/ssl/scripts/ca.cnf - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/data/ssl/scripts/ca.cnf

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 [ca]

	2 default_ca = CA_root

	3 preserve = yes

	4

	5 # The default test root, used to generate certificates and CRLs.

	6 [CA_root]

	7 dir = $ENV::CA_DIR

	8 key_size = $ENV::KEY_SIZE

	9 algo = $ENV::ALGO

	10 cert_type = $ENV::CERT_TYPE

	11 type = $key_size-$algo-$cert_type

	12 database = $dir/$type-index.txt

	13 new_certs_dir = $dir

	14 serial = $dir/$type-serial

	15 certificate = $dir/$type.pem

	16 private_key = $dir/$type.key

	17 RANDFILE = $dir/.rand

	18 default_days = 3650

	19 default_crl_days = 30

	20 default_md = sha1

	21 policy = policy_anything

	22 unique_subject = no

	23 copy_extensions = copy

	24

	25 [user_cert]

	26 # Extensions to add when signing a request for an EE cert

	27 basicConstraints = critical, CA:false

	28 subjectKeyIdentifier = hash

	29 authorityKeyIdentifier = keyid:always

	30 extendedKeyUsage = serverAuth,clientAuth

	31

	32 [ca_cert]

	33 # Extensions to add when signing a request for an intermediate/CA cert

	34 basicConstraints = critical, CA:true

	35 subjectKeyIdentifier = hash

	36 #authorityKeyIdentifier = keyid:always

	37 keyUsage = critical, keyCertSign, cRLSign

	38

	39 [crl_extensions]

	40 # Extensions to add when signing a CRL

	41 authorityKeyIdentifier = keyid:always

	42

	43 [policy_anything]

	44 # Default signing policy

	45 countryName = optional

	46 stateOrProvinceName = optional

	47 localityName = optional

	48 organizationName = optional

	49 organizationalUnitName = optional

	50 commonName = optional

	51 emailAddress = optional

	52

	53 [req]

	54 # The request section used to generate the root CA certificate. This should

	55 # not be used to generate end-entity certificates. For certificates other

	56 # than the root CA, see README to find the appropriate configuration file

	57 # (ie: openssl_cert.cnf).

	58 default_bits = $ENV::KEY_SIZE

	59 default_md = sha1

	60 string_mask = utf8only

	61 prompt = no

	62 encrypt_key = no

	63 distinguished_name = $ENV::CA_NAME

	64 x509_extensions = req_ca_exts

	65

	66 [req_ca_dn]

	67 C = US

	68 ST = California

	69 L = Mountain View

	70 O = Test CA

	71 CN = Test Root CA

	72

	73 [req_intermediate_dn]

	74 C = US

	75 ST = California

	76 L = Mountain View

	77 O = Test CA

	78 CN = Test Intermediate CA

	79

	80 [req_env_dn]

	81 CN = $ENV::CA_COMMON_NAME

	82

	83 [req_ca_exts]

	84 basicConstraints = critical, CA:true

	85 keyUsage = critical, keyCertSign, cRLSign

	86 subjectKeyIdentifier = hash

OLD	NEW

« net/base/x509_certificate_unittest.cc ('K') | « net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem ('k') | net/data/ssl/scripts/ee.cnf » ('j') | net/data/ssl/scripts/ee.cnf » ('J')