| Index: net/tools/quic/certs/ca.cnf
|
| diff --git a/net/tools/quic/certs/ca.cnf b/net/tools/quic/certs/ca.cnf
|
| index da0e416af5c6e4a6dd3d32c4586c48f2f9cf3ad0..b9ac53a34a1abe1f49cf0616e2b846cf81d28c79 100644
|
| --- a/net/tools/quic/certs/ca.cnf
|
| +++ b/net/tools/quic/certs/ca.cnf
|
| @@ -36,23 +36,11 @@ subjectKeyIdentifier = hash
|
| authorityKeyIdentifier = keyid:always
|
| extendedKeyUsage = serverAuth,clientAuth
|
|
|
| -[name_constraint_bad]
|
| -# A leaf cert that will violate the root's imposed name constraints
|
| -basicConstraints = critical, CA:false
|
| -subjectKeyIdentifier = hash
|
| -authorityKeyIdentifier = keyid:always
|
| -extendedKeyUsage = serverAuth,clientAuth
|
| -subjectAltName = @san_name_constraint_bad
|
| -
|
| [ca_cert]
|
| # Extensions to add when signing a request for an intermediate/CA cert
|
| basicConstraints = critical, CA:true
|
| subjectKeyIdentifier = hash
|
| -#authorityKeyIdentifier = keyid:always
|
| keyUsage = critical, keyCertSign, cRLSign
|
| -nameConstraints = permitted;DNS:mail.example.com
|
| -nameConstraints = permitted;DNS:mail.example.org
|
| -nameConstraints = permitted;DNS:www.example.com
|
|
|
| [crl_extensions]
|
| # Extensions to add when signing a CRL
|
|
|
Chromium Code Reviews
Issue 1366693003:
Remove name constraints from QUIC test leaf cert. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master