| OLD | NEW |
|---|
| 1 CA_DIR = out | 1 CA_DIR = out |
| 2 | 2 |
| 3 [ca] | 3 [ca] |
| 4 default_ca = CA_root | 4 default_ca = CA_root |
| 5 preserve = yes | 5 preserve = yes |
| 6 | 6 |
| 7 # The default test root, used to generate certificates and CRLs. | 7 # The default test root, used to generate certificates and CRLs. |
| 8 [CA_root] | 8 [CA_root] |
| 9 dir = ${ENV::CA_DIR} | 9 dir = ${ENV::CA_DIR} |
| 10 database = ${dir}/${ENV::CERTIFICATE}-index.txt | 10 database = ${dir}/${ENV::CERTIFICATE}-index.txt |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 # Extensions to add when signing a request for an EE cert | 23 # Extensions to add when signing a request for an EE cert |
| 24 basicConstraints = critical, CA:false | 24 basicConstraints = critical, CA:false |
| 25 subjectKeyIdentifier = hash | 25 subjectKeyIdentifier = hash |
| 26 authorityKeyIdentifier = keyid:always | 26 authorityKeyIdentifier = keyid:always |
| 27 extendedKeyUsage = serverAuth,clientAuth | 27 extendedKeyUsage = serverAuth,clientAuth |
| 28 | 28 |
| 29 [ca_cert] | 29 [ca_cert] |
| 30 # Extensions to add when signing a request for an intermediate/CA cert | 30 # Extensions to add when signing a request for an intermediate/CA cert |
| 31 basicConstraints = critical, CA:true | 31 basicConstraints = critical, CA:true |
| 32 subjectKeyIdentifier = hash | 32 subjectKeyIdentifier = hash |
| 33 #authorityKeyIdentifier = keyid:always | |
| 34 keyUsage = critical, keyCertSign, cRLSign | 33 keyUsage = critical, keyCertSign, cRLSign |
| 35 | 34 |
| 35 [ca_cert_with_aki] |
| 36 # Extensions to add when signing a request for an intermediate/CA cert |
| 37 basicConstraints = critical, CA:true |
| 38 subjectKeyIdentifier = hash |
| 39 authorityKeyIdentifier = keyid:always |
| 40 keyUsage = critical, keyCertSign, cRLSign |
| 41 |
| 42 |
| 36 [crl_extensions] | 43 [crl_extensions] |
| 37 # Extensions to add when signing a CRL | 44 # Extensions to add when signing a CRL |
| 38 authorityKeyIdentifier = keyid:always | 45 authorityKeyIdentifier = keyid:always |
| 39 | 46 |
| 40 [policy_anything] | 47 [policy_anything] |
| 41 # Default signing policy | 48 # Default signing policy |
| 42 countryName = optional | 49 countryName = optional |
| 43 stateOrProvinceName = optional | 50 stateOrProvinceName = optional |
| 44 localityName = optional | 51 localityName = optional |
| 45 organizationName = optional | 52 organizationName = optional |
| 46 organizationalUnitName = optional | 53 organizationalUnitName = optional |
| 47 commonName = optional | 54 commonName = optional |
| 48 emailAddress = optional | 55 emailAddress = optional |
| 49 | 56 |
| 50 [req] | 57 [req] |
| 51 # The request section used to generate certificate requests. | 58 # The request section used to generate certificate requests. |
| 52 default_bits = 2048 | 59 default_bits = 2048 |
| 53 default_md = sha256 | 60 default_md = sha256 |
| 54 string_mask = utf8only | 61 string_mask = utf8only |
| 55 prompt = no | 62 prompt = no |
| 56 encrypt_key = no | 63 encrypt_key = no |
| 57 distinguished_name = req_env_dn | 64 distinguished_name = req_env_dn |
| 58 | 65 |
| 59 [req_env_dn] | 66 [req_env_dn] |
| 60 CN = ${ENV::CA_COMMON_NAME} | 67 CN = ${ENV::CA_COMMON_NAME} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1557133002:
Perform CRLSet evaluation during Path Building on Windows (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master