Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(731)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/redundant-ca.cnf

Issue 2719273002: Disable commonName matching for certificates (Closed)
Patch Set: More ChromeOS fixes Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/scripts/policy.cnf ('k') | net/quic/chromium/quic_network_transaction_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CA_DIR = out 1 CA_DIR = out
2 2
3 [ca] 3 [ca]
4 default_ca = CA_root 4 default_ca = CA_root
5 preserve = yes 5 preserve = yes
6 6
7 # The default test root, used to generate certificates and CRLs. 7 # The default test root, used to generate certificates and CRLs.
8 [CA_root] 8 [CA_root]
9 dir = ${ENV::CA_DIR} 9 dir = ${ENV::CA_DIR}
10 database = ${dir}/${ENV::CERTIFICATE}-index.txt 10 database = ${dir}/${ENV::CERTIFICATE}-index.txt
11 new_certs_dir = ${dir} 11 new_certs_dir = ${dir}
12 serial = ${dir}/${ENV::CERTIFICATE}-serial 12 serial = ${dir}/${ENV::CERTIFICATE}-serial
13 certificate = ${dir}/${ENV::CERTIFICATE}.pem 13 certificate = ${dir}/${ENV::CERTIFICATE}.pem
14 private_key = ${dir}/${ENV::CERTIFICATE}.key 14 private_key = ${dir}/${ENV::CERTIFICATE}.key
15 RANDFILE = ${dir}/rand 15 RANDFILE = ${dir}/rand
16 default_days = 3650 16 default_days = 3650
17 default_crl_days = 30 17 default_crl_days = 30
18 default_md = sha256 18 default_md = sha256
19 policy = policy_anything 19 policy = policy_anything
20 unique_subject = no 20 unique_subject = no
21 21
22 [user_cert] 22 [user_cert]
23 # Extensions to add when signing a request for an EE cert 23 # Extensions to add when signing a request for an EE cert
24 basicConstraints = critical, CA:false 24 basicConstraints = critical, CA:false
25 subjectKeyIdentifier = hash 25 subjectKeyIdentifier = hash
26 authorityKeyIdentifier = keyid:always 26 authorityKeyIdentifier = keyid:always
27 extendedKeyUsage = serverAuth,clientAuth 27 extendedKeyUsage = serverAuth,clientAuth
28 subjectAltName = IP:127.0.0.1
28 29
29 [ca_cert] 30 [ca_cert]
30 # Extensions to add when signing a request for an intermediate/CA cert 31 # Extensions to add when signing a request for an intermediate/CA cert
31 basicConstraints = critical, CA:true 32 basicConstraints = critical, CA:true
32 subjectKeyIdentifier = hash 33 subjectKeyIdentifier = hash
33 keyUsage = critical, keyCertSign, cRLSign 34 keyUsage = critical, keyCertSign, cRLSign
34 35
35 [ca_cert_with_aki] 36 [ca_cert_with_aki]
36 # Extensions to add when signing a request for an intermediate/CA cert 37 # Extensions to add when signing a request for an intermediate/CA cert
37 basicConstraints = critical, CA:true 38 basicConstraints = critical, CA:true
(...skipping 20 matching lines...) Expand all
58 # The request section used to generate certificate requests. 59 # The request section used to generate certificate requests.
59 default_bits = 2048 60 default_bits = 2048
60 default_md = sha256 61 default_md = sha256
61 string_mask = utf8only 62 string_mask = utf8only
62 prompt = no 63 prompt = no
63 encrypt_key = no 64 encrypt_key = no
64 distinguished_name = req_env_dn 65 distinguished_name = req_env_dn
65 66
66 [req_env_dn] 67 [req_env_dn]
67 CN = ${ENV::CA_COMMON_NAME} 68 CN = ${ENV::CA_COMMON_NAME}
OLDNEW
« no previous file with comments | « net/data/ssl/scripts/policy.cnf ('k') | net/quic/chromium/quic_network_transaction_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698