| OLD | NEW |
|---|
| 1 [ca] | 1 [ca] |
| 2 default_ca = CA_root | 2 default_ca = CA_root |
| 3 preserve = yes | 3 preserve = yes |
| 4 | 4 |
| 5 # The default test root, used to generate certificates and CRLs. | 5 # The default test root, used to generate certificates and CRLs. |
| 6 [CA_root] | 6 [CA_root] |
| 7 dir = out | 7 dir = out |
| 8 key_size = 2048 | 8 key_size = 2048 |
| 9 algo = sha256 | 9 algo = sha256 |
| 10 cert_type = root | 10 cert_type = root |
| 11 database = $dir/${ENV::CA_ID}-index.txt | 11 database = $dir/${ENV::CA_ID}-index.txt |
| 12 new_certs_dir = $dir | 12 new_certs_dir = $dir |
| 13 serial = $dir/${ENV::CA_ID}-serial | 13 serial = $dir/${ENV::CA_ID}-serial |
| 14 certificate = $dir/${ENV::CA_ID}.pem | 14 certificate = $dir/${ENV::CA_ID}.pem |
| 15 private_key = $dir/${ENV::CA_ID}.key | 15 private_key = $dir/${ENV::CA_ID}.key |
| 16 RANDFILE = $dir/.rand | 16 RANDFILE = $dir/.rand |
| 17 default_days = 3650 | 17 default_days = 3650 |
| 18 default_crl_days = 30 | 18 default_crl_days = 30 |
| 19 default_md = sha256 | 19 default_md = sha256 |
| 20 policy = policy_anything | 20 policy = policy_anything |
| 21 unique_subject = no | 21 unique_subject = no |
| 22 copy_extensions = copy | 22 copy_extensions = copy |
| 23 | 23 |
| 24 [leaf_cert] | 24 [leaf_cert] |
| 25 # Extensions to add when signing a request for an leaf cert | 25 # Extensions to add when signing a request for an leaf cert |
| 26 basicConstraints = critical, CA:false | 26 basicConstraints = critical, CA:false |
| 27 subjectKeyIdentifier = hash | 27 subjectKeyIdentifier = hash |
| 28 authorityKeyIdentifier = keyid:always | 28 authorityKeyIdentifier = keyid:always |
| 29 extendedKeyUsage = serverAuth, clientAuth | 29 extendedKeyUsage = serverAuth, clientAuth |
| 30 subjectAltName = DNS:${ENV::CN} |
| 30 | 31 |
| 31 [ca_cert] | 32 [ca_cert] |
| 32 # Extensions to add when signing a request for an intermediate/CA cert | 33 # Extensions to add when signing a request for an intermediate/CA cert |
| 33 basicConstraints = critical, CA:true | 34 basicConstraints = critical, CA:true |
| 34 subjectKeyIdentifier = hash | 35 subjectKeyIdentifier = hash |
| 35 authorityKeyIdentifier = keyid:always | 36 authorityKeyIdentifier = keyid:always |
| 36 keyUsage = critical, keyCertSign, cRLSign | 37 keyUsage = critical, keyCertSign, cRLSign |
| 37 | 38 |
| 38 [policy_anything] | 39 [policy_anything] |
| 39 # Default signing policy | 40 # Default signing policy |
| 40 countryName = optional | 41 countryName = optional |
| 41 stateOrProvinceName = optional | 42 stateOrProvinceName = optional |
| 42 localityName = optional | 43 localityName = optional |
| 43 organizationName = optional | 44 organizationName = optional |
| 44 organizationalUnitName = optional | 45 organizationalUnitName = optional |
| 45 commonName = optional | 46 commonName = optional |
| 46 emailAddress = optional | 47 emailAddress = optional |
| 47 | 48 |
| 48 [req] | 49 [req] |
| 49 default_bits = 2048 | 50 default_bits = 2048 |
| 50 default_md = sha256 | 51 default_md = sha256 |
| 51 string_mask = utf8only | 52 string_mask = utf8only |
| 52 prompt = no | 53 prompt = no |
| 53 encrypt_key = no | 54 encrypt_key = no |
| 54 distinguished_name = dn | 55 distinguished_name = dn |
| 55 | 56 |
| 56 [dn] | 57 [dn] |
| 57 CN = $ENV::CN | 58 CN = ${ENV::CN} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2735733003:
Disable commonName matching for certificates (Closed)
