Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(657)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/aia-test.cnf

Issue 2735733003: Disable commonName matching for certificates (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/certificates/reject_intranet_hosts.pem ('k') | net/data/ssl/scripts/ee.cnf » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CA_DIR=out 1 CA_DIR=out
2 CA_NAME=aia-test-root 2 CA_NAME=aia-test-root
3 AIA_URL=http://aia-test.invalid 3 AIA_URL=http://aia-test.invalid
4 HOST_NAME=aia-host.invalid
4 5
5 [ca] 6 [ca]
6 default_ca = CA_root 7 default_ca = CA_root
7 preserve = yes 8 preserve = yes
8 9
9 [CA_root] 10 [CA_root]
10 dir = ${ENV::CA_DIR} 11 dir = ${ENV::CA_DIR}
11 key_size = 2048 12 key_size = 2048
12 algo = sha256 13 algo = sha256
13 database = $dir/${ENV::CA_NAME}-index.txt 14 database = $dir/${ENV::CA_NAME}-index.txt
14 new_certs_dir = $dir 15 new_certs_dir = $dir
15 serial = $dir/${ENV::CA_NAME}-serial 16 serial = $dir/${ENV::CA_NAME}-serial
16 certificate = $dir/${ENV::CA_NAME}.pem 17 certificate = $dir/${ENV::CA_NAME}.pem
17 private_key = $dir/${ENV::CA_NAME}.key 18 private_key = $dir/${ENV::CA_NAME}.key
18 RANDFILE = $dir/.rand 19 RANDFILE = $dir/.rand
19 default_days = 3650 20 default_days = 3650
20 default_crl_days = 30 21 default_crl_days = 30
21 default_md = sha256 22 default_md = sha256
22 policy = policy_anything 23 policy = policy_anything
23 unique_subject = no 24 unique_subject = no
24 copy_extensions = copy 25 copy_extensions = copy
25 26
26 [user_cert] 27 [user_cert]
27 basicConstraints = critical, CA:false 28 basicConstraints = critical, CA:false
28 extendedKeyUsage = serverAuth, clientAuth 29 extendedKeyUsage = serverAuth, clientAuth
29 authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL} 30 authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL}
31 subjectAltName = DNS:${ENV::HOST_NAME}
30 32
31 [ca_cert] 33 [ca_cert]
32 basicConstraints = critical, CA:true 34 basicConstraints = critical, CA:true
33 keyUsage = critical, keyCertSign, cRLSign 35 keyUsage = critical, keyCertSign, cRLSign
34 36
35 [policy_anything] 37 [policy_anything]
36 # Default signing policy 38 # Default signing policy
37 countryName = optional 39 countryName = optional
38 stateOrProvinceName = optional 40 stateOrProvinceName = optional
39 localityName = optional 41 localityName = optional
40 organizationName = optional 42 organizationName = optional
41 organizationalUnitName = optional 43 organizationalUnitName = optional
42 commonName = optional 44 commonName = optional
43 emailAddress = optional 45 emailAddress = optional
44 46
45 [req] 47 [req]
46 default_bits = 2048 48 default_bits = 2048
47 default_md = sha256 49 default_md = sha256
48 string_mask = utf8only 50 string_mask = utf8only
49 prompt = no 51 prompt = no
50 encrypt_key = no 52 encrypt_key = no
51 distinguished_name = req_env_dn 53 distinguished_name = req_env_dn
52 54
53 [req_env_dn] 55 [req_env_dn]
54 CN = ${ENV::CA_COMMON_NAME} 56 CN = ${ENV::CA_COMMON_NAME}
55 57
OLDNEW
« no previous file with comments | « net/data/ssl/certificates/reject_intranet_hosts.pem ('k') | net/data/ssl/scripts/ee.cnf » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698