net/data/ssl/scripts/policy.cnf - Issue 2735733003: Disable commonName matching for certificates

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/data/ssl/scripts/policy.cnf

Issue 2735733003: Disable commonName matching for certificates (Closed)

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 CA_DIR=out	1 CA_DIR=out

2 CA_NAME=policy-root	2 CA_NAME=policy-root

	3 SAN=policy_test.example

3	4

4 [ca]	5 [ca]

5 default_ca = CA_root	6 default_ca = CA_root

6 preserve = yes	7 preserve = yes

7	8

8 [CA_root]	9 [CA_root]

9 dir = ${ENV::CA_DIR}	10 dir = ${ENV::CA_DIR}

10 key_size = 2048	11 key_size = 2048

11 algo = sha256	12 algo = sha256

12 database = $dir/${ENV::CA_NAME}-index.txt	13 database = $dir/${ENV::CA_NAME}-index.txt

13 new_certs_dir = $dir	14 new_certs_dir = $dir

14 serial = $dir/${ENV::CA_NAME}-serial	15 serial = $dir/${ENV::CA_NAME}-serial

15 certificate = $dir/${ENV::CA_NAME}.pem	16 certificate = $dir/${ENV::CA_NAME}.pem

16 private_key = $dir/${ENV::CA_NAME}.key	17 private_key = $dir/${ENV::CA_NAME}.key

17 RANDFILE = $dir/.rand	18 RANDFILE = $dir/.rand

18 default_days = 3650	19 default_days = 3650

19 default_crl_days = 30	20 default_crl_days = 30

20 default_md = sha256	21 default_md = sha256

21 policy = policy_anything	22 policy = policy_anything

22 unique_subject = no	23 unique_subject = no

23 copy_extensions = copy	24 copy_extensions = copy

24	25

25 [user_cert]	26 [user_cert]

26 basicConstraints = critical, CA:false	27 basicConstraints = critical, CA:false

27 extendedKeyUsage = serverAuth, clientAuth	28 extendedKeyUsage = serverAuth, clientAuth

28 certificatePolicies = 1.2.3.4	29 certificatePolicies = 1.2.3.4

	30 subjectAltName = DNS:${ENV::SAN}

29	31

30 [ca_cert]	32 [ca_cert]

31 basicConstraints = critical, CA:true	33 basicConstraints = critical, CA:true

32 keyUsage = critical, digitalSignature, keyCertSign, cRLSign	34 keyUsage = critical, digitalSignature, keyCertSign, cRLSign

33	35

34 [intermediate_cert]	36 [intermediate_cert]

35 basicConstraints = critical, CA:true	37 basicConstraints = critical, CA:true

36 keyUsage = critical, digitalSignature, keyCertSign, cRLSign	38 keyUsage = critical, digitalSignature, keyCertSign, cRLSign

37 policyConstraints = requireExplicitPolicy:0	39 policyConstraints = requireExplicitPolicy:0

38 certificatePolicies = 1.2.3.4, 1.2.3.4.5, 1.2.3.5	40 certificatePolicies = 1.2.3.4, 1.2.3.4.5, 1.2.3.5

(...skipping 12 matching lines...) Expand all Loading...
51 default_bits = 2048	53 default_bits = 2048

52 default_md = sha256	54 default_md = sha256

53 string_mask = utf8only	55 string_mask = utf8only

54 prompt = no	56 prompt = no

55 encrypt_key = no	57 encrypt_key = no

56 distinguished_name = req_env_dn	58 distinguished_name = req_env_dn

57	59

58 [req_env_dn]	60 [req_env_dn]

59 CN = ${ENV::COMMON_NAME}	61 CN = ${ENV::COMMON_NAME}

60	62

OLD	NEW

« no previous file with comments | « net/data/ssl/scripts/generate-test-certs.sh ('k') | net/data/ssl/scripts/redundant-ca.cnf » ('j') | no next file with comments »