| OLD | NEW |
|---|
| 1 ID=1 | 1 ID=1 |
| 2 CA_DIR=out | 2 CA_DIR=out |
| 3 | 3 |
| 4 [ca] | 4 [ca] |
| 5 default_ca = ca_settings | 5 default_ca = ca_settings |
| 6 preserve = yes | 6 preserve = yes |
| 7 | 7 |
| 8 [ca_settings] | 8 [ca_settings] |
| 9 dir = ${ENV::CA_DIR} | 9 dir = ${ENV::CA_DIR} |
| 10 database = $dir/${ENV::ID}-index.txt | 10 database = $dir/${ENV::ID}-index.txt |
| 11 new_certs_dir = $dir | 11 new_certs_dir = $dir |
| 12 serial = $dir/${ENV::ID}-serial | 12 serial = $dir/${ENV::ID}-serial |
| 13 certificate = $dir/${ENV::ID}.pem | 13 certificate = $dir/${ENV::ID}.pem |
| 14 private_key = $dir/${ENV::ID}.key | 14 private_key = $dir/${ENV::ID}.key |
| 15 RANDFILE = $dir/rand | 15 RANDFILE = $dir/rand |
| 16 default_md = sha1 | 16 default_md = sha256 |
| 17 default_days = 3650 | 17 default_days = 3650 |
| 18 policy = policy_anything | 18 policy = policy_anything |
| 19 unique_subject = no | 19 unique_subject = no |
| 20 copy_extensions = copy | 20 copy_extensions = copy |
| 21 | 21 |
| 22 [policy_anything] | 22 [policy_anything] |
| 23 # Default signing policy | 23 # Default signing policy |
| 24 countryName = optional | 24 countryName = optional |
| 25 stateOrProvinceName = optional | 25 stateOrProvinceName = optional |
| 26 localityName = optional | 26 localityName = optional |
| 27 organizationName = optional | 27 organizationName = optional |
| 28 organizationalUnitName = optional | 28 organizationalUnitName = optional |
| 29 commonName = optional | 29 commonName = optional |
| 30 emailAddress = optional | 30 emailAddress = optional |
| 31 | 31 |
| 32 [req] | 32 [req] |
| 33 default_bits = 2048 | 33 default_bits = 2048 |
| 34 default_md = sha1 | 34 default_md = sha256 |
| 35 string_mask = utf8only | 35 string_mask = utf8only |
| 36 prompt = no | 36 prompt = no |
| 37 encrypt_key = no | 37 encrypt_key = no |
| 38 distinguished_name = req_env_dn | 38 distinguished_name = req_env_dn |
| 39 | 39 |
| 40 [user_cert] | 40 [user_cert] |
| 41 # Extensions to add when signing a request for an EE cert | 41 # Extensions to add when signing a request for an EE cert |
| 42 basicConstraints = critical, CA:false | 42 basicConstraints = critical, CA:false |
| 43 extendedKeyUsage = serverAuth,clientAuth | 43 extendedKeyUsage = serverAuth,clientAuth |
| 44 | 44 |
| 45 [ca_cert] | 45 [ca_cert] |
| 46 # Extensions to add when signing a request for an intermediate/CA cert | 46 # Extensions to add when signing a request for an intermediate/CA cert |
| 47 basicConstraints = critical, CA:true | 47 basicConstraints = critical, CA:true |
| 48 keyUsage = critical, keyCertSign, cRLSign | 48 keyUsage = critical, keyCertSign, cRLSign |
| 49 | 49 |
| 50 [req_env_dn] | 50 [req_env_dn] |
| 51 CN = ${ENV::COMMON_NAME} | 51 CN = ${ENV::COMMON_NAME} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 515583004:
Update test cert generation scripts to use SHA-256 by default (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test_cert_scripts