Index: net/data/ssl/scripts/ee.cnf |
diff --git a/net/data/ssl/scripts/ee.cnf b/net/data/ssl/scripts/ee.cnf |
index 5214f9e97f200397f4b6c04ed002af20433e6fdc..fa2a89b6ebf46fbc56b5e3a6fd0297b1a1df10e8 100644 |
--- a/net/data/ssl/scripts/ee.cnf |
+++ b/net/data/ssl/scripts/ee.cnf |
@@ -3,7 +3,7 @@ KEY_SIZE = 2048 |
[req] |
default_bits = ${ENV::KEY_SIZE} |
-default_md = sha1 |
+default_md = sha256 |
string_mask = utf8only |
prompt = no |
encrypt_key = no |
@@ -25,9 +25,16 @@ CN = Duplicate |
O = Bar |
CN = Duplicate |
+[req_punycode_dn] |
+CN = xn--wgv71a119e.com |
+ |
[req_extensions] |
subjectAltName = IP:127.0.0.1 |
+[req_punycode] |
+basicConstraints = critical, CA:true |
+subjectAltName = @punycode_san |
+ |
[req_san_sanity] |
basicConstraints = critical, CA:true |
subjectAltName = @san_sanity |
@@ -50,3 +57,8 @@ CN=127.0.0.3 |
DNS.1 = www.example.org |
DNS.2 = mail.example.org |
DNS.3 = mail.example.com |
+ |
+[punycode_san] |
+DNS.1 = xn--wgv71a119e.com |
+DNS.2 = *.xn--wgv71a119e.com |
+DNS.3 = blahblahblahblah.com |