net/data/ssl/scripts/ca.cnf - Issue 992733002: Remove //net (except for Android test stuff) and sdch

Side by Side Diff: net/data/ssl/scripts/ca.cnf

Issue 992733002: Remove //net (except for Android test stuff) and sdch (Closed) Base URL: git@github.com:domokit/mojo.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 # Defaults in the event they're not set in the environment

2 CA_DIR = out

3 KEY_SIZE = 2048

4 ALGO = sha256

5 CERT_TYPE = root

6 CA_NAME = req_env_dn

7

8 [ca]

9 default_ca = CA_root

10 preserve = yes

11

12 # The default test root, used to generate certificates and CRLs.

13 [CA_root]

14 dir = $ENV::CA_DIR

15 key_size = $ENV::KEY_SIZE

16 algo = $ENV::ALGO

17 cert_type = $ENV::CERT_TYPE

18 type = $key_size-$algo-$cert_type

19 database = $dir/$type-index.txt

20 new_certs_dir = $dir

21 serial = $dir/$type-serial

22 certificate = $dir/$type.pem

23 private_key = $dir/$type.key

24 RANDFILE = $dir/.rand

25 default_days = 3650

26 default_crl_days = 30

27 default_md = sha256

28 policy = policy_anything

29 unique_subject = no

30 copy_extensions = copy

31

32 [user_cert]

33 # Extensions to add when signing a request for an EE cert

34 basicConstraints = critical, CA:false

35 subjectKeyIdentifier = hash

36 authorityKeyIdentifier = keyid:always

37 extendedKeyUsage = serverAuth,clientAuth

38

39 [name_constraint_bad]

40 # A leaf cert that will violate the root's imposed name constraints

41 basicConstraints = critical, CA:false

42 subjectKeyIdentifier = hash

43 authorityKeyIdentifier = keyid:always

44 extendedKeyUsage = serverAuth,clientAuth

45 subjectAltName = @san_name_constraint_bad

46

47 [name_constraint_good]

48 # A leaf cert that will match the root's imposed name constraints

49 basicConstraints = critical, CA:false

50 subjectKeyIdentifier = hash

51 authorityKeyIdentifier = keyid:always

52 extendedKeyUsage = serverAuth,clientAuth

53 subjectAltName = @san_name_constraint_good

54

55 [san_name_constraint_bad]

56 DNS.1 = test.ExAmPlE.CoM

57 DNS.2 = test.ExAmPlE.OrG

58

59 [san_name_constraint_good]

60 DNS.1 = test.ExAmPlE.CoM

61 DNS.2 = example.notarealtld

62

63 [ca_cert]

64 # Extensions to add when signing a request for an intermediate/CA cert

65 basicConstraints = critical, CA:true

66 subjectKeyIdentifier = hash

67 #authorityKeyIdentifier = keyid:always

68 keyUsage = critical, keyCertSign, cRLSign

69

70 [crl_extensions]

71 # Extensions to add when signing a CRL

72 authorityKeyIdentifier = keyid:always

73

74 [policy_anything]

75 # Default signing policy

76 countryName = optional

77 stateOrProvinceName = optional

78 localityName = optional

79 organizationName = optional

80 organizationalUnitName = optional

81 commonName = optional

82 emailAddress = optional

83

84 [req]

85 # The request section used to generate the root CA certificate. This should

86 # not be used to generate end-entity certificates. For certificates other

87 # than the root CA, see README to find the appropriate configuration file

88 # (ie: openssl_cert.cnf).

89 default_bits = $ENV::KEY_SIZE

90 default_md = sha256

91 string_mask = utf8only

92 prompt = no

93 encrypt_key = no

94 distinguished_name = $ENV::CA_NAME

95 x509_extensions = req_ca_exts

96

97 [req_ca_dn]

98 C = US

99 ST = California

100 L = Mountain View

101 O = Test CA

102 CN = Test Root CA

103

104 [req_intermediate_dn]

105 C = US

106 ST = California

107 L = Mountain View

108 O = Test CA

109 CN = Test Intermediate CA

110

111 [req_env_dn]

112 CN = $ENV::CA_COMMON_NAME

113

114 [req_ca_exts]

115 basicConstraints = critical, CA:true

116 keyUsage = critical, keyCertSign, cRLSign

117 subjectKeyIdentifier = hash

OLD	NEW

« no previous file with comments | « net/data/ssl/scripts/aia-test.cnf ('k') | net/data/ssl/scripts/client-certs.cnf » ('j') | no next file with comments »