summaryrefslogtreecommitdiffstats
path: root/apps/openssl.cnf (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Check the configuration file by defaultDmitry Belyavskiy2020-11-051-0/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13310)
* Add FIPS related configuration data to the default openssl application ↵Shane Lontis2020-07-151-4/+30
| | | | | | | configuration file Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12333)
* Cleanup cert config files for testsRich Salz2020-06-031-53/+0
| | | | | | | | | | Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment from some cnf files Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11347)
* Chunk 11 of CMP contribution to OpenSSL: CMP command-line interfaceDr. David von Oheimb2020-05-131-0/+56
| | | | | | | | | | | Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470)
* Remove unnecessary trailing whitespaceSam Roberts2019-02-051-2/+2
| | | | | | | | | | | | Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8092)
* Create the .rnd file it it does not existBernd Edlinger2018-09-231-2/+0
| | | | | | | | | | | | | | | | | | | It's a bit annoying, since some commands try to read a .rnd file, and print an error message if the file does not exist. But previously a .rnd file was created on exit, and that does no longer happen. Fixed by continuing in app_RAND_load_conf regardless of the error in RAND_load_file. If the random number generator is still not initalized on exit, the function RAND_write_file will fail and no .rnd file would be created. Remove RANDFILE from openssl.cnf Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7217)
* Add support for .include directive in config filesTomas Mraz2018-03-051-0/+4
| | | | | | | | | | Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5351)
* Added support for ESSCertIDv2Marek Klein2017-05-031-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/771)
* RT3809: basicConstraints is criticalRich Salz2016-06-131-5/+1
| | | | | | | This is really a security bugfix, not enhancement any more. Everyone knows critical extensions. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Use better defaults for TSA.Dr. Stephen Henson2015-11-201-2/+2
| | | | | | | | Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org>
* Add support for signer_digest option in TS.Dr. Stephen Henson2015-11-201-1/+1
| | | | | | Based on PR#2145 Reviewed-by: Matt Caswell <matt@openssl.org>
* RT2626: Change default_bits from 1K to 2KKurt Roeckx2014-09-081-1/+1
| | | | | | | | | | This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* RT3408; fix some (not all suggested) typo's in openssl.cnfRich Salz2014-07-031-1/+1
|
* misspellings fixes by https://github.com/vlajos/misspell_fixerVeres Lajos2013-09-051-2/+2
|
* The default CN prompt message can be confusing when often the CN needs toDr. Stephen Henson2011-12-061-1/+1
| | | | | be the server FQDN: change it. [Reported by PSW Group]
* Updates from 1.0.0-stableDr. Stephen Henson2009-04-041-3/+3
|
* Don't add the TS EKU by default in openssl.cnf because it thenDr. Stephen Henson2006-11-071-1/+1
| | | | makes certificates genereated by ca, CA.pl etc useless for anything else.
* Add support for default public key digest type ctrl.Dr. Stephen Henson2006-05-071-1/+1
|
* RFC 3161 compliant time stamp request creation, response generationUlf Möller2006-02-131-1/+39
| | | | | | | and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller
* Change openssl.cnf to use UTF8Strings by default and not always include issuerDr. Stephen Henson2005-09-161-6/+5
| | | | and serial versions of AKID.
* use SHA-1 as the default digest for the apps/openssl commandsNils Larsch2005-04-021-1/+1
|
* Add functionality needed to process proxy certificates.Richard Levitte2004-12-281-0/+53
|
* Implement CRL numbers.Richard Levitte2003-06-191-0/+3
| | | | | Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
* Make it possible to have multiple active certificates with the sameRichard Levitte2003-04-031-0/+2
| | | | subject.
* Show an example of moving the emailAddress object from the subkect DNRichard Levitte2001-04-111-0/+3
| | | | to subjectAltName when signing a certificate.
* Add copy_extensions option to 'ca' utility.Dr. Stephen Henson2001-03-161-0/+3
|
* Add 'align' option to nameopt.Dr. Stephen Henson2001-03-151-0/+5
| | | | | | | Add default values for display by the 'ca' utility to openssl.cnf Update docs.
* increase emailAddress_maxBodo Möller2001-03-041-1/+1
|
* Initial automation changes to 'req' and X509_ATTRIBUTE functions.Dr. Stephen Henson2000-01-061-4/+3
|
* Fix some of the command line password stuff. New functionDr. Stephen Henson2000-01-011-1/+3
| | | | | | | that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
* Allow passwords to be included on command line for a fewDr. Stephen Henson1999-12-251-0/+7
| | | | more utilities.
* Continued multibyte character support.Dr. Stephen Henson1999-10-271-0/+11
| | | | | | | Add a bunch of functions to simplify the creation of X509_NAME structures. Change the X509_NAME_entry_add stuff in req/ca so it no longer uses X509_NAME_entry_count(): passing -1 has the same effect.
* Allow extensions to be added to certificate requests, update the sampleDr. Stephen Henson1999-08-251-3/+14
| | | | config file (change RAW to DER).
* consistent styleRalf S. Engelschall1999-08-081-1/+1
|
* Include some notes on basic extension usage and change openssl.cnf to usuallyDr. Stephen Henson1999-05-201-19/+27
| | | | do sensible things with extensions.
* Rename "openssl x509" option "-config" to "-extfile", because itBodo Möller1999-05-171-1/+1
| | | | | doesn't have a default value like the "-config" options of other openssl subprograms.
* Added a comment pointing out the behaviour of "openssl x509 -conf ...",Bodo Möller1999-05-161-0/+7
| | | | which cost me some time to find out about.
* Added support for adding extensions to CRLs, also fix a memory leak andDr. Stephen Henson1999-03-061-0/+9
| | | | | make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well.
* Redo the way 'req' and 'ca' add objects: add support for oid_section.Dr. Stephen Henson1999-02-231-1/+10
|
* Add more functionality to issuer alt name and subject alt name. New optionsDr. Stephen Henson1999-02-211-0/+12
| | | | | to include email addresses from DN and copy details from issuer certificate. Include examples in openssl.cnf, update Win32 ordinals.
* Oops! Remeber to include the other patches this time...Dr. Stephen Henson1999-02-181-0/+6
|
* Add support for raw extensions. This means that you can include the DER encodingDr. Stephen Henson1999-02-141-0/+5
| | | | | | | | of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension.
* More extension code. Incomplete support for subject and issuer altDr. Stephen Henson1999-02-101-0/+5
| | | | | | | name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
* Still more X509 V3 stuff. Modify ca.c to work with the new code and modifyDr. Stephen Henson1999-01-261-11/+36
| | | | openssl.cnf for the new syntax.
* More X509 V3 stuff. Add support for extensions in the 'req' applicationDr. Stephen Henson1999-01-251-0/+9
| | | | | | | so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built.
* First cut of a cleanup for apps/. First the `ssleay' program is now namedRalf S. Engelschall1999-01-021-3/+3
| | | | | | | | | `openssl' and second, the shortcut symlinks for the `openssl <command>' are no longer created. This way we have a single and consistent command line interface `openssl <command>', similar to `cvs <command>'. Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a repository copy, i.e. they still contain the complete file history.
* Import of old SSLeay release: SSLeay 0.9.1b (unreleased)Ralf S. Engelschall1998-12-211-0/+3
|
* Import of old SSLeay release: SSLeay 0.8.1bRalf S. Engelschall1998-12-211-0/+116
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-22 14:49:44 +0100