shuffle for openssl-1.0.0-beta1

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25144 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-27 02:18:56 +00:00
parent b7064afbcf
commit 71ca2c0415
1 changed files with 37 additions and 29 deletions
--- a/lib/hx509/data/openssl.cnf
+++ b/lib/hx509/data/openssl.cnf
@@ -1,6 +1,6 @@
 oid_section             = new_oids

-[ new_oids ]
+[new_oids]
 pkkdcekuoid = 1.3.6.1.5.2.3.5

 [ca]
@@ -13,6 +13,7 @@ serial		= serial
 x509_extensions = usr_cert
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [ocsp]
@@ -21,6 +22,7 @@ serial		= serial
 x509_extensions = ocsp_cert
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [usr_ke]
@@ -29,6 +31,7 @@ serial		= serial
 x509_extensions = usr_cert_ke
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [usr_ds]
@@ -37,6 +40,7 @@ serial		= serial
 x509_extensions = usr_cert_ds
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [pkinit_client]
@@ -45,6 +49,7 @@ serial		= serial
 x509_extensions = pkinit_client_cert
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [pkinit_kdc]
@@ -53,6 +58,7 @@ serial		= serial
 x509_extensions = pkinit_kdc_cert
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [https]
@@ -61,6 +67,7 @@ serial		= serial
 x509_extensions = https_cert
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .

 [subca]
@@ -69,62 +76,63 @@ serial		= serial
 x509_extensions = v3_ca
 default_md=sha1
 policy		= policy_match
+email_in_dn	= no
 certs		= .


-[ req ]
+[req]
 distinguished_name	= req_distinguished_name
 x509_extensions		= v3_ca	# The extentions to add to the self signed cert

 string_mask = utf8only

-[ v3_ca ]
+[v3_ca]

 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints = CA:true
 keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature

-[ usr_cert ]
+[usr_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier	= hash

-[ usr_cert_ke ]
+[usr_cert_ke]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, keyEncipherment
 subjectKeyIdentifier	= hash

-[ proxy_cert ]
+[proxy_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier	= hash
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo

-[pkinitc_princ_name] 
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
+[pkinitc_principals] 
+princ1 = GeneralString:bar

-[ pkinit_client_cert ]
+[pkinitc_principal_seq] 
+name_type = EXP:0,INTEGER:1 
+name_string = EXP:1,SEQUENCE:pkinitc_principals
+
+[pkinitc_princ_name] 
+realm = EXP:0,GeneralString:TEST.H5L.SE
+principal_name = EXP:1,SEQUENCE:pkinitc_principal_seq
+
+[pkinit_client_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier	= hash
 subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name

-[pkinitc_principal_seq] 
-name_type = EXP:0, INTEGER:1 
-name_string = EXP:1, SEQUENCE:pkinitc_principals
-
-[pkinitc_principals] 
-princ1 = GeneralString:bar
-
-[ https_cert ]
+[https_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 #extendedKeyUsage = https-server XXX
 subjectKeyIdentifier	= hash

-[ pkinit_kdc_cert ]
+[pkinit_kdc_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage = pkkdcekuoid
@@ -132,36 +140,36 @@ subjectKeyIdentifier	= hash
 subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name 

 [pkinitkdc_princ_name] 
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
+realm = EXP:0,GeneralString:TEST.H5L.SE
+principal_name = EXP:1,SEQUENCE:pkinitkdc_principal_seq

 [pkinitkdc_principal_seq] 
-name_type = EXP:0, INTEGER:1 
-name_string = EXP:1, SEQUENCE:pkinitkdc_principals
+name_type = EXP:0,INTEGER:1 
+name_string = EXP:1,SEQUENCE:pkinitkdc_principals

 [pkinitkdc_principals] 
 princ1 = GeneralString:krbtgt
 princ2 = GeneralString:TEST.H5L.SE

-[ proxy10_cert ]
+[proxy10_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier	= hash
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo

-[ usr_cert_ds ]
+[usr_cert_ds]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature
 subjectKeyIdentifier	= hash

-[ ocsp_cert ]
+[ocsp_cert]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # ocsp-nocheck and kp-OCSPSigning
 extendedKeyUsage	= 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
 subjectKeyIdentifier	= hash

-[ req_distinguished_name ]
+[req_distinguished_name]
 countryName			= Country Name (2 letter code)
 countryName_default		= SE
 countryName_min			= 2
@@ -172,11 +180,11 @@ organizationalName		= Organizational Unit Name (eg, section)
 commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64

-#[ req_attributes ]
+#[req_attributes]
 #challengePassword              = A challenge password
 #challengePassword_min          = 4
 #challengePassword_max          = 20

-[ policy_match ]
+[policy_match]
 countryName		= match
 commonName		= supplied