Add pkinit glue.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17343 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hx509/data/openssl.cnf

@@ -34,6 +34,22 @@ default_md=sha1
 policy		= policy_match
 certs		= .
 
+[pkinit_client]
+database	= index.txt
+serial		= serial
+x509_extensions = pkinit_client_cert
+default_md=sha1
+policy		= policy_match
+certs		= .
+
+[pkinit_kdc]
+database	= index.txt
+serial		= serial
+x509_extensions = pkinit_kdc_cert
+default_md=sha1
+policy		= policy_match
+certs		= .
+
 [subca]
 database	= index.txt
 serial		= serial
@@ -72,6 +88,41 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier	= hash
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:foo
 
+[pkinitc_princ_name] 
+realm = EXP:0, GeneralString:EXAMPLE.ORG
+principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
+
+[ pkinit_client_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier	= hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
+
+[pkinitc_principal_seq] 
+name_type = EXP:0, INTEGER:1 
+name_string = EXP:1, SEQUENCE:pkinitc_principals
+
+[pkinitc_principals] 
+princ1 = GeneralString:bar
+
+[ pkinit_kdc_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier	= hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name 
+
+[pkinitkdc_princ_name] 
+realm = EXP:0, GeneralString:EXAMPLE.ORG
+principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
+
+[pkinitkdc_principal_seq] 
+name_type = EXP:0, INTEGER:1 
+name_string = EXP:1, SEQUENCE:pkinitkdc_principals
+
+[pkinitkdc_principals] 
+princ1 = GeneralString:krbtgt
+princ2 = GeneralString:EXAMPLE.ORG
+
 [ proxy10_cert ]
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment