summaryrefslogtreecommitdiff
path: root/usr/src/cmd/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/cmd/openssl')
-rw-r--r--usr/src/cmd/openssl/Makefile.com8
-rw-r--r--usr/src/cmd/openssl/openssl.cnf69
2 files changed, 64 insertions, 13 deletions
diff --git a/usr/src/cmd/openssl/Makefile.com b/usr/src/cmd/openssl/Makefile.com
index 4a1e0f0f24..6aaf9b3e0b 100644
--- a/usr/src/cmd/openssl/Makefile.com
+++ b/usr/src/cmd/openssl/Makefile.com
@@ -2,9 +2,8 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License"). You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
@@ -56,6 +55,7 @@ OBJS = \
pkcs12.o \
pkcs7.o \
pkcs8.o \
+ prime.o \
rand.o \
req.o \
rsa.o \
diff --git a/usr/src/cmd/openssl/openssl.cnf b/usr/src/cmd/openssl/openssl.cnf
index b64999066d..83cb78478c 100644
--- a/usr/src/cmd/openssl/openssl.cnf
+++ b/usr/src/cmd/openssl/openssl.cnf
@@ -1,13 +1,9 @@
#
-# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License"). You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
@@ -22,12 +18,16 @@
#
# CDDL HEADER END
#
-# ident "%Z%%M% %I% %E% SMI"
#
# OpenSSL configuration file for Solaris.
# This is based on the example openssl.cnf file.
#
# This is mostly being used for generation of certificate requests.
+#
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+# Use is subject to license terms.
+#
+# ident "%Z%%M% %I% %E% SMI"
# This definition stops the following lines choking if HOME isn't
# defined.
@@ -93,7 +93,7 @@ cert_opt = ca_default # Certificate field options
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = md5 # which md to use.
+default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
@@ -214,7 +214,7 @@ nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
@@ -285,4 +285,55 @@ basicConstraints = CA:true
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-29 21:15:20 +0000