diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-05-22 05:12:18 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-05-22 05:12:18 +0000 |
commit | aa0f5b38aec14428b4b80e06f90ff781f8bca5f1 (patch) | |
tree | 95f3d0c8cb0d59d88900dbbd72110d7ab6e15b2a /testing/hosts/winnetou/etc/openssl/research/openssl.cnf | |
parent | 7c383bc22113b23718be89fe18eeb251942d7356 (diff) | |
download | vyos-strongswan-aa0f5b38aec14428b4b80e06f90ff781f8bca5f1.tar.gz vyos-strongswan-aa0f5b38aec14428b4b80e06f90ff781f8bca5f1.zip |
Import initial strongswan 2.7.0 version into SVN.
Diffstat (limited to 'testing/hosts/winnetou/etc/openssl/research/openssl.cnf')
-rw-r--r-- | testing/hosts/winnetou/etc/openssl/research/openssl.cnf | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf new file mode 100644 index 000000000..b5afd3d2e --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf @@ -0,0 +1,181 @@ +# openssl.cnf - OpenSSL configuration file for the ZHW PKI +# Mario Strasser <mario.strasser@zhwin.ch> +# +# $Id: openssl.cnf,v 1.1 2005/03/24 11:24:07 as Exp $ +# + +# This definitions were set by the ca_init script DO NOT change +# them manualy. +CAHOME = /etc/openssl/research +RANDFILE = $CAHOME/.rand + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +[ new_oids ] +SmartcardLogin = 1.3.6.1.4.1.311.20.2 +ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 + +#################################################################### + +[ ca ] +default_ca = root_ca # The default ca section + +#################################################################### + +[ root_ca ] + +dir = $CAHOME +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/researchCert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/researchKey.pem # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = host_ext # The extentions to add to the cert + +crl_extensions = crl_ext # The extentions to add to the CRL + +default_days = 1825 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering +email_in_dn = no # allow/forbid EMail in DN + +policy = policy_match # specifying how similar the request must look + +#################################################################### + +# the 'match' policy +[ policy_match ] +countryName = match +stateOrProvinceName = optional +localityName = optional +organizationName = match +organizationalUnitName = optional +userId = optional +commonName = supplied +emailAddress = optional + +# the 'anything' policy +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### + +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = ca_ext # The extentions to add to the self signed cert +# req_extensions = v3_req # The extensions to add to a certificate request + + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +#################################################################### + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CH +countryName_min = 2 +countryName_max = 2 + +#stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName_default = ZH + +#localityName = Locality Name (eg, city) +#localityName_default = Winterthur + +organizationName = Organization Name (eg, company) +organizationName_default = Linux strongSwan + +0.organizationalUnitName = Organizational Unit Name (eg, section) +0.organizationalUnitName_default = Research + +#1.organizationalUnitName = Type (eg, Staff) +#1.organizationalUnitName_default = Staff + +#userId = UID + +commonName = Common Name (eg, YOUR name) +commonName_default = $ENV::COMMON_NAME +commonName_max = 64 + +#0.emailAddress = Email Address (eg, foo@bar.com) +#0.emailAddress_min = 0 +#0.emailAddress_max = 40 + +#1.emailAddress = Second Email Address (eg, foo@bar.com) +#1.emailAddress_min = 0 +#1.emailAddress_max = 40 + +#################################################################### + +[ req_attributes ] + +#################################################################### + +[ host_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = DNS:$ENV::COMMON_NAME +#extendedKeyUsage = OCSPSigner +crlDistributionPoints = URI:http://crl.strongswan.org/research.crl + +#################################################################### + +[ user_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = email:$ENV::COMMON_NAME +crlDistributionPoints = URI:http://crl.strongswan.org/research.crl + +#################################################################### + +[ ca_ext ] + +basicConstraints = critical, CA:TRUE +keyUsage = cRLSign, keyCertSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always + +#################################################################### + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +#issuerAltName = issuer:copy +authorityKeyIdentifier = keyid:always, issuer:always + +# eof |