diff options
Diffstat (limited to 'testing/hosts')
17 files changed, 162 insertions, 132 deletions
diff --git a/testing/hosts/alice/etc/freeradius/3.0/clients.conf b/testing/hosts/alice/etc/freeradius/3.0/clients.conf new file mode 100644 index 000000000..7fad83c33 --- /dev/null +++ b/testing/hosts/alice/etc/freeradius/3.0/clients.conf @@ -0,0 +1,5 @@ +client moon { + ipaddr = 10.1.0.1 + secret = gv6URkSs + require_message_authenticator = yes +} diff --git a/testing/hosts/alice/etc/freeradius/3.0/radiusd.conf b/testing/hosts/alice/etc/freeradius/3.0/radiusd.conf new file mode 100644 index 000000000..6139bb90f --- /dev/null +++ b/testing/hosts/alice/etc/freeradius/3.0/radiusd.conf @@ -0,0 +1,99 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = /usr +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = /var/log/freeradius +raddbdir = /etc/freeradius/3.0 +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = freeradius + +# Location of config and logfiles. +confdir = ${raddbdir} +modconfdir = ${confdir}/mods-config +certdir = ${sysconfdir}/raddb/certs +cadir = ${sysconfdir}/raddb/certs +run_dir = ${localstatedir}/run/${name} + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# correct_escapes: use correct backslash escaping +correct_escapes = true + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Logging section +log { + destination = files + colourise = yes + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# SECURITY CONFIGURATION +security { + user = freerad + group = freerad + allow_core_dumps = no + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 + auto_limit_acct = no +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/mods-enabled/ +} + +# Policies +policy { + $INCLUDE policy.d/ +} + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/hosts/alice/etc/freeradius/dictionary b/testing/hosts/alice/etc/freeradius/dictionary index 59a874b3e..4c2c7ebb4 100644 --- a/testing/hosts/alice/etc/freeradius/dictionary +++ b/testing/hosts/alice/etc/freeradius/dictionary @@ -11,7 +11,7 @@ # # The filename given here should be an absolute path. # -$INCLUDE /usr/local/share/freeradius/dictionary +$INCLUDE /usr/share/freeradius/dictionary # # Place additional attributes or $INCLUDEs here. They will diff --git a/testing/hosts/alice/etc/freeradius/radiusd.conf b/testing/hosts/alice/etc/freeradius/radiusd.conf index e4f721738..bcdc369d2 100644 --- a/testing/hosts/alice/etc/freeradius/radiusd.conf +++ b/testing/hosts/alice/etc/freeradius/radiusd.conf @@ -101,8 +101,6 @@ thread pool { modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf } # Instantiation diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config index 46b1f0231..cc6f43541 100644 --- a/testing/hosts/default/etc/ssh/sshd_config +++ b/testing/hosts/default/etc/ssh/sshd_config @@ -1,7 +1,7 @@ Port 22 Protocol 2 +Ciphers aes128-gcm@openssh.com HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key UsePrivilegeSeparation no PermitRootLogin yes diff --git a/testing/hosts/default/usr/local/bin/init_collector b/testing/hosts/default/usr/local/bin/init_collector index c522de874..df1462862 100755 --- a/testing/hosts/default/usr/local/bin/init_collector +++ b/testing/hosts/default/usr/local/bin/init_collector @@ -1,4 +1,6 @@ #! /bin/sh cat /usr/local/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/db.d/collector.db +sed -i "s:DEBIAN_VERSION:`cat /etc/debian_version`:" /etc/pts/collector.sql +cat /etc/pts/collector.sql | sqlite3 /etc/db.d/collector.db LEAK_DETECTIVE_DISABLE=1 /usr/local/sbin/sw-collector diff --git a/testing/hosts/venus/etc/default/isc-dhcp-server b/testing/hosts/venus/etc/default/isc-dhcp-server new file mode 100644 index 000000000..57a5c81f9 --- /dev/null +++ b/testing/hosts/venus/etc/default/isc-dhcp-server @@ -0,0 +1,3 @@ +# explicitly set an interface to avoid having to configure and run DHCPv6 +INTERFACESv4="eth0" +INTERFACESv6="" diff --git a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf index 68438a656..e362e138c 100644 --- a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf +++ b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf @@ -2,3 +2,4 @@ AddType text/plain .conf .log .sql .users AddType text/plain .secrets .listall .statusall AddType text/plain .conns .certs .sas .pools .authorities .stats AddType text/plain .policy .state .route .iptables .iptables-save +AddType text/plain .eap .default .inner-tunnel diff --git a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text deleted file mode 100644 index 68438a656..000000000 --- a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text +++ /dev/null @@ -1,4 +0,0 @@ -AddType text/plain .conf .log .sql .users -AddType text/plain .secrets .listall .statusall -AddType text/plain .conns .certs .sas .pools .authorities .stats -AddType text/plain .policy .state .route .iptables .iptables-save diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf index 0772c34ea..fb9e98424 100644 --- a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf +++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf @@ -12,13 +12,7 @@ AddHandler cgi-script .cgi DirectoryIndex ocsp.cgi <Directory "/etc/openssl/ocsp"> Options +ExecCGI - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> + Require all granted </Directory> ErrorLog /var/log/apache2/ocsp/error_log CustomLog /var/log/apache2/ocsp/access_log combined @@ -34,13 +28,7 @@ Listen 8881 DirectoryIndex ocsp.cgi <Directory "/etc/openssl/research/ocsp"> Options +ExecCGI - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> + Require all granted </Directory> ErrorLog /var/log/apache2/ocsp/error_log CustomLog /var/log/apache2/ocsp/access_log combined @@ -56,13 +44,7 @@ Listen 8882 DirectoryIndex ocsp.cgi <Directory "/etc/openssl/sales/ocsp"> Options +ExecCGI - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> + Require all granted </Directory> ErrorLog /var/log/apache2/ocsp/error_log CustomLog /var/log/apache2/ocsp/access_log combined diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf index 260171cfd..b610836fc 100644 --- a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. CAHOME = /etc/openssl/duck RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -154,7 +146,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #################################################################### diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf index d31752e30..ddd94d061 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl/ecdsa +CAHOME = /etc/openssl/ecdsa RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -156,7 +148,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_ec.crl diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf index 5985b5650..170daba56 100644 --- a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. CAHOME = /etc/openssl/monster RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -156,7 +148,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf index 9078b2043..b1ef68a11 100644 --- a/testing/hosts/winnetou/etc/openssl/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl +CAHOME = /etc/openssl RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -157,7 +149,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf index 7099413f0..f5ae64e36 100644 --- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. CAHOME = /etc/openssl/research RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -155,7 +147,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME crlDistributionPoints = URI:http://crl.strongswan.org/research.crl #################################################################### diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf index 12da734aa..11ff172ac 100644 --- a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl/rfc3779 +CAHOME = /etc/openssl/rfc3779 RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -113,12 +105,12 @@ organizationName = Organization Name (eg, company) organizationName_default = Linux strongSwan 0.organizationalUnitName = Organizational Unit Name (eg, section) -0.organizationalUnitName_default = RFC3779 +0.organizationalUnitName_default = RFC3779 #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -173,7 +165,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf index f3ec7e168..f1d080c0b 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl/sales +CAHOME = /etc/openssl/sales RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -155,7 +147,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME crlDistributionPoints = URI:http://crl.strongswan.org/sales.crl #authorityInfoAccess = OCSP;URI:http://ocsp2.strongswan.org:8882 |