summaryrefslogtreecommitdiff
path: root/testing/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'testing/hosts')
-rw-r--r--testing/hosts/alice/etc/freeradius/3.0/clients.conf5
-rw-r--r--testing/hosts/alice/etc/freeradius/3.0/radiusd.conf99
-rw-r--r--testing/hosts/alice/etc/freeradius/dictionary2
-rw-r--r--testing/hosts/alice/etc/freeradius/radiusd.conf2
-rw-r--r--testing/hosts/default/etc/ssh/sshd_config2
-rwxr-xr-xtesting/hosts/default/usr/local/bin/init_collector2
-rw-r--r--testing/hosts/venus/etc/default/isc-dhcp-server3
-rw-r--r--testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf1
-rw-r--r--testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text4
-rw-r--r--testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf24
-rw-r--r--testing/hosts/winnetou/etc/openssl/duck/openssl.cnf20
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf22
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/openssl.cnf20
-rw-r--r--testing/hosts/winnetou/etc/openssl/openssl.cnf22
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/openssl.cnf20
-rw-r--r--testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf24
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/openssl.cnf22
17 files changed, 162 insertions, 132 deletions
diff --git a/testing/hosts/alice/etc/freeradius/3.0/clients.conf b/testing/hosts/alice/etc/freeradius/3.0/clients.conf
new file mode 100644
index 000000000..7fad83c33
--- /dev/null
+++ b/testing/hosts/alice/etc/freeradius/3.0/clients.conf
@@ -0,0 +1,5 @@
+client moon {
+ ipaddr = 10.1.0.1
+ secret = gv6URkSs
+ require_message_authenticator = yes
+}
diff --git a/testing/hosts/alice/etc/freeradius/3.0/radiusd.conf b/testing/hosts/alice/etc/freeradius/3.0/radiusd.conf
new file mode 100644
index 000000000..6139bb90f
--- /dev/null
+++ b/testing/hosts/alice/etc/freeradius/3.0/radiusd.conf
@@ -0,0 +1,99 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = /usr
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = /var/log/freeradius
+raddbdir = /etc/freeradius/3.0
+radacctdir = ${logdir}/radacct
+
+# name of the running server. See also the "-n" command-line option.
+name = freeradius
+
+# Location of config and logfiles.
+confdir = ${raddbdir}
+modconfdir = ${confdir}/mods-config
+certdir = ${sysconfdir}/raddb/certs
+cadir = ${sysconfdir}/raddb/certs
+run_dir = ${localstatedir}/run/${name}
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+# pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+# correct_escapes: use correct backslash escaping
+correct_escapes = true
+
+# max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+# cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+# max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+# hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+# Logging section
+log {
+ destination = files
+ colourise = yes
+ file = ${logdir}/radius.log
+ syslog_facility = daemon
+ stripped_names = no
+ auth = yes
+ auth_badpass = yes
+ auth_goodpass = yes
+}
+
+# The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+# SECURITY CONFIGURATION
+security {
+ user = freerad
+ group = freerad
+ allow_core_dumps = no
+ max_attributes = 200
+ reject_delay = 1
+ status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+ start_servers = 5
+ max_servers = 32
+ min_spare_servers = 3
+ max_spare_servers = 10
+ max_requests_per_server = 0
+ auto_limit_acct = no
+}
+
+# MODULE CONFIGURATION
+modules {
+ $INCLUDE ${confdir}/mods-enabled/
+}
+
+# Policies
+policy {
+ $INCLUDE policy.d/
+}
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/hosts/alice/etc/freeradius/dictionary b/testing/hosts/alice/etc/freeradius/dictionary
index 59a874b3e..4c2c7ebb4 100644
--- a/testing/hosts/alice/etc/freeradius/dictionary
+++ b/testing/hosts/alice/etc/freeradius/dictionary
@@ -11,7 +11,7 @@
#
# The filename given here should be an absolute path.
#
-$INCLUDE /usr/local/share/freeradius/dictionary
+$INCLUDE /usr/share/freeradius/dictionary
#
# Place additional attributes or $INCLUDEs here. They will
diff --git a/testing/hosts/alice/etc/freeradius/radiusd.conf b/testing/hosts/alice/etc/freeradius/radiusd.conf
index e4f721738..bcdc369d2 100644
--- a/testing/hosts/alice/etc/freeradius/radiusd.conf
+++ b/testing/hosts/alice/etc/freeradius/radiusd.conf
@@ -101,8 +101,6 @@ thread pool {
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
- $INCLUDE sql.conf
- $INCLUDE sql/mysql/counter.conf
}
# Instantiation
diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config
index 46b1f0231..cc6f43541 100644
--- a/testing/hosts/default/etc/ssh/sshd_config
+++ b/testing/hosts/default/etc/ssh/sshd_config
@@ -1,7 +1,7 @@
Port 22
Protocol 2
+Ciphers aes128-gcm@openssh.com
HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation no
PermitRootLogin yes
diff --git a/testing/hosts/default/usr/local/bin/init_collector b/testing/hosts/default/usr/local/bin/init_collector
index c522de874..df1462862 100755
--- a/testing/hosts/default/usr/local/bin/init_collector
+++ b/testing/hosts/default/usr/local/bin/init_collector
@@ -1,4 +1,6 @@
#! /bin/sh
cat /usr/local/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/db.d/collector.db
+sed -i "s:DEBIAN_VERSION:`cat /etc/debian_version`:" /etc/pts/collector.sql
+cat /etc/pts/collector.sql | sqlite3 /etc/db.d/collector.db
LEAK_DETECTIVE_DISABLE=1 /usr/local/sbin/sw-collector
diff --git a/testing/hosts/venus/etc/default/isc-dhcp-server b/testing/hosts/venus/etc/default/isc-dhcp-server
new file mode 100644
index 000000000..57a5c81f9
--- /dev/null
+++ b/testing/hosts/venus/etc/default/isc-dhcp-server
@@ -0,0 +1,3 @@
+# explicitly set an interface to avoid having to configure and run DHCPv6
+INTERFACESv4="eth0"
+INTERFACESv6=""
diff --git a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf
index 68438a656..e362e138c 100644
--- a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf
+++ b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf
@@ -2,3 +2,4 @@ AddType text/plain .conf .log .sql .users
AddType text/plain .secrets .listall .statusall
AddType text/plain .conns .certs .sas .pools .authorities .stats
AddType text/plain .policy .state .route .iptables .iptables-save
+AddType text/plain .eap .default .inner-tunnel
diff --git a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text
deleted file mode 100644
index 68438a656..000000000
--- a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text
+++ /dev/null
@@ -1,4 +0,0 @@
-AddType text/plain .conf .log .sql .users
-AddType text/plain .secrets .listall .statusall
-AddType text/plain .conns .certs .sas .pools .authorities .stats
-AddType text/plain .policy .state .route .iptables .iptables-save
diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
index 0772c34ea..fb9e98424 100644
--- a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
+++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
@@ -12,13 +12,7 @@ AddHandler cgi-script .cgi
DirectoryIndex ocsp.cgi
<Directory "/etc/openssl/ocsp">
Options +ExecCGI
- <IfModule mod_authz_core.c>
- Require all granted
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order deny,allow
- Allow from all
- </IfModule>
+ Require all granted
</Directory>
ErrorLog /var/log/apache2/ocsp/error_log
CustomLog /var/log/apache2/ocsp/access_log combined
@@ -34,13 +28,7 @@ Listen 8881
DirectoryIndex ocsp.cgi
<Directory "/etc/openssl/research/ocsp">
Options +ExecCGI
- <IfModule mod_authz_core.c>
- Require all granted
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order deny,allow
- Allow from all
- </IfModule>
+ Require all granted
</Directory>
ErrorLog /var/log/apache2/ocsp/error_log
CustomLog /var/log/apache2/ocsp/access_log combined
@@ -56,13 +44,7 @@ Listen 8882
DirectoryIndex ocsp.cgi
<Directory "/etc/openssl/sales/ocsp">
Options +ExecCGI
- <IfModule mod_authz_core.c>
- Require all granted
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order deny,allow
- Allow from all
- </IfModule>
+ Require all granted
</Directory>
ErrorLog /var/log/apache2/ocsp/error_log
CustomLog /var/log/apache2/ocsp/access_log combined
diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
index 260171cfd..b610836fc 100644
--- a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
CAHOME = /etc/openssl/duck
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -154,7 +146,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
####################################################################
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
index d31752e30..ddd94d061 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
-CAHOME = /etc/openssl/ecdsa
+CAHOME = /etc/openssl/ecdsa
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -156,7 +148,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_ec.crl
diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
index 5985b5650..170daba56 100644
--- a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
CAHOME = /etc/openssl/monster
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -156,7 +148,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl
diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf
index 9078b2043..b1ef68a11 100644
--- a/testing/hosts/winnetou/etc/openssl/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
-CAHOME = /etc/openssl
+CAHOME = /etc/openssl
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -157,7 +149,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
index 7099413f0..f5ae64e36 100644
--- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
CAHOME = /etc/openssl/research
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -155,7 +147,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
crlDistributionPoints = URI:http://crl.strongswan.org/research.crl
####################################################################
diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
index 12da734aa..11ff172ac 100644
--- a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
-CAHOME = /etc/openssl/rfc3779
+CAHOME = /etc/openssl/rfc3779
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -113,12 +105,12 @@ organizationName = Organization Name (eg, company)
organizationName_default = Linux strongSwan
0.organizationalUnitName = Organizational Unit Name (eg, section)
-0.organizationalUnitName_default = RFC3779
+0.organizationalUnitName_default = RFC3779
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -173,7 +165,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl
diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
index f3ec7e168..f1d080c0b 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
@@ -1,19 +1,11 @@
-# openssl.cnf - OpenSSL configuration file for the ZHW PKI
-# Mario Strasser <mario.strasser@zhwin.ch>
-#
+# openssl.cnf - OpenSSL configuration file
+#
# This definitions were set by the ca_init script DO NOT change
# them manually.
-CAHOME = /etc/openssl/sales
+CAHOME = /etc/openssl/sales
RANDFILE = $CAHOME/.rand
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-
-[ new_oids ]
-SmartcardLogin = 1.3.6.1.4.1.311.20.2
-ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
-
####################################################################
[ ca ]
@@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section
####################################################################
-[ root_ca ]
+[ root_ca ]
dir = $CAHOME
certs = $dir/certs # Where the issued certs are kept
@@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
@@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan
#1.organizationalUnitName = Type (eg, Staff)
#1.organizationalUnitName_default = Staff
-#userId = UID
+#userId = UID
commonName = Common Name (eg, YOUR name)
commonName_default = $ENV::COMMON_NAME
@@ -155,7 +147,7 @@ basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = email:$ENV::COMMON_NAME
+subjectAltName = email:$ENV::COMMON_NAME
crlDistributionPoints = URI:http://crl.strongswan.org/sales.crl
#authorityInfoAccess = OCSP;URI:http://ocsp2.strongswan.org:8882