From 76c7a77d68b5f170b64fedaab7cf0b9ec78fb39b Mon Sep 17 00:00:00 2001 From: Stuart Henderson Date: Wed, 1 Oct 2014 13:19:52 +0000 Subject: openssl.cnf tweaks following recent changes to usr.bin/openssl: - don't define default_bits, allowing the compiled-in default (now 2048 bits) to take priority. - add commented-out default_md line in case somebody needs an easy way to change this. - remove some sample sections which aren't really useful in the default file (/etc/examples is the place for a more descriptive config, this file should be barebones). Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@. --- lib/libcrypto/openssl.cnf | 47 +++-------------------------------------------- 1 file changed, 3 insertions(+), 44 deletions(-) (limited to 'lib/libcrypto') diff --git a/lib/libcrypto/openssl.cnf b/lib/libcrypto/openssl.cnf index bb97b155b8d..8ce83bf90d9 100644 --- a/lib/libcrypto/openssl.cnf +++ b/lib/libcrypto/openssl.cnf @@ -1,41 +1,20 @@ -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = /dev/arandom - -#################################################################### [ req ] -default_bits = 1024 -default_keyfile = privkey.pem +#default_bits = 2048 +#default_md = sha256 +#default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes [ req_distinguished_name ] countryName = Country Name (2 letter code) -#countryName_default = AU countryName_min = 2 countryName_max = 2 - stateOrProvinceName = State or Province Name (full name) -#stateOrProvinceName_default = Some-State - localityName = Locality Name (eg, city) - 0.organizationName = Organization Name (eg, company) -#0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = CryptSoft Pty Ltd - organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - commonName = Common Name (eg, fully qualified host name) commonName_max = 64 - emailAddress = Email Address emailAddress_max = 64 @@ -43,23 +22,3 @@ emailAddress_max = 64 challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 - -unstructuredName = An optional company name - -[ x509v3_extensions ] - -nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem -nsComment = "This is a comment" - -# under ASN.1, the 0 bit would be encoded as 80 -nsCertType = 0x40 - -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName -#nsCertSequence -#nsCertExt -#nsDataType - -- cgit v1.2.3