diff options
| author |   sthen <sthen@openbsd.org> | 2014-10-01 13:19:51 +0000 |
|---|---|---|
| committer | sthen <sthen@openbsd.org> | 2014-10-01 13:19:51 +0000 |
| commit | 71aa7f57ccdb6b7374a1bf5e92fe3cb682c60837 (patch) | |
| tree | 871f9e56e96b16437319aa4a0268d4a47d672289 | |
| parent | Switch "openssl req" to using SHA256 for hashes and AES256 to encrypt on-disk (diff) | |
| download | wireguard-openbsd-71aa7f57ccdb6b7374a1bf5e92fe3cb682c60837.tar.xz wireguard-openbsd-71aa7f57ccdb6b7374a1bf5e92fe3cb682c60837.zip | |
openssl.cnf tweaks following recent changes to usr.bin/openssl:
- don't define default_bits, allowing the compiled-in default (now 2048
bits) to take priority.
- add commented-out default_md line in case somebody needs an easy way
to change this.
- remove some sample sections which aren't really useful in the default
file (/etc/examples is the place for a more descriptive config, this
file should be barebones).
Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@.
| -rw-r--r-- | lib/libcrypto/openssl.cnf | 47 |
1 files changed, 3 insertions, 44 deletions
diff --git a/lib/libcrypto/openssl.cnf b/lib/libcrypto/openssl.cnf index bb97b155b8d..8ce83bf90d9 100644 --- a/lib/libcrypto/openssl.cnf +++ b/lib/libcrypto/openssl.cnf @@ -1,41 +1,20 @@ -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = /dev/arandom - -#################################################################### [ req ] -default_bits = 1024 -default_keyfile = privkey.pem +#default_bits = 2048 +#default_md = sha256 +#default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes [ req_distinguished_name ] countryName = Country Name (2 letter code) -#countryName_default = AU countryName_min = 2 countryName_max = 2 - stateOrProvinceName = State or Province Name (full name) -#stateOrProvinceName_default = Some-State - localityName = Locality Name (eg, city) - 0.organizationName = Organization Name (eg, company) -#0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = CryptSoft Pty Ltd - organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - commonName = Common Name (eg, fully qualified host name) commonName_max = 64 - emailAddress = Email Address emailAddress_max = 64 @@ -43,23 +22,3 @@ emailAddress_max = 64 challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 - -unstructuredName = An optional company name - -[ x509v3_extensions ] - -nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem -nsComment = "This is a comment" - -# under ASN.1, the 0 bit would be encoded as 80 -nsCertType = 0x40 - -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName -#nsCertSequence -#nsCertExt -#nsDataType - |