From 37dccd8ff297bfbab6edc75f9ba9862ae85a81fc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 16 Nov 2004 17:45:13 +0000 Subject: [PATCH] Update X509v3 docs. --- doc/apps/x509v3_config.pod | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index b19f52136c..304fe532c8 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -164,6 +164,8 @@ The email option include a special 'copy' value. This will automatically include and email addresses contained in the certificate subject name in the extension. +The IP address used in the B options can be in either IPv4 or IPv6 format. + The value of B should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by preceeding the name with a B<+> character. @@ -175,6 +177,8 @@ ASN1_generate_nconf() format. Examples: subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ + subjectAltName=IP:192.168.7.1 + subjectAltName=IP:13::17 subjectAltName=email:my@other.address,RID:1.2.3.4 subjectAltName=otherName:1.2.3.4;UTF8:some other identifier @@ -284,6 +288,25 @@ The B option changes the type of the I field. In RFC2459 it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible. Some software (for example some versions of MSIE) may require ia5org. +=head2 Policy Constraints + +This is a multi-valued extension which consisting of the names +B or B and a non negative intger +value. At least one component must be present. + +Example: + + policyConstraints = requireExplicitPolicy:3 + + +=head2 Inhibit Any Policy + +This is a string extension whose value must be a non negative integer. + +Example: + + inhibitAnyPolicy = 2 + =head1 DEPRECATED EXTENSIONS