mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
21f7a09ca2
Creating JDK compatible pkcs12 files requires a bit more than just adding the Trusted Key Usage OID to a certbag in the pkcs12 file. Additionally the JDK currently requires that pkcs12 files setting this oid _not_ contain any additional keys, and in response will produce unpredictable results. This could be solved by implying --nokeys when the pkcs12 utility is run and the config option is set, but thatcould confuse users who didn't specify nokeys on the command line. As such, remove the config file setting for this feature, and replace it with a -jdktrust command line option, that is documented to assert nokeys when a users specifies the new command line option. Fixes #22215 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22422) |
||
|---|---|---|
| .. | ||
| demoSRP | ||
| include | ||
| lib | ||
| asn1parse.c | ||
| build.info | ||
| ca-cert.srl | ||
| ca-key.pem | ||
| ca-req.pem | ||
| ca.c | ||
| CA.pl.in | ||
| cert.pem | ||
| ciphers.c | ||
| client.pem | ||
| cmp.c | ||
| cms.c | ||
| crl2pkcs7.c | ||
| crl.c | ||
| ct_log_list.cnf | ||
| dgst.c | ||
| dhparam.c | ||
| dsa512.pem | ||
| dsa1024.pem | ||
| dsa-ca.pem | ||
| dsa-pca.pem | ||
| dsa.c | ||
| dsap.pem | ||
| dsaparam.c | ||
| ec.c | ||
| ecparam.c | ||
| enc.c | ||
| engine.c | ||
| errstr.c | ||
| fipsinstall.c | ||
| gendsa.c | ||
| genpkey.c | ||
| genrsa.c | ||
| info.c | ||
| insta.ca.crt | ||
| kdf.c | ||
| list.c | ||
| mac.c | ||
| nseq.c | ||
| ocsp.c | ||
| openssl-vms.cnf | ||
| openssl.c | ||
| openssl.cnf | ||
| passwd.c | ||
| pca-cert.srl | ||
| pca-key.pem | ||
| pca-req.pem | ||
| pkcs7.c | ||
| pkcs8.c | ||
| pkcs12.c | ||
| pkey.c | ||
| pkeyparam.c | ||
| pkeyutl.c | ||
| prime.c | ||
| privkey.pem | ||
| progs.pl | ||
| rand.c | ||
| rehash.c | ||
| req.c | ||
| req.pem | ||
| rsa8192.pem | ||
| rsa.c | ||
| rsautl.c | ||
| s512-key.pem | ||
| s512-req.pem | ||
| s1024key.pem | ||
| s1024req.pem | ||
| s_client.c | ||
| s_server.c | ||
| s_time.c | ||
| server2.pem | ||
| server.pem | ||
| server.srl | ||
| sess_id.c | ||
| smime.c | ||
| speed.c | ||
| spkac.c | ||
| srp.c | ||
| storeutl.c | ||
| testCA.pem | ||
| testdsa.h | ||
| testrsa.h | ||
| timeouts.h | ||
| ts.c | ||
| tsget.in | ||
| verify.c | ||
| version.c | ||
| vms_decc_init.c | ||
| x509.c | ||