mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
23f3993127
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding mechanism, which makes it dispensable to define a RANDFILE for saving and restoring randomness. This commit removes the RANDFILE declarations from our own configuration files and adds documentation that this option is not needed anymore and retained mainly for compatibility reasons. Fixes #10433 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10436)
41 lines
999 B
INI
41 lines
999 B
INI
#
|
|
# SSLeay example configuration file.
|
|
# This is mostly being used for generation of certificate requests.
|
|
#
|
|
|
|
CN2 = Brother 2
|
|
|
|
####################################################################
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = keySS.pem
|
|
distinguished_name = req_distinguished_name
|
|
encrypt_rsa_key = no
|
|
default_md = sha256
|
|
prompt = no
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = AU
|
|
organizationName = Dodgy Brothers
|
|
0.commonName = Brother 1
|
|
1.commonName = $ENV::CN2
|
|
|
|
[ v3_ee ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid,issuer:always
|
|
basicConstraints = CA:false
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
|
|
[ v3_ee_dsa ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always
|
|
basicConstraints = CA:false
|
|
keyUsage = nonRepudiation, digitalSignature
|
|
|
|
[ v3_ee_ec ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always
|
|
basicConstraints = CA:false
|
|
keyUsage = nonRepudiation, digitalSignature, keyAgreement
|
|
|