mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
23f3993127
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding mechanism, which makes it dispensable to define a RANDFILE for saving and restoring randomness. This commit removes the RANDFILE declarations from our own configuration files and adds documentation that this option is not needed anymore and retained mainly for compatibility reasons. Fixes #10433 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10436)
86 lines
2.5 KiB
INI
86 lines
2.5 KiB
INI
#
|
|
# SSLeay example configuration file.
|
|
# This is mostly being used for generation of certificate requests.
|
|
#
|
|
|
|
####################################################################
|
|
[ ca ]
|
|
default_ca = CA_default # The default ca section
|
|
|
|
####################################################################
|
|
[ CA_default ]
|
|
|
|
dir = ./demoCA # Where everything is kept
|
|
certs = $dir/certs # Where the issued certs are kept
|
|
crl_dir = $dir/crl # Where the issued crl are kept
|
|
database = $dir/index.txt # database index file.
|
|
new_certs_dir = $dir/new_certs # default place for new certs.
|
|
|
|
certificate = $dir/CAcert.pem # The CA certificate
|
|
serial = $dir/serial # The current serial number
|
|
crl = $dir/crl.pem # The current CRL
|
|
private_key = $dir/private/CAkey.pem# The private key
|
|
|
|
default_days = 365 # how long to certify for
|
|
default_crl_days= 30 # how long before next CRL
|
|
default_md = md5 # which md to use.
|
|
|
|
# A few difference way of specifying how similar the request should look
|
|
# For type CA, the listed attributes must be the same, and the optional
|
|
# and supplied fields are just that :-)
|
|
policy = policy_match
|
|
|
|
# For the CA policy
|
|
[ policy_match ]
|
|
countryName = match
|
|
stateOrProvinceName = match
|
|
organizationName = match
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
# For the 'anything' policy
|
|
# At this point in time, you must list all acceptable 'object'
|
|
# types.
|
|
[ policy_anything ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
####################################################################
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = testkey.pem
|
|
distinguished_name = req_distinguished_name
|
|
encrypt_rsa_key = no
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = Country Name (2 letter code)
|
|
countryName_default = AU
|
|
countryName_value = AU
|
|
|
|
stateOrProvinceName = State or Province Name (full name)
|
|
stateOrProvinceName_default = Queensland
|
|
stateOrProvinceName_value =
|
|
|
|
localityName = Locality Name (eg, city)
|
|
localityName_value = Brisbane
|
|
|
|
organizationName = Organization Name (eg, company)
|
|
organizationName_default =
|
|
organizationName_value = CryptSoft Pty Ltd
|
|
|
|
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
organizationalUnitName_default =
|
|
organizationalUnitName_value = .
|
|
|
|
commonName = Common Name (eg, YOUR name)
|
|
commonName_value = Eric Young
|
|
|
|
emailAddress = Email Address
|
|
emailAddress_value = eay@mincom.oz.au
|