2
0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
openssl/test/v3_ca_exts.cnf
Dr. David von Oheimb 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic
by adding CA basic constraints, CA key usage, and key IDs to the cert
and by add -partial_chain to the verify call that trusts this cert

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00

6 lines
126 B
INI

basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always