Implement self-signing in 'openssl ca'. This makes it easier to have the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.

commit: 16b1b03543fc6362f9e48f1bd9d4b153ea58c553 [log] [tgz]
author: Richard Levitte <levitte@openssl.org> Thu Apr 03 22:33:59 2003 +0000
committer: Richard Levitte <levitte@openssl.org> Thu Apr 03 22:33:59 2003 +0000
tree: a7d45496f96476ba095e385f7a3502dde1f9b6b7
parent: e6526fbf4dc894d71ae3517a1ba484475b79b402 [diff] [blame]
diff --git a/CHANGES b/CHANGES
index 0d76770..66870e6 100644
--- a/CHANGES
+++ b/CHANGES

@@ -4,6 +4,13 @@
 
  Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
 
+  *) Make it possible to create self-signed certificates with 'openssl ca'
+     in such a way that the self-signed certificate becomes part of the
+     CA database and uses the same mechanisms for serial number generation
+     as all other certificate signing.  The new flag '-selfsign' enables
+     this functionality.  Adapt CA.sh and CA.pl.in.
+     [Richard Levitte]
+
   *) Add functionality to check the public key of a certificate request
      against a given private.  This is useful to check that a certificate
      request can be signed by that key (self-signing).
commit	16b1b03543fc6362f9e48f1bd9d4b153ea58c553	[log] [tgz]
author	Richard Levitte <levitte@openssl.org>	Thu Apr 03 22:33:59 2003 +0000
committer	Richard Levitte <levitte@openssl.org>	Thu Apr 03 22:33:59 2003 +0000
tree	a7d45496f96476ba095e385f7a3502dde1f9b6b7
parent	e6526fbf4dc894d71ae3517a1ba484475b79b402 [diff] [blame]