Google Git
Sign in
flutter / third_party / openssl / c7235be6e36c4bef84594aa3b2f0561db84b63d8^! / . / apps / openssl.cnf
commitc7235be6e36c4bef84594aa3b2f0561db84b63d8[log] [tgz]
authorUlf Möller <ulf@openssl.org>Sun Feb 12 23:11:56 2006 +0000
committerUlf Möller <ulf@openssl.org>Sun Feb 12 23:11:56 2006 +0000
treed304c3d8ac064a1345d64f0e25a1eebf52e564a4
parent1c17d91c53ba73c907e0559d2bb80122dc7a8284 [diff] [blame]
RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index f58a30a..a620b98 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf

@@ -21,12 +21,17 @@
 
 [ new_oids ]
 
-# We can add new OIDs in here for use by 'ca' and 'req'.
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
@@ -206,6 +211,9 @@
 #nsCaPolicyUrl
 #nsSslServerName
 
+# This is required for TSA certificates.
+extendedKeyUsage = critical,timeStamping
+
 [ v3_req ]
 
 # Extensions to add to a certificate request
@@ -310,3 +318,33 @@
 
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./demoCA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)