commit c79b16e11d70488f4de0e766d78f6a5ce77d99af
author Dr. Stephen Henson <steve@openssl.org> Wed Aug 25 16:59:26 1999 +0000
committer Dr. Stephen Henson <steve@openssl.org> Wed Aug 25 16:59:26 1999 +0000
tree fad4e8d20108152d2d0a12229e4d92ad560a0c17
parent 43ca6c02dc702b8fff20205ec62ec03eed77eb1b

Allow extensions to be added to certificate requests, update the sample
config file (change RAW to DER).

apps/openssl.cnf

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index d70dd25..8d044fb 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -86,6 +86,8 @@
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
+# req_extensions = v3_req # The extensions to add to a certificate request
+
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= AU
@@ -170,8 +172,16 @@
 #nsCaPolicyUrl
 #nsSslServerName
 
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
 [ v3_ca ]
 
+
 # Extensions for a typical CA
 
 
@@ -200,10 +210,11 @@
 # Copy issuer details
 # issuerAltName=issuer:copy
 
-# RAW DER hex encoding of an extension: beware experts only!
-# 1.2.3.5=RAW:02:03
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
 # You can even override a supported extension:
-# basicConstraints= critical, RAW:30:03:01:01:FF
+# basicConstraints= critical, DER:30:03:01:01:FF
 
 [ crl_ext ]