cf/largefile.m4: Fix build with autoconf-2.72

[heimdal.git] / lib / hx509 / data / openssl.1.0.cnf

oid_section             = new_oids

[new_oids]
pkkdcekuoid = 1.3.6.1.5.2.3.5

[ca]

default_ca = user

[usr]
database        = index.txt
serial          = serial
x509_extensions = usr_cert
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[ocsp]
database        = index.txt
serial          = serial
x509_extensions = ocsp_cert
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[usr_ke]
database        = index.txt
serial          = serial
x509_extensions = usr_cert_ke
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[usr_ds]
database        = index.txt
serial          = serial
x509_extensions = usr_cert_ds
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[pkinit_client]
database        = index.txt
serial          = serial
x509_extensions = pkinit_client_cert
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[pkinit_kdc]
database        = index.txt
serial          = serial
x509_extensions = pkinit_kdc_cert
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[https]
database        = index.txt
serial          = serial
x509_extensions = https_cert
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .

[subca]
database        = index.txt
serial          = serial
x509_extensions = v3_ca
default_md=sha1
policy          = policy_match
email_in_dn     = no
certs           = .


[req]
distinguished_name      = req_distinguished_name
x509_extensions         = v3_ca # The extensions to add to the self signed cert

string_mask = utf8only

[v3_ca]

subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature

[usr_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier    = hash

[usr_cert_ke]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, keyEncipherment
subjectKeyIdentifier    = hash

[proxy_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier    = hash
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo

[pkinitc_principals] 
princ1 = GeneralString:bar

[pkinitc_principal_seq] 
name_type = EXP:0,INTEGER:1 
name_string = EXP:1,SEQUENCE:pkinitc_principals

[pkinitc_princ_name] 
realm = EXP:0,GeneralString:TEST.H5L.SE
principal_name = EXP:1,SEQUENCE:pkinitc_principal_seq

[pkinit_client_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier    = hash
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name

[https_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage = https-server XXX
subjectKeyIdentifier    = hash

[pkinit_kdc_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = pkkdcekuoid
subjectKeyIdentifier    = hash
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name 

[pkinitkdc_princ_name] 
realm = EXP:0,GeneralString:TEST.H5L.SE
principal_name = EXP:1,SEQUENCE:pkinitkdc_principal_seq

[pkinitkdc_principal_seq] 
name_type = EXP:0,INTEGER:1 
name_string = EXP:1,SEQUENCE:pkinitkdc_principals

[pkinitkdc_principals] 
princ1 = GeneralString:krbtgt
princ2 = GeneralString:TEST.H5L.SE

[proxy10_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier    = hash
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo

[usr_cert_ds]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature
subjectKeyIdentifier    = hash

[ocsp_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# ocsp-nocheck and kp-OCSPSigning
extendedKeyUsage        = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
subjectKeyIdentifier    = hash

[req_distinguished_name]
countryName                     = Country Name (2 letter code)
countryName_default             = SE
countryName_min                 = 2
countryName_max                 = 2

organizationalName              = Organizational Unit Name (eg, section)

commonName                      = Common Name (eg, YOUR name)
commonName_max                  = 64

#[req_attributes]
#challengePassword              = A challenge password
#challengePassword_min          = 4
#challengePassword_max          = 20

[policy_match]
countryName             = match
commonName              = supplied