openssl/test/test.cnf


####################################################################
[ ca ]
default_ca	= CA_default		# The default ca section

####################################################################
[ CA_default ]

dir		= ./demoCA		# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
new_certs_dir	= $dir/new_certs	# default place for new certs.

certificate	= $dir/CAcert.pem 	# The CA certificate
serial		= $dir/serial 		# The current serial number
crl		= $dir/crl.pem 		# The current CRL
private_key	= $dir/private/CAkey.pem# The private key

default_days	= 365			# how long to certify for
default_crl_days= 30			# how long before next CRL
default_md	= md5			# which md to use.

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy		= policy_match

# For the CA policy
[ policy_match ]
countryName		= match
stateOrProvinceName	= match
organizationName	= match
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

####################################################################
[ req ]
distinguished_name	= req_distinguished_name

# Make altreq be identical to req
[ altreq ]
distinguished_name	= req_distinguished_name
encrypt_rsa_key		= no

[ req_distinguished_name ]
countryName			= C field
countryName_value		= AU
stateOrProvinceName		= SP field
stateOrProvinceName_value	=
localityName			= L field
localityName_value		= Brisbane
organizationName		= O field
organizationName_value		= CryptSoft Pty Ltd
organizationalUnitName		= OU field
organizationalUnitName_value	= .
commonName			= CN field
commonName_value		= Eric Young
emailAddress			= email field
emailAddress_value		= eay@mincom.oz.au

[ dirname_sec ]
C  = UK
O  = My Organization
OU = My Unit
CN = My Name

[ reqexts ]
keyUsage = critical,digitalSignature,keyEncipherment
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
			`####################################################################`
			`[ ca ]`
			`default_ca = CA_default # The default ca section`

			`####################################################################`
			`[ CA_default ]`

			`dir = ./demoCA # Where everything is kept`
			`certs = $dir/certs # Where the issued certs are kept`
			`crl_dir = $dir/crl # Where the issued crl are kept`
			`database = $dir/index.txt # database index file.`
			`new_certs_dir = $dir/new_certs # default place for new certs.`

			`certificate = $dir/CAcert.pem # The CA certificate`
			`serial = $dir/serial # The current serial number`
			`crl = $dir/crl.pem # The current CRL`
			`private_key = $dir/private/CAkey.pem# The private key`

			`default_days = 365 # how long to certify for`
			`default_crl_days= 30 # how long before next CRL`
			`default_md = md5 # which md to use.`

			`# A few difference way of specifying how similar the request should look`
			`# For type CA, the listed attributes must be the same, and the optional`
			`# and supplied fields are just that :-)`
			`policy = policy_match`

			`# For the CA policy`
			`[ policy_match ]`
			`countryName = match`
			`stateOrProvinceName = match`
			`organizationName = match`
			`organizationalUnitName = optional`
			`commonName = supplied`
			`emailAddress = optional`

			`# For the 'anything' policy`
			`# At this point in time, you must list all acceptable 'object'`
			`# types.`
			`[ policy_anything ]`
			`countryName = optional`
			`stateOrProvinceName = optional`
			`localityName = optional`
			`organizationName = optional`
			`organizationalUnitName = optional`
			`commonName = supplied`
			`emailAddress = optional`

			`####################################################################`
			`[ req ]`
			`distinguished_name = req_distinguished_name`

Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`# Make altreq be identical to req`
			`[ altreq ]`
			`distinguished_name = req_distinguished_name`
			`encrypt_rsa_key = no`

Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`[ req_distinguished_name ]`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`countryName = C field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`countryName_value = AU`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`stateOrProvinceName = SP field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`stateOrProvinceName_value =`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`localityName = L field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`localityName_value = Brisbane`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`organizationName = O field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`organizationName_value = CryptSoft Pty Ltd`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`organizationalUnitName = OU field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`organizationalUnitName_value = .`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`commonName = CN field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`commonName_value = Eric Young`
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249) 2020-03-05 03:41:53 +08:00			`emailAddress = email field`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`emailAddress_value = eay@mincom.oz.au`
Fix openssl req with -addext subjectAltName=dirName The syntax check of the -addext fails because the X509V3_CTX is used to lookup the referenced section, but the wrong configuration file is used, where only a default section with all passed in -addext lines is available. Thus it was not possible to use the subjectAltName=dirName:section as an -addext parameter. Probably other extensions as well. This change affects only the syntax check, the real extension was already created with correct parameters. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23669) 2024-02-23 17:32:14 +08:00
			`[ dirname_sec ]`
			`C = UK`
			`O = My Organization`
			`OU = My Unit`
			`CN = My Name`
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions Fixes #11169 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792) 2024-07-04 15:42:00 +08:00
			`[ reqexts ]`
			`keyUsage = critical,digitalSignature,keyEncipherment`