mirror of https://github.com/openssl/openssl.git
6b93db7bfd
ITU-T X.509 (10/2019) section 9.2.2.3 [1] defines 'contentCommitment' as
the current name for what had previously been called 'nonRepudiation',
and deprecates the old name:
> It is not incorrect to refer to this keyUsage bit using the identifier
> nonRepudiation. However, the use of this identifier has been
> deprecated.
Allow 'contentCommitment' as an alias wherever 'nonRepudiation' has been
accepted before, so that passing
-addext keyUsage=critical,contentCommitment
works as expected.
Add a test that checks that contentCommitment sets the same keyUsage bit
as nonRepudiation. Adjust the docs to mention the available alias name.
[1]: https://www.itu.int/rec/T-REC-X.509-201910-I/en
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28161)
|
||
|---|---|---|
| .. | ||
| config.pod | ||
| fips_config.pod | ||
| x509v3_config.pod | ||