hostap/tests/hwsim/auth_serv/ec-ca-openssl.cnf - nest-cam/4320010/hostap - Git at Google

 # OpenSSL configuration file for Suite B

 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 oid_section		= new_oids

 [ new_oids ]

 [ ca ]
 default_ca	= CA_default

 [ CA_default ]

 dir		= ./ec-ca
 certs		= $dir/certs
 crl_dir		= $dir/crl
 database	= $dir/index.txt
 #unique_subject	= no
 new_certs_dir	= $dir/newcerts
 certificate	= $dir/cacert.pem
 serial		= $dir/serial
 crlnumber	= $dir/crlnumber
 crl		= $dir/crl.pem
 private_key	= $dir/private/cakey.pem
 RANDFILE	= $dir/private/.rand

 x509_extensions	= ext_client

 name_opt 	= ca_default
 cert_opt 	= ca_default

 copy_extensions = copy

 default_days	= 365
 default_crl_days= 30
 default_md	= default
 preserve	= no

 policy		= policy_match

 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= optional
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 #emailAddress		= optional

 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 #emailAddress		= optional

 [ req ]
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca

 string_mask = utf8only

 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= FI
 countryName_min			= 2
 countryName_max			= 2

 localityName			= Locality Name (eg, city)
 localityName_default		= Helsinki

 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= w1.fi

 commonName			= Common Name (e.g. server FQDN or YOUR name)
 #@CN@
 commonName_max			= 64

 [ req_attributes ]

 [ v3_ca ]

 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = critical, CA:true, pathlen:0
 keyUsage = critical, cRLSign, keyCertSign

 [ crl_ext ]

 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always

 [ ext_client ]

 basicConstraints=CA:FALSE
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 #@ALTNAME@
 extendedKeyUsage = clientAuth
 keyUsage = digitalSignature, keyEncipherment

 [ ext_server ]

 basicConstraints=critical, CA:FALSE
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 #@ALTNAME@
 extendedKeyUsage = critical, serverAuth
 keyUsage = digitalSignature, keyEncipherment
	# OpenSSL configuration file for Suite B

	HOME = .
	RANDFILE = $ENV::HOME/.rnd
	oid_section = new_oids

	[ new_oids ]

	[ ca ]
	default_ca = CA_default

	[ CA_default ]

	dir = ./ec-ca
	certs = $dir/certs
	crl_dir = $dir/crl
	database = $dir/index.txt
	#unique_subject = no
	new_certs_dir = $dir/newcerts
	certificate = $dir/cacert.pem
	serial = $dir/serial
	crlnumber = $dir/crlnumber
	crl = $dir/crl.pem
	private_key = $dir/private/cakey.pem
	RANDFILE = $dir/private/.rand

	x509_extensions = ext_client

	name_opt = ca_default
	cert_opt = ca_default

	copy_extensions = copy

	default_days = 365
	default_crl_days= 30
	default_md = default
	preserve = no

	policy = policy_match

	[ policy_match ]
	countryName = match
	stateOrProvinceName = optional
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	#emailAddress = optional

	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	#emailAddress = optional

	[ req ]
	distinguished_name = req_distinguished_name
	attributes = req_attributes
	x509_extensions = v3_ca

	string_mask = utf8only

	[ req_distinguished_name ]
	countryName = Country Name (2 letter code)
	countryName_default = FI
	countryName_min = 2
	countryName_max = 2

	localityName = Locality Name (eg, city)
	localityName_default = Helsinki

	0.organizationName = Organization Name (eg, company)
	0.organizationName_default = w1.fi

	commonName = Common Name (e.g. server FQDN or YOUR name)
	#@CN@
	commonName_max = 64

	[ req_attributes ]

	[ v3_ca ]

	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid:always,issuer
	basicConstraints = critical, CA:true, pathlen:0
	keyUsage = critical, cRLSign, keyCertSign

	[ crl_ext ]

	# issuerAltName=issuer:copy
	authorityKeyIdentifier=keyid:always

	[ ext_client ]

	basicConstraints=CA:FALSE
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer
	#@ALTNAME@
	extendedKeyUsage = clientAuth
	keyUsage = digitalSignature, keyEncipherment

	[ ext_server ]

	basicConstraints=critical, CA:FALSE
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer
	#@ALTNAME@
	extendedKeyUsage = critical, serverAuth
	keyUsage = digitalSignature, keyEncipherment