fragattacks/tests/hwsim/auth_serv/ec-ca-openssl.cnf
Jouni Malinen 4113a96bba tests: Complete Suite B 128-bit coverage
Enable BIP-GMAC-128 and enforce Suite B profile for TLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00

112 lines
2.2 KiB
INI

# OpenSSL configuration file for Suite B
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./ec-ca
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
#unique_subject = no
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crlnumber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE = $dir/private/.rand
x509_extensions = ext_client
name_opt = ca_default
cert_opt = ca_default
copy_extensions = copy
default_days = 365
default_crl_days= 30
default_md = default
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
#emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
#emailAddress = optional
[ req ]
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FI
countryName_min = 2
countryName_max = 2
localityName = Locality Name (eg, city)
localityName_default = Helsinki
0.organizationName = Organization Name (eg, company)
0.organizationName_default = w1.fi
commonName = Common Name (e.g. server FQDN or YOUR name)
#@CN@
commonName_max = 64
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, cRLSign, keyCertSign
[ crl_ext ]
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ ext_client ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
#@ALTNAME@
extendedKeyUsage = clientAuth
keyUsage = digitalSignature, keyEncipherment
[ ext_server ]
basicConstraints=critical, CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
#@ALTNAME@
extendedKeyUsage = critical, serverAuth
keyUsage = digitalSignature, keyEncipherment