]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/CAtsa.cnf
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added an explicit yield (OP_SLEEP) to QUIC testing for cooperative threading.
[thirdparty/openssl.git] / test / CAtsa.cnf
1
2 #
3 # This config is used by the Time Stamp Authority tests.
4 #
5
6 # Comment out the next line to ignore configuration errors
7 config_diagnostics = 1
8
9 # Extra OBJECT IDENTIFIER info:
10 oid_section = new_oids
11
12 TSDNSECT = ts_cert_dn
13 INDEX = 1
14
15 [ new_oids ]
16
17 # Policies used by the TSA tests.
18 tsa_policy1 = 1.2.3.4.1
19 tsa_policy2 = 1.2.3.4.5.6
20 tsa_policy3 = 1.2.3.4.5.7
21
22 #----------------------------------------------------------------------
23 [ ca ]
24 default_ca = CA_default # The default ca section
25
26 [ CA_default ]
27
28 dir = ./demoCA
29 certs = $dir/certs # Where the issued certs are kept
30 database = $dir/index.txt # database index file.
31 new_certs_dir = $dir/newcerts # default place for new certs.
32
33 certificate = $dir/cacert.pem # The CA certificate
34 serial = $dir/serial # The current serial number
35 private_key = $dir/private/cakey.pem# The private key
36
37 default_days = 365 # how long to certify for
38 default_md = sha256 # which md to use.
39 preserve = no # keep passed DN ordering
40
41 policy = policy_match
42
43 # For the CA policy
44 [ policy_match ]
45 countryName = supplied
46 stateOrProvinceName = supplied
47 organizationName = supplied
48 organizationalUnitName = optional
49 commonName = supplied
50 emailAddress = optional
51
52 #----------------------------------------------------------------------
53 [ req ]
54 default_md = sha1
55 distinguished_name = $ENV::TSDNSECT
56 encrypt_rsa_key = no
57 prompt = no
58 # attributes = req_attributes
59 x509_extensions = v3_ca # The extensions to add to the self signed cert
60
61 string_mask = nombstr
62
63 [ ts_ca_dn ]
64 countryName = HU
65 stateOrProvinceName = Budapest
66 localityName = Budapest
67 organizationName = Gov-CA Ltd.
68 commonName = ca1
69
70 [ ts_cert_dn ]
71 countryName = HU
72 stateOrProvinceName = Budapest
73 localityName = Buda
74 organizationName = Hun-TSA Ltd.
75 commonName = tsa$ENV::INDEX
76
77 [ tsa_cert ]
78
79 # TSA server cert is not a CA cert.
80 basicConstraints=CA:FALSE
81
82 # The following key usage flags are needed for TSA server certificates.
83 keyUsage = nonRepudiation, digitalSignature
84 extendedKeyUsage = critical,timeStamping
85
86 # PKIX recommendations harmless if included in all certificates.
87 subjectKeyIdentifier=hash
88 authorityKeyIdentifier=keyid,issuer:always
89
90 [ non_tsa_cert ]
91
92 # This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
93 basicConstraints=CA:FALSE
94
95 # The following key usage flags are needed for TSA server certificates.
96 keyUsage = nonRepudiation, digitalSignature
97 # timeStamping is not supported by this certificate
98 # extendedKeyUsage = critical,timeStamping
99
100 # PKIX recommendations harmless if included in all certificates.
101 subjectKeyIdentifier=hash
102 authorityKeyIdentifier=keyid,issuer:always
103
104 [ v3_req ]
105
106 # Extensions to add to a certificate request
107 basicConstraints = CA:FALSE
108 keyUsage = nonRepudiation, digitalSignature
109
110 [ v3_ca ]
111
112 # Extensions for a typical CA
113
114 subjectKeyIdentifier=hash
115 authorityKeyIdentifier=keyid:always,issuer:always
116 basicConstraints = critical,CA:true
117 keyUsage = cRLSign, keyCertSign
118
119 #----------------------------------------------------------------------
120 [ tsa ]
121
122 default_tsa = tsa_config1 # the default TSA section
123
124 [ tsa_config1 ]
125
126 # These are used by the TSA reply generation only.
127 dir = . # TSA root directory
128 serial = $dir/tsa_serial # The current serial number (mandatory)
129 signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
130 # (optional)
131 certs = $dir/tsaca.pem # Certificate chain to include in reply
132 # (optional)
133 signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
134 signer_digest = sha256 # Signing digest to use. (Optional)
135 default_policy = tsa_policy1 # Policy if request did not specify it
136 # (optional)
137 other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
138 digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
139 accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
140 ordering = yes # Is ordering defined for timestamps?
141 # (optional, default: no)
142 tsa_name = yes # Must the TSA name be included in the reply?
143 # (optional, default: no)
144 ess_cert_id_chain = yes # Must the ESS cert id chain be included?
145 # (optional, default: no)
146 ess_cert_id_alg = sha256 # algorithm to compute certificate
147 # identifier (optional, default: sha256)
148
149 [ tsa_config2 ]
150
151 # This configuration uses a certificate which doesn't have timeStamping usage.
152 # These are used by the TSA reply generation only.
153 dir = . # TSA root directory
154 serial = $dir/tsa_serial # The current serial number (mandatory)
155 signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
156 # (optional)
157 certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
158 # (optional)
159 signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
160 signer_digest = sha256 # Signing digest to use. (Optional)
161 default_policy = tsa_policy1 # Policy if request did not specify it
162 # (optional)
163 other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
164 digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
A mirror of the official openssl repository