From: Nikos Mavrogiannopoulos Date: Mon, 22 Sep 2014 07:53:00 +0000 (+0200) Subject: certtool: updated the extended key usage documentation X-Git-Tag: gnutls_3_4_0~893 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4dd4ba0af7ed1fdd5ac0f6517d83cf8ceabb771b;p=thirdparty%2Fgnutls.git certtool: updated the extended key usage documentation --- diff --git a/src/certtool-args.def b/src/certtool-args.def index ec2d79778b..dc3327315f 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -667,16 +667,9 @@ challenge_password = 123456 # Whether this is a CA certificate or not #ca -# for microsoft smart card logon -# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2 - -### Other predefined key purpose OIDs - -# Whether this certificate will be used for a TLS client -#tls_www_client +#### Key usage -# Whether this certificate will be used for a TLS server -#tls_www_server +# The following key usage flags are used by CAs and end certificates # Whether this certificate will be used to sign data (needed # in TLS DHE ciphersuites). @@ -693,18 +686,51 @@ encryption_key # Whether this key will be used to sign CRLs. #crl_signing_key -# Whether this key will be used to sign code. + +#### Extended key usage (key purposes) + +# The following extensions are used in an end certificate +# to clarify its purpose. Some CAs also use it to indicate +# the types of certificates they are purposed to sign. + +# Whether this certificate will be used for a TLS client; +# this sets the id-kp-serverAuth of extended key usage. +#tls_www_client + +# Whether this certificate will be used for a TLS server; +# This sets the id-kp-clientAuth of extended key usage. +#tls_www_server + +# Whether this key will be used to sign code. This sets the +# id-kp-codeSigning of extended key usage extension. #code_signing_key -# Whether this key will be used to sign OCSP data. +# Whether this key will be used to sign OCSP data. This sets the +# id-kp-OCSPSigning of extended key usage extension. #ocsp_signing_key -# Whether this key will be used for time stamping. +# Whether this key will be used for time stamping. This sets the +# id-kp-timeStamping of extended key usage extension. #time_stamping_key +# Whether this key will be used for email protection. This sets the +# id-kp-emailProtection of extended key usage extension. +#email_protection_key + # Whether this key will be used for IPsec IKE operations. #ipsec_ike_key +## adding custom key purpose OIDs + +# for microsoft smart card logon +# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2 + +# for email protection +# key_purpose_oid = 1.3.6.1.5.5.7.3.4 + +# for any purpose (must not be used in intermediate CA certificates) +# key_purpose_oid = 2.5.29.37.0 + ### end of key purpose OIDs # When generating a certificate from a certificate