|
 |
0bf02d |
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
|
|
|
0bf02d |
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200
|
|
|
0bf02d |
+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200
|
|
|
0bf02d |
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
|
|
|
0bf02d |
my $PKCS12 = "$openssl pkcs12";
|
|
|
0bf02d |
|
|
|
0bf02d |
# default openssl.cnf file has setup as per the following
|
|
|
0bf02d |
-my $CATOP = "./demoCA";
|
|
|
0bf02d |
+my $CATOP = "/etc/pki/CA";
|
|
|
0bf02d |
my $CAKEY = "cakey.pem";
|
|
|
0bf02d |
my $CAREQ = "careq.pem";
|
|
|
0bf02d |
my $CACERT = "cacert.pem";
|
|
|
0bf02d |
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
|
|
|
0bf02d |
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200
|
|
|
0bf02d |
+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200
|
|
|
0bf02d |
@@ -23,6 +23,22 @@ oid_section = new_oids
|
|
|
0bf02d |
# (Alternatively, use a configuration file that has only
|
|
|
0bf02d |
# X.509v3 extensions in its main [= default] section.)
|
|
|
0bf02d |
|
|
|
0bf02d |
+# Load default TLS policy configuration
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+openssl_conf = default_modules
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+[ default_modules ]
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+ssl_conf = ssl_module
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+[ ssl_module ]
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+system_default = crypto_policy
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+[ crypto_policy ]
|
|
|
0bf02d |
+
|
|
|
0bf02d |
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
|
|
|
0bf02d |
+
|
|
|
0bf02d |
[ new_oids ]
|
|
|
0bf02d |
|
|
|
0bf02d |
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
|
|
0bf02d |
@@ -43,7 +59,7 @@ default_ca = CA_default # The default c
|
|
|
0bf02d |
####################################################################
|
|
|
0bf02d |
[ CA_default ]
|
|
|
0bf02d |
|
|
|
0bf02d |
-dir = ./demoCA # Where everything is kept
|
|
|
0bf02d |
+dir = /etc/pki/CA # Where everything is kept
|
|
|
0bf02d |
certs = $dir/certs # Where the issued certs are kept
|
|
|
0bf02d |
crl_dir = $dir/crl # Where the issued crl are kept
|
|
|
0bf02d |
database = $dir/index.txt # database index file.
|
|
|
0bf02d |
@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default
|
|
|
0bf02d |
[ tsa_config1 ]
|
|
|
0bf02d |
|
|
|
0bf02d |
# These are used by the TSA reply generation only.
|
|
|
0bf02d |
-dir = ./demoCA # TSA root directory
|
|
|
0bf02d |
+dir = /etc/pki/CA # TSA root directory
|
|
|
0bf02d |
serial = $dir/tsaserial # The current serial number (mandatory)
|
|
|
0bf02d |
crypto_device = builtin # OpenSSL engine to use for signing
|
|
|
0bf02d |
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|