lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 01:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenSSL: follow RFC on basicConstraints too (#6018)

Browse Source
This commit is contained in:
kulikov-a 2022-09-13 14:24:54 +03:00 committed by GitHub
parent e4be9320a9
commit f4f05f23d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/etc/ssl/opnsense.cnf
View File

@ -206,11 +206,9 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# basicConstraints (rfc5280): Conforming CAs MUST include this extension in all CA certificates that contain public
# keys used to validate digital signatures on certificates and MUST mark the extension as critical in such certificates.
basicConstraints = critical, CA:true
# keyUsage (rfc5280): Conforming CAs MUST include this extension in certificates that contain public keys
# that are used to validate digital signatures on other public key certificates or CRLs.
# When present, conforming CAs SHOULD mark this extension as critical.