X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;ds=sidebyside;f=certs%2Fopenssl.cnf;h=ee17b1cf4960d9e9ab121b679591679cbe5344f5;hb=a80158e16b2d2a83d79148f9aeca7921877492e9;hp=9e72abe4b688bd5e63c41d2e4f8671c3220628d4;hpb=5c6ed1d75c5ce477abf682866c329ffdea2acb8f;p=prosody.git

diff --git a/certs/openssl.cnf b/certs/openssl.cnf
index 9e72abe4..ee17b1cf 100644
--- a/certs/openssl.cnf
+++ b/certs/openssl.cnf
@@ -2,7 +2,7 @@ oid_section = new_oids
 
 [ new_oids ]
 
-# RFC 3920 section 5.1.1 defines this OID
+# RFC 6120 section 13.7.1.4. defines this OID
 xmppAddr = 1.3.6.1.5.5.7.8.5
 
 # RFC 4985 defines this OID
@@ -13,8 +13,8 @@ SRVName  = 1.3.6.1.5.5.7.8.7
 default_bits       = 4096
 default_keyfile    = example.com.key
 distinguished_name = distinguished_name
-req_extensions     = v3_extensions
-x509_extensions    = v3_extensions
+req_extensions     = certrequest
+x509_extensions    = selfsigned
 
 # ask about the DN?
 prompt = no
@@ -22,31 +22,37 @@ prompt = no
 [ distinguished_name ]
 
 commonName             = example.com
-countryName            = UK
+countryName            = GB
 localityName           = The Internet
 organizationName       = Your Organisation
 organizationalUnitName = XMPP Department
 emailAddress           = xmpp@example.com
 
-[ v3_extensions ]
+[ certrequest ]
 
 # for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
 
 basicConstraints = CA:FALSE
 keyUsage         = digitalSignature,keyEncipherment
 extendedKeyUsage = serverAuth,clientAuth
 subjectAltName   = @subject_alternative_name
 
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
 [ subject_alternative_name ]
 
-# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
+# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
 
 DNS.0       =                                           example.com
-otherName.0 =                             xmppAddr;UTF8:example.com
+otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:example.com
 otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
 otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com
 
 DNS.1       =                                conference.example.com
-otherName.3 =                  xmppAddr;UTF8:conference.example.com
+otherName.3 =      xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com