Alon Bar-Lev has uploaded a new change for review. Change subject: pki: cleanup configuration file format ......................................................................
pki: cleanup configuration file format optional patch to cleanup the configuration files into something more consistent Change-Id: I363bec70bb5716010d4a76c8a3aac009c17d91b0 Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M backend/manager/conf/ca/cacert.template.in M backend/manager/conf/ca/cert.template.in M backend/manager/conf/ca/openssl.conf 3 files changed, 36 insertions(+), 32 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/01/13501/1 diff --git a/backend/manager/conf/ca/cacert.template.in b/backend/manager/conf/ca/cacert.template.in index d1856ff..5a19136 100644 --- a/backend/manager/conf/ca/cacert.template.in +++ b/backend/manager/conf/ca/cacert.template.in @@ -1,21 +1,23 @@ RANDFILE = .rnd -[ req ] +[req] + default_bits = rsa:2048 default_keyfile = keys/ca.pem distinguished_name = req_distinguished_name attributes = req_attributes -x509_extensions = v3_ca +x509_extensions = v3_ca prompt = no output_password = NoSoup4U -[ req_attributes ] +[req_attributes] -[ v3_ca ] -subjectKeyIdentifier=hash +[v3_ca] + +subjectKeyIdentifier = hash authorityInfoAccess = caIssuers;URI:@AIA@ -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = critical,CA:true -keyUsage = critical,cRLSign, keyCertSign +keyUsage = critical,cRLSign,keyCertSign -[ req_distinguished_name ] +[req_distinguished_name] diff --git a/backend/manager/conf/ca/cert.template.in b/backend/manager/conf/ca/cert.template.in index 3ddeac5..bb72418 100644 --- a/backend/manager/conf/ca/cert.template.in +++ b/backend/manager/conf/ca/cert.template.in @@ -1,22 +1,24 @@ RANDFILE = .rnd -[ req ] +[req] + default_bits = rsa:2048 default_keyfile = keys/cert.pem distinguished_name = req_distinguished_name attributes = req_attributes -x509_extensions = v3_ca +x509_extensions = v3_ca prompt = no output_password = NoSoup4U -[ req_attributes ] +[req_attributes] -[ v3_ca ] -subjectKeyIdentifier=hash +[v3_ca] + +subjectKeyIdentifier = hash authorityInfoAccess = caIssuers;URI:@AIA@ -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:false -keyUsage=critical,digitalSignature,keyEncipherment -extendedKeyUsage=critical,serverAuth,clientAuth +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = critical,serverAuth,clientAuth -[ req_distinguished_name ] +[req_distinguished_name] diff --git a/backend/manager/conf/ca/openssl.conf b/backend/manager/conf/ca/openssl.conf index b508078..5e6ea0c 100644 --- a/backend/manager/conf/ca/openssl.conf +++ b/backend/manager/conf/ca/openssl.conf @@ -1,13 +1,14 @@ -RANDFILE = .rnd -unique_subject = no +RANDFILE = .rnd +unique_subject = no -[ ca ] -default_ca = CA_default +[ca] -[ CA_default ] +default_ca = CA_default -certs = certs -crl_dir = crl +[CA_default] + +certs = certs +crl_dir = crl database = database.txt new_certs_dir = certs @@ -24,12 +25,11 @@ policy = policy_match -[ policy_match ] -countryName = optional -stateOrProvinceName = optional -organizationName = optional -organizationalUnitName = optional -commonName = optional -emailAddress = optional +[policy_match] - +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional -- To view, visit http://gerrit.ovirt.org/13501 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I363bec70bb5716010d4a76c8a3aac009c17d91b0 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
