Imported Upstream version 3.10.2+dfsg

2017-05-11 14:01:41 +02:00
commit 1893aafd38
715 changed files with 248801 additions and 0 deletions
--- a/certs/renewcerts/wolfssl.cnf
+++ b/certs/renewcerts/wolfssl.cnf
@@ -0,0 +1,170 @@
+#
+# wolfssl configuration file
+#
+HOME        = .
+RANDFILE    = $ENV::HOME/.rnd
+
+oid_section = new_oids
+
+[ new_oids ]
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca  = CA_default        # The default ca section
+
+####################################################################
+[ CA_default ]
+
+####################################################################
+# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY               #
+#                                                                  #
+dir             = $HOME./..                                        #
+####################################################################
+
+certs            = $dir/certs                 # Where the issued certs are kept
+crl_dir          = $dir/certs/crl             # Where the issued crl are kept
+database         = $dir/certs/crl/demoCA/index.txt # database index file.
+
+new_certs_dir    = $dir/certs                 # default place for new certs.
+
+certificate      = $dir/certs/ca-cert.pem     # The CA certificate
+serial           = $dir/certs/serial          # The current serial number
+crlnumber        = $dir/certs/crl/crlnumber   # the current crl number
+
+crl              = $dir/certs/crl/crl.pem     # The current CRL
+private_key      = $dir/certs/ca-key.pem      # The private key
+RANDFILE         = $dir/certs/private/.rand   # private random number file
+
+x509_extensions  = usr_cert                   # The extentions to add to the cert
+
+name_opt         = ca_default                 # Subject Name options
+cert_opt         = ca_default                 # Certificate field options
+
+default_days     = 1000                       # how long to certify for
+default_crl_days = 30                         # how long before next CRL
+default_md       = default                    # use public key default MD
+preserve         = no                         # keep passed DN ordering
+policy           = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# For the 'anything' policy
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# default req
+[ req ]
+default_bits            = 2048
+default_keyfile         = privkey.pem
+distinguished_name      = req_distinguished_name
+attributes              = req_attributes
+x509_extensions         = v3_ca  # The extentions to add to the self signed cert
+string_mask             = utf8only
+
+#default req_dist_name
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = US
+countryName_min                 = 2
+countryName_max                 = 2
+
+stateOrProvinceName             = State or Province Name (full name)
+stateOrProvinceName_default     = Montana
+
+localityName                    = Locality Name (eg, city)
+localityName_default            = Bozeman
+
+0.organizationName              = Organization Name (eg, company)
+0.organizationName_default      = Sawtooth
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+organizationalUnitName_default  = Consulting
+
+commonName                      = Common Name (e.g. server FQDN or YOUR name)
+commonName_default              = www.wolfssl.com
+commonName_max                  = 64
+
+emailAddress                    = Email Address
+emailAddress_default            = info@wolfssl.com
+emailAddress_max                = 64
+
+#default req_attr
+[ req_attributes ]
+challengePassword               = A challenge password
+challengePassword_min           = 4
+challengePassword_max           = 20
+unstructuredName                = An optional company name
+
+# These extensions are added when 'ca' signs a request.
+[ usr_cert ]
+basicConstraints=CA:FALSE
+nsComment            = "wolfSSL Generated Certificate using openSSL command line utility."
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+#wolfssl extensions
+[wolfssl_opts]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true
+
+# Extensions to add to a certificate request
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# Extensions for a typical CA
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+
+# CRL extensions.
+[ crl_ext ]
+authorityKeyIdentifier=keyid:always
+
+# These extensions should be added when creating a proxy certificate
+[ proxy_cert_ext ]
+basicConstraints=CA:FALSE
+nsComment            = "wolfSSL Generated Certificate using openSSL command line utility"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+#tsa default
+[ tsa ]
+default_tsa = tsa_config1
+
+# These are used by the TSA reply generation only.
+[ tsa_config1 ]
+dir                     = ./demoCA                              # directory
+serial                  = $dir/tsaserial                        # (mandatory)
+crypto_device           = builtin                               # engine
+signer_cert             = $dir/tsacert.pem                      # certificate
+certs                   = $dir/cacert.pem                       # chain
+signer_key              = $dir/private/tsakey.pem               # (optional)
+default_policy          = tsa_policy1                           # Policy
+other_policies          = tsa_policy2, tsa_policy3              # (optional)
+digests                 = md5, sha1                             # (mandatory)
+accuracy                = secs:1, millisecs:500, microsecs:100  # (optional)
+clock_precision_digits  = 0                                     # (optional)
+ordering                = yes                                   # timestamps?
+tsa_name                = yes                                   # include?
+ess_cert_id_chain       = no                                    # include chain?