Hi Ben, On Tue, Mar 24, 2015 at 5:03 AM, <[email protected]> wrote: > From: Ben Greear <[email protected]> > > This lets us properly over-ride the default w1.fi > related strings in order to properly generate keys > that can be used by the OCSP process. > > Signed-off-by: Ben Greear <[email protected]> > --- > hs20/server/ca/openssl.cnf | 12 ++++++------ > hs20/server/ca/setup.sh | 42 ++++++++++++++++++++++++++++++------------ > 2 files changed, 36 insertions(+), 18 deletions(-) > > diff --git a/hs20/server/ca/openssl.cnf b/hs20/server/ca/openssl.cnf > index e29e737..c614479 100644 > --- a/hs20/server/ca/openssl.cnf > +++ b/hs20/server/ca/openssl.cnf > @@ -117,10 +117,10 @@ subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid:always,issuer > basicConstraints = critical, CA:true, pathlen:0 > keyUsage = critical, cRLSign, keyCertSign > -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/ > +authorityInfoAccess = OCSP;URI:@OCSP_URI@ > # For SP intermediate CA > > #subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample > OSU > -#nameConstraints=permitted;DNS:.w1.fi > +#nameConstraints=permitted;DNS:.@DOMAIN@ > #1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn > > [ v3_osu_server ] > @@ -184,7 +184,7 @@ extendedKeyUsage = OCSPSigning > basicConstraints=CA:FALSE > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid,issuer > -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/ > +authorityInfoAccess = OCSP;@OCSP_URI@
Are you sure this change is correct? You drop the "URI:" part here but not above or below. > #@ALTNAME@ > extendedKeyUsage = clientAuth > > @@ -194,7 +194,7 @@ extendedKeyUsage = clientAuth > basicConstraints=critical, CA:FALSE > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid,issuer > -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/ > +authorityInfoAccess = OCSP;URI:@OCSP_URI@ > #@ALTNAME@ > extendedKeyUsage = critical, serverAuth > keyUsage = critical, keyEncipherment Thanks, -- Julian Calaby Email: [email protected] Profile: http://www.google.com/profiles/julian.calaby/ -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
