Software / code / prosody
Annotate
certs/openssl.cnf @ 13744:34ac05f6bd10 13.0
core.configmanager: Fix reporting delayed warnings from global section
A Credential in the global section would be stored at
delayed_warnings["*/secret"], but get("example.com","secret") would look
for delayed_warnings["example.com/secret"]
Storing the warnings in the config itself has the unfortunate
side-effect that the config now contains util.error objects, which may
be awkward if something bypasses get(). Should rawget() also do this
filtering? getconfig() too?
Currently this only affects prosodyctl, so maybe it won't be much of a
problem.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 22 Feb 2025 00:08:18 +0100 |
| parent | 12604:bd9e006a7a74 |
| rev | line source |
|---|---|
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 oid_section = new_oids |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 [ new_oids ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
5350
fba042a2c228
certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication
Kim Alvefur <zash@zash.se>
parents:
4098
diff
changeset
|
5 # RFC 6120 section 13.7.1.4. defines this OID |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 xmppAddr = 1.3.6.1.5.5.7.8.5 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # RFC 4985 defines this OID |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 SRVName = 1.3.6.1.5.5.7.8.7 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 [ req ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 default_bits = 4096 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 default_keyfile = example.com.key |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 distinguished_name = distinguished_name |
|
6922
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
16 req_extensions = certrequest |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
17 x509_extensions = selfsigned |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 # ask about the DN? |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 prompt = no |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 [ distinguished_name ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 commonName = example.com |
|
3704
320738c67100
certs/openssl.cnf: Change countryName from UK to GB
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
25 countryName = GB |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 localityName = The Internet |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 organizationName = Your Organisation |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 organizationalUnitName = XMPP Department |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 emailAddress = xmpp@example.com |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
|
6922
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
31 [ certrequest ] |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 # for certificate requests (req_extensions) |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 basicConstraints = CA:FALSE |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 keyUsage = digitalSignature,keyEncipherment |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 extendedKeyUsage = serverAuth,clientAuth |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 subjectAltName = @subject_alternative_name |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
|
6922
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
40 [ selfsigned ] |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
41 |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
42 # and self-signed certificates (x509_extensions) |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
43 |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
44 basicConstraints = CA:TRUE |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
45 subjectAltName = @subject_alternative_name |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
46 |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 [ subject_alternative_name ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
|
12604
bd9e006a7a74
various: Update IETF RFC URLs for tools.ietf.org transition
Kim Alvefur <zash@zash.se>
parents:
6922
diff
changeset
|
49 # See https://www.rfc-editor.org/rfc/rfc6120.html#section-13.7.1.2 for more info. |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 DNS.0 = example.com |
|
4098
7d687c348295
certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents:
3704
diff
changeset
|
52 otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 DNS.1 = conference.example.com |
|
4098
7d687c348295
certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents:
3704
diff
changeset
|
57 otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com |
