Search Linux Wireless

Re: [PATCH 1/2] hs20-ca: Update key generation scripts and files.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Ben,

On Tue, Mar 24, 2015 at 5:03 AM,  <greearb@xxxxxxxxxxxxxxx> wrote:
> From: Ben Greear <greearb@xxxxxxxxxxxxxxx>
>
> This lets us properly over-ride the default w1.fi
> related strings in order to properly generate keys
> that can be used by the OCSP process.
>
> Signed-off-by: Ben Greear <greearb@xxxxxxxxxxxxxxx>
> ---
>  hs20/server/ca/openssl.cnf | 12 ++++++------
>  hs20/server/ca/setup.sh    | 42 ++++++++++++++++++++++++++++++------------
>  2 files changed, 36 insertions(+), 18 deletions(-)
>
> diff --git a/hs20/server/ca/openssl.cnf b/hs20/server/ca/openssl.cnf
> index e29e737..c614479 100644
> --- a/hs20/server/ca/openssl.cnf
> +++ b/hs20/server/ca/openssl.cnf
> @@ -117,10 +117,10 @@ subjectKeyIdentifier=hash
>  authorityKeyIdentifier=keyid:always,issuer
>  basicConstraints = critical, CA:true, pathlen:0
>  keyUsage = critical, cRLSign, keyCertSign
> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
> +authorityInfoAccess = OCSP;URI:@OCSP_URI@
>  # For SP intermediate CA
>  #subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
> -#nameConstraints=permitted;DNS:.w1.fi
> +#nameConstraints=permitted;DNS:.@DOMAIN@
>  #1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
>
>  [ v3_osu_server ]
> @@ -184,7 +184,7 @@ extendedKeyUsage = OCSPSigning
>  basicConstraints=CA:FALSE
>  subjectKeyIdentifier=hash
>  authorityKeyIdentifier=keyid,issuer
> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
> +authorityInfoAccess = OCSP;@OCSP_URI@

Are you sure this change is correct? You drop the "URI:" part here but
not above or below.

>  #@ALTNAME@
>  extendedKeyUsage = clientAuth
>
> @@ -194,7 +194,7 @@ extendedKeyUsage = clientAuth
>  basicConstraints=critical, CA:FALSE
>  subjectKeyIdentifier=hash
>  authorityKeyIdentifier=keyid,issuer
> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
> +authorityInfoAccess = OCSP;URI:@OCSP_URI@
>  #@ALTNAME@
>  extendedKeyUsage = critical, serverAuth
>  keyUsage = critical, keyEncipherment

Thanks,

-- 
Julian Calaby

Email: julian.calaby@xxxxxxxxx
Profile: http://www.google.com/profiles/julian.calaby/
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux