some improvements to support Cisco.
FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5
This commit is contained in:
parent
955ab26a81
commit
9f048da56f
@ -505,9 +505,6 @@ static int wtpman_establish_dtls(void *arg)
|
||||
fwrite(cert.data,1,cert.size,f);
|
||||
|
||||
|
||||
exit(0);
|
||||
|
||||
// dtls_get_peers_cert(cert_len,&cert_len);
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -601,6 +598,7 @@ static void wtpman_run(void *arg)
|
||||
return;
|
||||
}
|
||||
|
||||
exit(0);
|
||||
|
||||
switch (cwrmsg->type){
|
||||
case CWMSG_CHANGE_STATE_EVENT_REQUEST:
|
||||
|
@ -126,6 +126,7 @@ CAPWAPOBJS= \
|
||||
cw_readelem_statistics_timer.o \
|
||||
cw_readelem_mtu_discovery_padding.o \
|
||||
cw_readelem_vendor_specific_payload.o \
|
||||
cw_readelem_capwap_local_ip_addr.o \
|
||||
cw_readelem_wtp_reboot_statistics.o\
|
||||
cwmsg_addelem_vendor_cisco_ap_timesync.o \
|
||||
lw_checksum.o
|
||||
|
@ -38,6 +38,7 @@
|
||||
enum capwapmodes {
|
||||
CWMODE_STD = 0,
|
||||
CWMODE_CISCO,
|
||||
CWMODE_CIPWAP,
|
||||
CWMODE_ZYXEL
|
||||
};
|
||||
|
||||
@ -234,9 +235,17 @@ struct capwap_ctrlhdr
|
||||
WTP Radio Statistics 47
|
||||
*/
|
||||
#define CWMSGELEM_WTP_REBOOT_STATISTICS 48
|
||||
|
||||
#define CWMSGELEM_WTP_STATIC_IP_ADDRESS_INFO 49
|
||||
|
||||
/* WTP Static IP Address Information 49
|
||||
*/
|
||||
|
||||
/* Cisco's CAPWAP definitions (CAPWAP draft 7)*/
|
||||
#define CWMSGELEM_WTP_IPV4_IP_ADDR 42
|
||||
#define CWMSGELEM_WTP_IPV6_IP_ADDR 43
|
||||
|
||||
|
||||
|
||||
/* pseudo message elements, defined for libcapwap */
|
||||
|
||||
|
@ -119,8 +119,12 @@ const char * cw_msgelemtostr(int elem)
|
||||
case CWMSGELEM_WTP_FRAME_TUNNEL_MODE:
|
||||
return "frame tunnel mode";
|
||||
|
||||
case CWMSGELEM_RESERVED_1:
|
||||
/* case CWMSGELEM_RESERVED_1:
|
||||
return "reserved (42)";
|
||||
*/
|
||||
case CWMSGELEM_WTP_IPV4_IP_ADDR:
|
||||
return "WTP IPv4 IP address";
|
||||
|
||||
/*
|
||||
Reserved 43
|
||||
*/
|
||||
|
46
src/capwap/cw_readelem_capwap_local_ip_addr.c
Normal file
46
src/capwap/cw_readelem_capwap_local_ip_addr.c
Normal file
@ -0,0 +1,46 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "capwap.h"
|
||||
|
||||
int cw_readelem_capwap_local_ip_addr(struct sockaddr * local_ip, int type, uint8_t * msgelem, int len)
|
||||
{
|
||||
switch (type){
|
||||
case CWMSGELEM_CAPWAP_LOCAL_IPV4_ADDRESS:
|
||||
case CWMSGELEM_WTP_IPV4_IP_ADDR:
|
||||
{
|
||||
if (len!=4)
|
||||
return -1;
|
||||
struct sockaddr_in * sain = (struct sockaddr_in*)local_ip;
|
||||
memset(sain,0,sizeof(struct sockaddr_in));
|
||||
#ifdef HAVE_SIN_LEN
|
||||
sain->sa_len=sizeof(struct sockaddr_in);
|
||||
#endif
|
||||
memcpy(&sain->sin_addr,msgelem,len);
|
||||
sain->sin_family=AF_INET;
|
||||
return 1;
|
||||
}
|
||||
#ifdef WITH_IPV6
|
||||
case CWMSGELEM_CAPWAP_LOCAL_IPV6_ADDRESS:
|
||||
case CWMSGELEM_WTP_IPV6_IP_ADDR:
|
||||
{
|
||||
if (len!=16)
|
||||
return -1;
|
||||
|
||||
struct sockaddr_in6 * sain = (struct sockaddr_in6*)local_ip;
|
||||
memset(sain,0,sizeof(struct sockaddr_in6));
|
||||
#ifdef HAVE_SIN6_LEN
|
||||
sain->sa_len=sizeof(struct sockaddr_in);
|
||||
#endif
|
||||
memcpy(&sain->sin6_addr,msgelem,len);
|
||||
sain->sin6_family=AF_INET6;
|
||||
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -8,12 +8,15 @@
|
||||
|
||||
void cwmsg_addelem_wtp_board_data(struct cwmsg *cwmsg, struct wtpinfo *wtpinfo)
|
||||
{
|
||||
uint8_t msg[1030];
|
||||
uint8_t msg[512];
|
||||
|
||||
/* vendor identifier */
|
||||
*((uint32_t *) msg) = htonl(wtpinfo->vendor_id);
|
||||
|
||||
int l;
|
||||
int len = 4;
|
||||
|
||||
/* mandatory sub-elements */
|
||||
if (wtpinfo->model_no) {
|
||||
l = bstr_len(wtpinfo->model_no);
|
||||
*((uint32_t *) (msg + len)) = htonl(CWBOARDDATA_MODELNO << 16 | l);
|
||||
@ -22,12 +25,13 @@ void cwmsg_addelem_wtp_board_data(struct cwmsg *cwmsg, struct wtpinfo *wtpinfo)
|
||||
}
|
||||
|
||||
if (wtpinfo->serial_no) {
|
||||
l = strlen((char *) wtpinfo->serial_no);
|
||||
l = bstr_len( wtpinfo->serial_no);
|
||||
*((uint32_t *) (msg + len)) = htonl(CWBOARDDATA_SERIALNO << 16 | l);
|
||||
memcpy(msg + len + 4, wtpinfo->serial_no, l);
|
||||
memcpy(msg + len + 4, bstr_data(wtpinfo->serial_no), l);
|
||||
len += l + 4;
|
||||
}
|
||||
|
||||
/* other sub-elements */
|
||||
if (wtpinfo->macaddress) {
|
||||
*((uint32_t *) (msg + len)) =
|
||||
htonl(CWBOARDDATA_MACADDRESS << 16 | wtpinfo->macaddress_len);
|
||||
|
@ -2,22 +2,27 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "capwap.h"
|
||||
#include "bstr.h"
|
||||
|
||||
|
||||
static inline int wtpdesc_addsubelem(uint8_t * dst,uint8_t type,uint32_t vendorid,uint8_t * str,int len)
|
||||
static inline int wtpdesc_addsubelem(uint8_t * dst,uint8_t type,uint32_t vendorid,uint8_t * str)
|
||||
{
|
||||
// printf("add subelem\n");
|
||||
int l;
|
||||
*((uint32_t*)(dst))=htonl(vendorid);
|
||||
// printf("htonl done\n");
|
||||
if (len==-1)
|
||||
l=strlen((char*)str);
|
||||
else
|
||||
l=len;
|
||||
// if (len==-1)
|
||||
// l=strlen((char*)str);
|
||||
// else
|
||||
// l=len;S
|
||||
|
||||
l = bstr_len(str);
|
||||
|
||||
|
||||
// printf("strlne got %d\n",l);
|
||||
*((uint32_t*)(dst+4))=htonl((type<<16)|l);
|
||||
// printf("memcopy str %d\n",l);
|
||||
memcpy(dst+8,str,l);
|
||||
memcpy(dst+8,bstr_data(str),l);
|
||||
return l+8;
|
||||
}
|
||||
|
||||
@ -31,11 +36,20 @@ void cwmsg_addelem_wtp_descriptor(struct cwmsg * cwmsg, struct wtpinfo * wtpinfo
|
||||
*(d+1)=wtpinfo->radios_in_use;
|
||||
len=2;
|
||||
|
||||
switch (wtpinfo->capwap_mode){
|
||||
case CWMODE_CISCO:
|
||||
*((uint16_t*)(d+len))=0;
|
||||
len+=2;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
/* number of encryption elemnts */
|
||||
// *(d+len)=1;
|
||||
// len+=1;
|
||||
*(d+len)=0;
|
||||
len+=1;
|
||||
// *(d+len)=0;
|
||||
// len+=1;
|
||||
|
||||
/* encryption elements */
|
||||
|
||||
@ -52,20 +66,20 @@ void cwmsg_addelem_wtp_descriptor(struct cwmsg * cwmsg, struct wtpinfo * wtpinfo
|
||||
*/
|
||||
/* software subelem*/
|
||||
len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_SOFTWARE_VERSION,
|
||||
wtpinfo->software_vendor_id,wtpinfo->software_version,-1);
|
||||
wtpinfo->software_vendor_id,wtpinfo->software_version);
|
||||
|
||||
/* hardware subelem*/
|
||||
// len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
|
||||
// wtpinfo->hardware_vendor_id,wtpinfo->hardware_version,2);
|
||||
|
||||
/* len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
|
||||
len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
|
||||
wtpinfo->hardware_vendor_id,wtpinfo->hardware_version);
|
||||
/*
|
||||
len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
|
||||
wtpinfo->hardware_vendor_id,hww,2);
|
||||
*/
|
||||
|
||||
/* bootloader subelem*/
|
||||
/* len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_BOOTLOADER_VERSION,
|
||||
wtpinfo->bootloader_vendor_id,wtpinfo->bootloader_version,-1);
|
||||
len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_BOOTLOADER_VERSION,
|
||||
wtpinfo->bootloader_vendor_id,wtpinfo->bootloader_version);
|
||||
|
||||
|
||||
*/
|
||||
cwmsg_addelem(cwmsg,CWMSGELEM_WTP_DESCRIPTOR,d,len);
|
||||
}
|
||||
|
@ -42,8 +42,11 @@ int cwsend_join_request(struct conn * conn,struct radioinfo * radioinfo,struct w
|
||||
cwmsg_addelem(&cwmsg,CWMSGELEM_WTP_MAC_TYPE,&wtpinfo->mac_type,sizeof(uint8_t));
|
||||
cwmsg_addelem_wtp_radio_infos(&cwmsg,wtpinfo->radioinfo);
|
||||
|
||||
cwmsg_addelem(&cwmsg,CWMSGELEM_ECN_SUPPORT,&wtpinfo->ecn_support,sizeof(uint8_t));
|
||||
cwmsg_addelem_cw_local_ip_addr(&cwmsg,conn);
|
||||
if (wtpinfo->capwap_mode != CWMODE_CISCO){
|
||||
cwmsg_addelem(&cwmsg,CWMSGELEM_ECN_SUPPORT,&wtpinfo->ecn_support,sizeof(uint8_t));
|
||||
cwmsg_addelem_cw_local_ip_addr(&cwmsg,conn);
|
||||
}
|
||||
|
||||
|
||||
uint16_t l = htons(wtpinfo->max_msg_len);
|
||||
cwmsg_addelem(&cwmsg,CWMSGELEM_MAXIMUM_MESSAGE_LENGTH,(uint8_t*)&l,sizeof(l));
|
||||
|
@ -8,9 +8,11 @@
|
||||
int dtls_gnutls_connect(struct conn *conn)
|
||||
{
|
||||
struct dtls_gnutls_data * d;
|
||||
d = dtls_gnutls_data_create(conn,GNUTLS_CLIENT | GNUTLS_DATAGRAM);
|
||||
d = dtls_gnutls_data_create(conn,GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
|
||||
|
||||
// gnutls_dh_set_prime_bits(d->session, 512);
|
||||
gnutls_handshake_set_timeout(d->session,GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
|
||||
|
||||
int rc;
|
||||
do {
|
||||
rc = gnutls_handshake(d->session);
|
||||
@ -22,6 +24,14 @@ int dtls_gnutls_connect(struct conn *conn)
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
cw_dbg(DBG_DTLS,"DTLS - Handshake successful");
|
||||
|
||||
conn->dtls_data=d;
|
||||
conn->read = dtls_gnutls_read;
|
||||
conn->write = dtls_gnutls_write;
|
||||
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -121,7 +121,7 @@ long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
|
||||
|
||||
case BIO_CTRL_DGRAM_QUERY_MTU:
|
||||
{
|
||||
ret = 1400;
|
||||
ret = 1300;
|
||||
break;
|
||||
|
||||
/* sockopt_len = sizeof(sockopt_val);
|
||||
|
@ -70,7 +70,7 @@ static int process_elem(void *eparm,int type,uint8_t* msgelem,int len)
|
||||
if (wtpinfo_readelem_ecn_support(wtpinfo,type,msgelem,len))
|
||||
goto foundX;
|
||||
|
||||
if (wtpinfo_readelem_cw_local_ip_addr(wtpinfo,type,msgelem,len)){
|
||||
if (cw_readelem_capwap_local_ip_addr(wtpinfo,type,msgelem,len)){
|
||||
cw_mand_elem_found(e->mand, XCWMSGELEM_CAPWAP_LOCAL_IP_ADDRESS);
|
||||
return 1;
|
||||
}
|
||||
|
@ -40,6 +40,10 @@ struct wtp_reboot_statistics{
|
||||
|
||||
/* structure to hold info about a wtp */
|
||||
struct wtpinfo{
|
||||
|
||||
int capwap_mode;
|
||||
|
||||
|
||||
uint8_t *ac_name;
|
||||
uint8_t *name;
|
||||
uint8_t * location;
|
||||
|
@ -153,6 +153,12 @@ int read_config(const char * filename){
|
||||
if (str)
|
||||
conf_sslcertfilename=strdup(str);
|
||||
|
||||
|
||||
str = uci_lookup_option_string(ctx,section,"ssl_cipher");
|
||||
if (str)
|
||||
conf_dtls_cipher=strdup(str);
|
||||
|
||||
|
||||
str = uci_lookup_option_string(ctx,section,"vendor_id");
|
||||
if (str)
|
||||
conf_vendor_id=atoi(str);
|
||||
@ -163,6 +169,13 @@ int read_config(const char * filename){
|
||||
bstr_replace(&conf_software_version,s);
|
||||
}
|
||||
|
||||
str = uci_lookup_option_string(ctx,section,"serial_no");
|
||||
if (str){
|
||||
uint8_t * s = bstr_create_from_cfgstr(str);
|
||||
bstr_replace(&conf_serial_no,s);
|
||||
}
|
||||
|
||||
|
||||
str = uci_lookup_option_string(ctx,section,"model_no");
|
||||
if (str){
|
||||
uint8_t * s = bstr_create_from_cfgstr(str);
|
||||
|
@ -46,6 +46,8 @@ int join_state(struct conn * conn)
|
||||
|
||||
struct cwrmsg * cwrmsg = conn_get_message(conn);
|
||||
|
||||
printf("Received %08p\n",cwrmsg);
|
||||
|
||||
// cw_log_debug0("Received message %i",cwrmsg->seqnum);
|
||||
|
||||
if (cwrmsg->type != CWMSG_JOIN_RESPONSE || cwrmsg->seqnum != conn->seqnum){
|
||||
@ -117,15 +119,12 @@ int join(struct sockaddr *sa)
|
||||
sock_addrtostr(sa,str,100);
|
||||
cw_log(LOG_ERR,"Can't establish DTLS connection to %s",str);
|
||||
close(sockfd);
|
||||
exit(0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
exit(0);
|
||||
|
||||
#endif
|
||||
cw_dbg (DBG_DTLS,"DTLS session established with %s, cipher=%s",sock_addr2str(sa),dtls_get_cipher(conn));
|
||||
exit(0);
|
||||
|
||||
|
||||
#ifdef WITH_CW_LOG_DEBUG
|
||||
|
@ -21,6 +21,8 @@
|
||||
#include "capwap/sock.h"
|
||||
#include "capwap/cw_log.h"
|
||||
|
||||
#include "capwap/bstr.h"
|
||||
|
||||
|
||||
char * conf_primary_if=0;
|
||||
char * conf_wtpname=0;
|
||||
@ -69,7 +71,7 @@ uint32_t * conf_hardware_vendor_id;
|
||||
uint8_t * conf_hardware_version;
|
||||
|
||||
uint8_t * conf_model_no;
|
||||
uint8_t * cont_serial_no;
|
||||
uint8_t * conf_serial_no;
|
||||
|
||||
|
||||
LONGSTRS conf_timer_cfgstrs[] = {
|
||||
@ -136,9 +138,10 @@ int wtpconf_name()
|
||||
|
||||
|
||||
char * default_ac_list[] = {
|
||||
"192.168.0.255",
|
||||
// "192.168.0.255",
|
||||
"255.255.255.255",
|
||||
// "224.0.1.140",
|
||||
// "192.168.0.12"
|
||||
};
|
||||
|
||||
int wtpconf_ac_list()
|
||||
@ -198,7 +201,8 @@ int wtpconf_preinit()
|
||||
|
||||
|
||||
conf_vendor_id = CONF_DEFAULT_VENDOR_ID;
|
||||
conf_software_version = bstr_create(CONF_DEFAULT_SOFTWARE_VERSION);
|
||||
conf_software_version = bstr_create_from_cfgstr(CONF_DEFAULT_SOFTWARE_VERSION);
|
||||
conf_serial_no = bstr_create_from_cfgstr(CONF_DEFAULT_SERIAL_NO);
|
||||
|
||||
|
||||
}
|
||||
|
@ -22,7 +22,7 @@ extern uint32_t * conf_hardware_vendor_id;
|
||||
extern uint8_t * conf_hardware_version;
|
||||
|
||||
extern uint8_t * conf_model_no;
|
||||
extern uint8_t * cont_serial_no;
|
||||
extern uint8_t * conf_serial_no;
|
||||
|
||||
|
||||
|
||||
|
@ -13,9 +13,12 @@
|
||||
struct wtpinfo * get_wtpinfo()
|
||||
{
|
||||
struct wtpinfo * wtpinfo;
|
||||
|
||||
|
||||
wtpinfo=malloc(sizeof(struct wtpinfo));
|
||||
memset(wtpinfo,0,sizeof(struct wtpinfo));
|
||||
|
||||
wtpinfo->capwap_mode=CWMODE_CISCO;
|
||||
wtpinfo->name = (uint8_t*)"wtp";
|
||||
wtpinfo->location = (uint8_t*)"Unknown";
|
||||
|
||||
@ -26,7 +29,7 @@ struct wtpinfo * get_wtpinfo()
|
||||
|
||||
}
|
||||
*/
|
||||
wtpinfo->serial_no="123456789";
|
||||
wtpinfo->serial_no=conf_serial_no;
|
||||
wtpinfo->vendor_id=conf_vendor_id;
|
||||
|
||||
wtpinfo->model_no=conf_model_no;
|
||||
|
@ -18,6 +18,10 @@ config 'wtp'
|
||||
option ssl_cert
|
||||
option ssl_key
|
||||
|
||||
# ciphers
|
||||
#
|
||||
option ssl_cipher
|
||||
|
||||
# vendor id
|
||||
# set the vendor id as integer value
|
||||
# default is gnu
|
||||
@ -29,7 +33,7 @@ config 'wtp'
|
||||
|
||||
|
||||
config 'dbg'
|
||||
# defbug options
|
||||
# debug options
|
||||
option dtls 0
|
||||
option dtls_detail 0
|
||||
option dtls_bio 0
|
||||
|
@ -34,7 +34,7 @@ createcert()
|
||||
PREF="$TYPE-"
|
||||
fi
|
||||
$OPENSSL genrsa -out $DIR/$NAME.key $KEYSIZE
|
||||
$OPENSSL req -sha1 -new -key $DIR/$NAME.key -out $DIR/$NAME.req \
|
||||
$OPENSSL req -sha256 -new -key $DIR/$NAME.key -out $DIR/$NAME.req \
|
||||
-subj "$SUBJ"
|
||||
|
||||
|
||||
@ -74,16 +74,22 @@ fi
|
||||
if [ "$TYPE" = "cisco-ap" ]
|
||||
then
|
||||
PREF="$2-"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
|
||||
|
||||
# SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0019dbe09327/emailAddress=support@cisco.com"
|
||||
createcert "$SUBJ"
|
||||
|
||||
openssl req -nodes -new -x509 \
|
||||
-sha1 \
|
||||
-extensions v3_ca \
|
||||
-days 3650 \
|
||||
-newkey rsa:2048 \
|
||||
-keyout certs/${NAME}.key -out certs/${NAME}.crt \
|
||||
-config openssl.cnf \
|
||||
-x509 \
|
||||
-subj "$SUBJ"
|
||||
|
||||
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
||||
|
||||
|
||||
# createcert "$SUBJ"
|
||||
|
||||
|
||||
fi
|
||||
|
@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate field options
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha1 #md5 # use public key default MD
|
||||
default_md = sha256 #md5 # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
@ -237,6 +237,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
subjectKeyIdentifier= hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
authorityInfoAccess=caIssuers;URI:http://my.ca/ca.html
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
|
@ -237,6 +237,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
subjectKeyIdentifier= hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
authorityInfoAccess=caIssuers;URI:http://my.ca/ca.html
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
|
Loading…
Reference in New Issue
Block a user