>From bb85febccecc483e720f5e6ee996ec6bce6f9018 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Mon, 16 Jun 2014 02:58:07 -0400 Subject: [PATCH] Add EKU constraint to all relevant profiles To support changing ExtendedKeyUsageExtDefault to copy ExtendedKeyUsage information when present in a signing request, update all profiles that use ExtendedKeyUsageExtDefault to have a corresponding constraint. This will preserve the existing behaviour where only EKU purposes configured for the default can appear in the certificate. --- base/ca/shared/profiles/ca/AdminCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/DomainController.cfg | 6 ++++-- base/ca/shared/profiles/ca/caAdminCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caAgentFileSigning.cfg | 6 ++++-- base/ca/shared/profiles/ca/caAgentServerCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caCMCUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caDirPinUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caDirUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caDualCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caDualRAuserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caECDirUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caECDualCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caECUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caEncECUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caEncUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caFullCMCUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caIPAserviceCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caOtherCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caRACert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caRARouterCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caRAagentCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caRAserverCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caRouterCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caServerCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caStorageCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caSubsystemCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caTPSCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg | 6 ++++-- base/ca/shared/profiles/ca/caTransportCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caUserCert.cfg | 6 ++++-- base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg | 6 ++++-- 37 files changed, 148 insertions(+), 74 deletions(-) diff --git a/base/ca/shared/profiles/ca/AdminCert.cfg b/base/ca/shared/profiles/ca/AdminCert.cfg index a54a1b75594c95c5922768ee949a4a10808b43d2..506367558f535e9d5b5f37b610760b75ad24f287 100644 --- a/base/ca/shared/profiles/ca/AdminCert.cfg +++ b/base/ca/shared/profiles/ca/AdminCert.cfg @@ -72,8 +72,10 @@ policyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false policyset.adminCertSet.6.default.params.keyUsageCrlSign=false policyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false policyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.adminCertSet.7.constraint.class_id=noConstraintImpl -policyset.adminCertSet.7.constraint.name=No Constraint +policyset.adminCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.adminCertSet.7.constraint.name=Extended Key Usage Extension +policyset.adminCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.adminCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.adminCertSet.7.default.name=Extended Key Usage Extension Default policyset.adminCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/DomainController.cfg b/base/ca/shared/profiles/ca/DomainController.cfg index 81cba321421acef2adc12389def815475481ab60..81d2bb5697f26840216d91a26733bb5967a933b5 100644 --- a/base/ca/shared/profiles/ca/DomainController.cfg +++ b/base/ca/shared/profiles/ca/DomainController.cfg @@ -84,8 +84,10 @@ policyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.loca policyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2 policyset.set1.5.default.params.authInfoAccessCritical=false policyset.set1.5.default.params.authInfoAccessNumADs=1 -policyset.set1.eku.constraint.class_id=noConstraintImpl -policyset.set1.eku.constraint.name=No Constraint +policyset.set1.eku.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.set1.eku.constraint.name=Extended Key Usage Extension +policyset.set1.eku.constraint.params.exKeyUsageCritical=false +policyset.set1.eku.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 policyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl policyset.set1.eku.default.name=Extended Key Usage Extension Default policyset.set1.eku.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caAdminCert.cfg b/base/ca/shared/profiles/ca/caAdminCert.cfg index cd2970397caaba6799bc563497da54f98ac2234d..9384e05b214b5044feb657e16607800d62e5d39b 100644 --- a/base/ca/shared/profiles/ca/caAdminCert.cfg +++ b/base/ca/shared/profiles/ca/caAdminCert.cfg @@ -73,8 +73,10 @@ policyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false policyset.adminCertSet.6.default.params.keyUsageCrlSign=false policyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false policyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.adminCertSet.7.constraint.class_id=noConstraintImpl -policyset.adminCertSet.7.constraint.name=No Constraint +policyset.adminCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.adminCertSet.7.constraint.name=Extended Key Usage Extension +policyset.adminCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.adminCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.adminCertSet.7.default.name=Extended Key Usage Extension Default policyset.adminCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caAgentFileSigning.cfg b/base/ca/shared/profiles/ca/caAgentFileSigning.cfg index 26eb171b0aad807d70d10a8c655e166e2d6bc7be..4d85bcaeccbc4fefc4f259ba802d364c1544cd56 100644 --- a/base/ca/shared/profiles/ca/caAgentFileSigning.cfg +++ b/base/ca/shared/profiles/ca/caAgentFileSigning.cfg @@ -72,8 +72,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caAgentServerCert.cfg b/base/ca/shared/profiles/ca/caAgentServerCert.cfg index 9543383301e725513fd2f2bb79e70f0709c7deb8..72b55fc917012996307fc62eb361760ebdb60048 100644 --- a/base/ca/shared/profiles/ca/caAgentServerCert.cfg +++ b/base/ca/shared/profiles/ca/caAgentServerCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/base/ca/shared/profiles/ca/caCMCUserCert.cfg index e703f0cd31f0458347b9ed012f6bc49b891bcb7f..1d09443b3e5ecbb5b05b8953bdde0eb22b978604 100644 --- a/base/ca/shared/profiles/ca/caCMCUserCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCUserCert.cfg @@ -72,8 +72,10 @@ policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false policyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false policyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false policyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl -policyset.cmcUserCertSet.7.constraint.name=No Constraint +policyset.cmcUserCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.cmcUserCertSet.7.constraint.name=Extended Key Usage Extension +policyset.cmcUserCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.cmcUserCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caDirPinUserCert.cfg b/base/ca/shared/profiles/ca/caDirPinUserCert.cfg index 065a05aabf92690d60934d8253fcdb25482184b4..66c2a0ddde3b2ba1a85724f740cfffaf4cfc9841 100644 --- a/base/ca/shared/profiles/ca/caDirPinUserCert.cfg +++ b/base/ca/shared/profiles/ca/caDirPinUserCert.cfg @@ -76,8 +76,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caDirUserCert.cfg b/base/ca/shared/profiles/ca/caDirUserCert.cfg index d18dbedf97862dcfb84d43fbd0be0f6cc45a8f0f..70476bf304afbe5e4c0350a5369c5c72a2caff9e 100644 --- a/base/ca/shared/profiles/ca/caDirUserCert.cfg +++ b/base/ca/shared/profiles/ca/caDirUserCert.cfg @@ -76,8 +76,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caDualCert.cfg b/base/ca/shared/profiles/ca/caDualCert.cfg index e85cbe00273f499a22aafe8b19c3ca0905fe8568..393651564d28d3e9c8685e09283969d8588d3886 100644 --- a/base/ca/shared/profiles/ca/caDualCert.cfg +++ b/base/ca/shared/profiles/ca/caDualCert.cfg @@ -144,8 +144,10 @@ policyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false policyset.signingCertSet.6.default.params.keyUsageCrlSign=false policyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false policyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.signingCertSet.7.constraint.class_id=noConstraintImpl -policyset.signingCertSet.7.constraint.name=No Constraint +policyset.signingCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.signingCertSet.7.constraint.name=Extended Key Usage Extension +policyset.signingCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.signingCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.signingCertSet.7.default.name=Extended Key Usage Extension Default policyset.signingCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caDualRAuserCert.cfg b/base/ca/shared/profiles/ca/caDualRAuserCert.cfg index 741e26a3fe030d2b4146be52e488f0fe895dec4a..35e4abab9c98ad5ddf11c920930250f4abfd19df 100644 --- a/base/ca/shared/profiles/ca/caDualRAuserCert.cfg +++ b/base/ca/shared/profiles/ca/caDualRAuserCert.cfg @@ -71,8 +71,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caECDirUserCert.cfg b/base/ca/shared/profiles/ca/caECDirUserCert.cfg index da5047840c268ddc9a3f4424a3d49bc8ae657730..b7a17bcb6d437b364cfbac1ac216805326a38818 100644 --- a/base/ca/shared/profiles/ca/caECDirUserCert.cfg +++ b/base/ca/shared/profiles/ca/caECDirUserCert.cfg @@ -76,8 +76,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caECDualCert.cfg b/base/ca/shared/profiles/ca/caECDualCert.cfg index 8bf08108871363e68e26fa97f3ecb979b57dab97..2cc6f6c13d9594c6fa81f18194936f8bb31a71ca 100644 --- a/base/ca/shared/profiles/ca/caECDualCert.cfg +++ b/base/ca/shared/profiles/ca/caECDualCert.cfg @@ -144,8 +144,10 @@ policyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false policyset.signingCertSet.6.default.params.keyUsageCrlSign=false policyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false policyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.signingCertSet.7.constraint.class_id=noConstraintImpl -policyset.signingCertSet.7.constraint.name=No Constraint +policyset.signingCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.signingCertSet.7.constraint.name=Extended Key Usage Extension +policyset.signingCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.signingCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.signingCertSet.7.default.name=Extended Key Usage Extension Default policyset.signingCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caECUserCert.cfg b/base/ca/shared/profiles/ca/caECUserCert.cfg index a641e5800e73da16d3baa4952057f5164fa52f3c..14b6a527bd63cbab92581e60a232fc2effff1d16 100644 --- a/base/ca/shared/profiles/ca/caECUserCert.cfg +++ b/base/ca/shared/profiles/ca/caECUserCert.cfg @@ -78,8 +78,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caEncECUserCert.cfg b/base/ca/shared/profiles/ca/caEncECUserCert.cfg index 66baa4bf86c31a7c4646448b9d59949dc50309f7..4b756011ca771996c80f53086ec9ffd48c869e54 100644 --- a/base/ca/shared/profiles/ca/caEncECUserCert.cfg +++ b/base/ca/shared/profiles/ca/caEncECUserCert.cfg @@ -70,8 +70,10 @@ policyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false policyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false policyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false policyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl -policyset.encryptionCertSet.7.constraint.name=No Constraint +policyset.encryptionCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.encryptionCertSet.7.constraint.name=Extended Key Usage Extension +policyset.encryptionCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.encryptionCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default policyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caEncUserCert.cfg b/base/ca/shared/profiles/ca/caEncUserCert.cfg index e49faf24e49f364f536bbbb6b1bb30541465ad93..9c910df9ff09d0f3203e6bbfbd80e9661f6df42b 100644 --- a/base/ca/shared/profiles/ca/caEncUserCert.cfg +++ b/base/ca/shared/profiles/ca/caEncUserCert.cfg @@ -72,8 +72,10 @@ policyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false policyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false policyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false policyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl -policyset.encryptionCertSet.7.constraint.name=No Constraint +policyset.encryptionCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.encryptionCertSet.7.constraint.name=Extended Key Usage Extension +policyset.encryptionCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.encryptionCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default policyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg b/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg index 2276f50003c688890d997c7177eeeb9152d004fc..e8ac8e30ba31f73480a5626f4d534e1d453c750e 100644 --- a/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg +++ b/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg @@ -71,8 +71,10 @@ policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true -policyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl -policyset.cmcUserCertSet.7.constraint.name=No Constraint +policyset.cmcUserCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.cmcUserCertSet.7.constraint.name=Extended Key Usage Extension +policyset.cmcUserCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.cmcUserCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caIPAserviceCert.cfg b/base/ca/shared/profiles/ca/caIPAserviceCert.cfg index 782df90610631c2d3bda75c158a230c23ed38206..3bd7a17763f16ea493e692425d529c5bceef3af9 100644 --- a/base/ca/shared/profiles/ca/caIPAserviceCert.cfg +++ b/base/ca/shared/profiles/ca/caIPAserviceCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg index d5da9f599d8a2a7c28dd83688396a2ae4cd22792..adb6bfd68e407d5b576c4d812a0ee597dcb499e6 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg @@ -72,8 +72,10 @@ policyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false policyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false policyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false policyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl -policyset.drmStorageCertSet.7.constraint.name=No Constraint +policyset.drmStorageCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.drmStorageCertSet.7.constraint.name=Extended Key Usage Extension +policyset.drmStorageCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.drmStorageCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg index 71935108080b8dce4fab2ef3901fa0f1582c2801..1d9588e076b078ab9bfb0858acee8d63ee2594d3 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg @@ -72,8 +72,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg index 4106c5feff9a030354fff73298881cd45155962f..4988556b47933fd3f18509635d3f9a99c2e96b78 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg @@ -74,8 +74,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg index 538c76071958b81ca5ca3b1a2fc33e2653e50181..ba81ff0e8fba780c2bd937dfc8b371e9cc6cedba 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg @@ -72,8 +72,10 @@ policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false policyset.transportCertSet.6.default.params.keyUsageCrlSign=false policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.transportCertSet.7.constraint.class_id=noConstraintImpl -policyset.transportCertSet.7.constraint.name=No Constraint +policyset.transportCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.transportCertSet.7.constraint.name=Extended Key Usage Extension +policyset.transportCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.transportCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.transportCertSet.7.default.name=Extended Key Usage Extension Default policyset.transportCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caOtherCert.cfg b/base/ca/shared/profiles/ca/caOtherCert.cfg index 839517a0251826048e35d880ddb1689b906dc230..750cb63053a9ff1d99c7a8002dfdf8535938c34a 100644 --- a/base/ca/shared/profiles/ca/caOtherCert.cfg +++ b/base/ca/shared/profiles/ca/caOtherCert.cfg @@ -71,8 +71,10 @@ policyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false policyset.otherCertSet.6.default.params.keyUsageCrlSign=false policyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false policyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.otherCertSet.7.constraint.class_id=noConstraintImpl -policyset.otherCertSet.7.constraint.name=No Constraint +policyset.otherCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.otherCertSet.7.constraint.name=Extended Key Usage Extension +policyset.otherCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.otherCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 policyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.otherCertSet.7.default.name=Extended Key Usage Extension Default policyset.otherCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caRACert.cfg b/base/ca/shared/profiles/ca/caRACert.cfg index a3d8dc45f426c2274ae9dc519da1180185d93832..d81f27e8d3b7a17a422f2aa7ecbbc18e4c42d4f5 100644 --- a/base/ca/shared/profiles/ca/caRACert.cfg +++ b/base/ca/shared/profiles/ca/caRACert.cfg @@ -71,8 +71,10 @@ policyset.raCertSet.6.default.params.keyUsageKeyCertSign=false policyset.raCertSet.6.default.params.keyUsageCrlSign=false policyset.raCertSet.6.default.params.keyUsageEncipherOnly=false policyset.raCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.raCertSet.7.constraint.class_id=noConstraintImpl -policyset.raCertSet.7.constraint.name=No Constraint +policyset.raCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.raCertSet.7.constraint.name=Extended Key Usage Extension +policyset.raCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.raCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.raCertSet.7.default.name=Extended Key Usage Extension Default policyset.raCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caRARouterCert.cfg b/base/ca/shared/profiles/ca/caRARouterCert.cfg index 28407668699893edbcb517d3eba69e8b2db03195..1e9ad41fa5ef1a1dc86b51927959d4074c35b6cd 100644 --- a/base/ca/shared/profiles/ca/caRARouterCert.cfg +++ b/base/ca/shared/profiles/ca/caRARouterCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caRAagentCert.cfg b/base/ca/shared/profiles/ca/caRAagentCert.cfg index d330e6f0129c7e70673bb860fb3990af424f842f..83625a415de220d667da78cd580a4167ae059e01 100644 --- a/base/ca/shared/profiles/ca/caRAagentCert.cfg +++ b/base/ca/shared/profiles/ca/caRAagentCert.cfg @@ -72,8 +72,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caRAserverCert.cfg b/base/ca/shared/profiles/ca/caRAserverCert.cfg index 297c001e327da0155875340acd48ad2fbdde1a0e..3f63e1afa443edf3dc79897ab4c87d785c320021 100644 --- a/base/ca/shared/profiles/ca/caRAserverCert.cfg +++ b/base/ca/shared/profiles/ca/caRAserverCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caRouterCert.cfg b/base/ca/shared/profiles/ca/caRouterCert.cfg index 2400c69b8afeec11177717427016dee02ab2ee5a..6a59759bd4bdc4bf58672db2ed77f83f90691f55 100644 --- a/base/ca/shared/profiles/ca/caRouterCert.cfg +++ b/base/ca/shared/profiles/ca/caRouterCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caServerCert.cfg b/base/ca/shared/profiles/ca/caServerCert.cfg index 35254cb7538265d80709fda5580bc74435763c8d..7ee5ced50312171aedb84cbf435e1b6c126c5925 100644 --- a/base/ca/shared/profiles/ca/caServerCert.cfg +++ b/base/ca/shared/profiles/ca/caServerCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg b/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg index f470a1dc203582389c518bf06cbd17cdb832d7bd..fe78e636a22a7ea96c560eefc5b69de80969d729 100644 --- a/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg +++ b/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg @@ -70,8 +70,10 @@ policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true -policyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl -policyset.cmcUserCertSet.7.constraint.name=No Constraint +policyset.cmcUserCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.cmcUserCertSet.7.constraint.name=Extended Key Usage Extension +policyset.cmcUserCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.cmcUserCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caStorageCert.cfg b/base/ca/shared/profiles/ca/caStorageCert.cfg index 3d99883cdfc8d4797cc0ddf14c4a0865f12eec68..346f989ce70585829c061fa895bee412c49df6ed 100644 --- a/base/ca/shared/profiles/ca/caStorageCert.cfg +++ b/base/ca/shared/profiles/ca/caStorageCert.cfg @@ -71,8 +71,10 @@ policyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false policyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false policyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false policyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl -policyset.drmStorageCertSet.7.constraint.name=No Constraint +policyset.drmStorageCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.drmStorageCertSet.7.constraint.name=Extended Key Usage Extension +policyset.drmStorageCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.drmStorageCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caSubsystemCert.cfg b/base/ca/shared/profiles/ca/caSubsystemCert.cfg index 41a710fc7eca0c59f4a3122e46c56fed6e8e83c8..3ce5e974327604e9e176ebfdeb1c13d1170ed5f3 100644 --- a/base/ca/shared/profiles/ca/caSubsystemCert.cfg +++ b/base/ca/shared/profiles/ca/caSubsystemCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caTPSCert.cfg b/base/ca/shared/profiles/ca/caTPSCert.cfg index bcc30a7fd8b88e2f9f1f12a0ad8fca4485ffe0ea..2c3793207e68fe049129eb22c5dd31dfe23ab37f 100644 --- a/base/ca/shared/profiles/ca/caTPSCert.cfg +++ b/base/ca/shared/profiles/ca/caTPSCert.cfg @@ -71,8 +71,10 @@ policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false policyset.serverCertSet.6.default.params.keyUsageCrlSign=false policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.serverCertSet.7.constraint.class_id=noConstraintImpl -policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.serverCertSet.7.constraint.name=Extended Key Usage Extension +policyset.serverCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.serverCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default policyset.serverCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg b/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg index 37c9af5e02380635573c0e1d9642c8aa649cb55a..fe780db054fa98b316658f7a9fd37a9a8644e2f8 100644 --- a/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg +++ b/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg @@ -162,8 +162,10 @@ policyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.lo policyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.set1.p14.default.params.authInfoAccessCritical=false policyset.set1.p14.default.params.authInfoAccessNumADs=1 -policyset.set1.p15.constraint.class_id=noConstraintImpl -policyset.set1.p15.constraint.name=No Constraint +policyset.set1.p15.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.set1.p15.constraint.name=Extended Key Usage Extension +policyset.set1.p15.constraint.params.exKeyUsageCritical=false +policyset.set1.p15.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2 policyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl policyset.set1.p15.default.name=Extended Key Usage Extension Default policyset.set1.p15.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caTransportCert.cfg b/base/ca/shared/profiles/ca/caTransportCert.cfg index 466e2b313316023db9fdc3e9620a73fafbff63c0..8cc4bc13cdaf80825e3b83a307488fb9d66cddb3 100644 --- a/base/ca/shared/profiles/ca/caTransportCert.cfg +++ b/base/ca/shared/profiles/ca/caTransportCert.cfg @@ -71,8 +71,10 @@ policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false policyset.transportCertSet.6.default.params.keyUsageCrlSign=false policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.transportCertSet.7.constraint.class_id=noConstraintImpl -policyset.transportCertSet.7.constraint.name=No Constraint +policyset.transportCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.transportCertSet.7.constraint.name=Extended Key Usage Extension +policyset.transportCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.transportCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.transportCertSet.7.default.name=Extended Key Usage Extension Default policyset.transportCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg index fcc9ffc0858af649144b4943bfd3f2eeed4fd1a2..5e8d713c9e0e23f828d1b0317e82e7b65e0617a6 100644 --- a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg +++ b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg @@ -72,8 +72,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caUserCert.cfg b/base/ca/shared/profiles/ca/caUserCert.cfg index 0fdc451ca03471116eeed7416cf9f71a42f254a3..78f10f19d563b8bba7b54119aae3b0b08b0d9d63 100644 --- a/base/ca/shared/profiles/ca/caUserCert.cfg +++ b/base/ca/shared/profiles/ca/caUserCert.cfg @@ -78,8 +78,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false diff --git a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg index 06271e4761d8d2bf1291e24a959c62b035c6781e..1b85d9510aac53c367e44a1a57031dccc3034836 100644 --- a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg +++ b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg @@ -78,8 +78,10 @@ policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false -policyset.userCertSet.7.constraint.class_id=noConstraintImpl -policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.userCertSet.7.constraint.name=Extended Key Usage Extension +policyset.userCertSet.7.constraint.params.exKeyUsageCritical=false +policyset.userCertSet.7.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false -- 1.9.3