From 9e8c5189ab6cce6ded77316439b9fee92e27487c Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 30 Oct 2014 01:58:15 -0400
Subject: Enable Authority Key Identifier CRL extension by default

RFC 5280 states:

   Conforming CRL issuers are REQUIRED to include the authority key
   identifier (Section 5.2.1) and the CRL number (Section 5.2.3)
   extensions in all CRLs issued.

Accordingly, update CS.cfg so that the Authority Key Identifier
extension is enabled by default.
---
 base/ca/shared/conf/CS.cfg.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'base/ca')

diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 146c7a2a3..74f432956 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -604,7 +604,7 @@ ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions
 ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension
 ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension
 ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false
-ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=false
+ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=true
 ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension
 ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension
 ca.crl.MasterCRL.extension.CRLNumber.critical=false
-- 
cgit