src/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.cnf - third_party/boringssl - Git at Google

 [req]
 encrypt_key = no
 utf8 = yes
 string_mask = utf8only
 prompt = no
 distinguished_name = req_dn
 req_extensions = req_ext

 [req_dn]
 commonName = "Root"

 [req_ext]
 subjectKeyIdentifier = hash
 keyUsage = critical,keyCertSign,cRLSign
 basicConstraints = critical,CA:true

 [ca]
 default_ca = root_ca

 [root_ca]
 certificate = out/Root.pem
 new_certs_dir = out
 serial = out/Root.serial
 database = out/Root.db
 unique_subject = no
 default_days = 365
 default_md = sha256
 policy = policy_anything
 email_in_dn = no
 preserve = yes
 name_opt = multiline,-esc_msb,utf8
 cert_opt = ca_default
 copy_extensions = copy
 x509_extensions = signing_ca_ext
 default_crl_days = 30
 crl_extensions = crl_ext
 private_key = keys/Root.key

 [policy_anything]
 domainComponent = optional
 countryName = optional
 stateOrProvinceName = optional
 localityName = optional
 organizationName = optional
 organizationalUnitName = optional
 commonName = optional
 emailAddress = optional

 [signing_ca_ext]
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always
 authorityInfoAccess = @issuer_info
 crlDistributionPoints = @crl_info

 [issuer_info]
 caIssuers;URI.0 = http://url-for-aia/Root.cer

 [crl_info]
 URI.0 = http://url-for-crl/Root.crl

 [crl_ext]
 authorityKeyIdentifier = keyid:always
 authorityInfoAccess = @issuer_info
	[req]
	encrypt_key = no
	utf8 = yes
	string_mask = utf8only
	prompt = no
	distinguished_name = req_dn
	req_extensions = req_ext

	[req_dn]
	commonName = "Root"

	[req_ext]
	subjectKeyIdentifier = hash
	keyUsage = critical,keyCertSign,cRLSign
	basicConstraints = critical,CA:true

	[ca]
	default_ca = root_ca

	[root_ca]
	certificate = out/Root.pem
	new_certs_dir = out
	serial = out/Root.serial
	database = out/Root.db
	unique_subject = no
	default_days = 365
	default_md = sha256
	policy = policy_anything
	email_in_dn = no
	preserve = yes
	name_opt = multiline,-esc_msb,utf8
	cert_opt = ca_default
	copy_extensions = copy
	x509_extensions = signing_ca_ext
	default_crl_days = 30
	crl_extensions = crl_ext
	private_key = keys/Root.key

	[policy_anything]
	domainComponent = optional
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = optional
	emailAddress = optional

	[signing_ca_ext]
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always
	authorityInfoAccess = @issuer_info
	crlDistributionPoints = @crl_info

	[issuer_info]
	caIssuers;URI.0 = http://url-for-aia/Root.cer

	[crl_info]
	URI.0 = http://url-for-crl/Root.crl

	[crl_ext]
	authorityKeyIdentifier = keyid:always
	authorityInfoAccess = @issuer_info