From 3fbf343985cd1a957514ebcc54fee067c18b99ea Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Fri, 18 Mar 2011 14:48:43 +1300
Subject: Tweak CA and cert setup to be nice to Windows.

For some reason Satan's Operating System doesn't join up the certification path
if the key identifiers are set to hash. This took a few hours of trial and
error to figure out.
---
 libmproxy/resources/ca.cnf | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'libmproxy/resources/ca.cnf')

diff --git a/libmproxy/resources/ca.cnf b/libmproxy/resources/ca.cnf
index c65c66c8..b1f93f92 100644
--- a/libmproxy/resources/ca.cnf
+++ b/libmproxy/resources/ca.cnf
@@ -9,8 +9,6 @@ organizationName                = mitmproxy
 commonName                      = mitmproxy
 
 [ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = critical,CA:true
 keyUsage = cRLSign, keyCertSign
 extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
@@ -27,8 +25,6 @@ basicConstraints = CA:false
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
 nsCertType = server
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
 
 [ v3_cert_req ]
 basicConstraints = CA:false
-- 
cgit v1.2.3