Implement self-signing in 'openssl ca'. This makes it easier to have

the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.
author: levitte <levitte> 2003-04-03 22:33:03 +0000
committer: levitte <levitte> 2003-04-03 22:33:03 +0000
commit: 99b043c4f0286c6b532f73812a910f4129d79162 (patch)
tree: 8e5cc6928e65bfa12905eddd9fc56bf9a827b2ea /CHANGES
parent: 6caa2c68f56f5d40f0f2a95757b9e49dcc6c6290 (diff)
download: openssl-99b043c4f0286c6b532f73812a910f4129d79162.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0d767703c..66870e6c8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
 
+  *) Make it possible to create self-signed certificates with 'openssl ca'
+     in such a way that the self-signed certificate becomes part of the
+     CA database and uses the same mechanisms for serial number generation
+     as all other certificate signing.  The new flag '-selfsign' enables
+     this functionality.  Adapt CA.sh and CA.pl.in.
+     [Richard Levitte]
+
   *) Add functionality to check the public key of a certificate request
      against a given private.  This is useful to check that a certificate
      request can be signed by that key (self-signing).
author	levitte <levitte>	2003-04-03 22:33:03 +0000
committer	levitte <levitte>	2003-04-03 22:33:03 +0000
commit	99b043c4f0286c6b532f73812a910f4129d79162 (patch)
tree	8e5cc6928e65bfa12905eddd9fc56bf9a827b2ea /CHANGES
parent	6caa2c68f56f5d40f0f2a95757b9e49dcc6c6290 (diff)
download	openssl-99b043c4f0286c6b532f73812a910f4129d79162.tar.gz