lib/func.tcl: Cope with a gratuitous OpenSSL output-format change.

[ca] / etc / openssl.conf

diff --git a/etc/openssl.conf b/etc/openssl.conf
index 4fa74a5..1fe673a 100644 (file)
--- a/etc/openssl.conf
+++ b/etc/openssl.conf
@@ -5,7 +5,7 @@
 ###--------------------------------------------------------------------------
 ### Defaults.
 
-RANDFILE = /dev/urandom
+RANDFILE = /dev/random
 db_suffix =
 
 ###--------------------------------------------------------------------------
@@ -103,7 +103,7 @@ crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
 
 [tls-client-extensions]
 basicConstraints = critical, CA:FALSE
-keyUsage = critical, digitalSignature
+keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always