From 5b4a9aa0855b9e21904cf6189d5fd141d671fb36 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Thu, 4 May 2023 22:45:20 +0200
Subject: [PATCH] [ca] Do not require matching CA parameters.

See https://security.stackexchange.com/a/130488.
---
 ca/ca.cnf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ca/ca.cnf b/ca/ca.cnf
index bc13b8b..5c58fe7 100644
--- a/ca/ca.cnf
+++ b/ca/ca.cnf
@@ -83,7 +83,7 @@ preserve        = no                    # keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
-policy          = policy_match
+policy          = policy_anything
 
 # For the CA policy
 [ policy_match ]
-- 
2.39.5