Does anyone know if all the fields you can specify in an OpenSSL config file are available in Cloudflare's CFSSL's certificate authority toolkit? There are certain fields (such as default_md or specifying that countries must match) that appear to be missing from the options that CFSSL recognizes in its JSON config files (of which the following is an excerpt):
type CAConstraint struct { IsCA bool `json:"is_ca"` MaxPathLen int `json:"max_path_len"` MaxPathLenZero bool `json:"max_path_len_zero"`}// A SigningProfile stores information that the CA needs to store// signature policy.type SigningProfile struct { Usage []string `json:"usages"` IssuerURL []string `json:"issuer_urls"` OCSP string `json:"ocsp_url"` CRL string `json:"crl_url"` CAConstraint CAConstraint `json:"ca_constraint"` OCSPNoCheck bool `json:"ocsp_no_check"` ExpiryString string `json:"expiry"` BackdateString string `json:"backdate"` AuthKeyName string `json:"auth_key"` RemoteName string `json:"remote"` NotBefore time.Time `json:"not_before"` NotAfter time.Time `json:"not_after"` NameWhitelistString string `json:"name_whitelist"` AuthRemote AuthRemote `json:"auth_remote"` CTLogServers []string `json:"ct_log_servers"` AllowedExtensions []OID `json:"allowed_extensions"` CertStore string `json:"cert_store"` Policies []CertificatePolicy Expiry time.Duration Backdate time.Duration Provider auth.Provider RemoteProvider auth.Provider RemoteServer string RemoteCAs *x509.CertPool ClientCert *tls.Certificate CSRWhitelist *CSRWhitelist NameWhitelist *regexp.Regexp ExtensionWhitelist map[string]bool ClientProvidesSerialNumbers bool}Does CFSSL abstract away many of the OpenSSL configuration options or am I just not seeing where you can specify them?