This is a small note on the results of checking the OpenSSL project with the PVS-Studio analyzer. I analyzed the openssl-0.9.8-stable-SNAP-20121208 version.
If you search for "codeSigning" and "objsign" and "digitalSignature" and "nonRepudiation" you can see what is needed in the OpenSLL config files to generate code-signing certificates.
These instrauctions mostly work, but with the current version of Windows OpenSSL, the generated certificate is "not suitable for code signing" unless you modify the OpenSSL.cnf config file.