Documented --x509-username-field option

Also fixed a typo in the --help screen.

Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

2 files changed, 9 insertions, 1 deletions

diff --git a/openvpn.8 b/openvpn.8
index 45c0663..e4b5eb6 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4434,6 +4434,14 @@ the tls-verify script returns.  The file name used for the certificate
 is available via the peer_cert environment variable.
 .\"*********************************************************
 .TP
+.B \-\-x509-username-field fieldname
+Field in x509 certificate subject to be used as username (default=CN).
+.B Fieldname
+will be uppercased before matching. When this option is used, the
+--tls-remote option will match against the chosen fieldname instead
+of the CN.
+.\"*********************************************************
+.TP
 .B \-\-tls-remote name
 Accept connections only from a host with X509 name
 or common name equal to
diff --git a/options.c b/options.c
index ab4228d..77e7c7f 100644
--- a/options.c
+++ b/options.c
@@ -538,7 +538,7 @@ static const char usage_message[] =
   "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"
   "                  and optionally the root CA certificate.\n"
 #ifdef ENABLE_X509ALTUSERNAME
-  "--x509-username-field : Field used in x509 certificat to be username.\n"
+  "--x509-username-field : Field used in x509 certificate to be username.\n"
   "                        Default is CN.\n"
 #endif
   "--verify-hash   : Specify SHA1 fingerprint for level-1 cert.\n"