aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-10-31 07:04:51 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-10-31 07:04:51 +0000
commited3042470f498fbf1468d3d757982a19df38b3bd (patch)
tree4c1a6bc48634f1dccddc6bd27cad0b5a390378c6 /openvpn.8
parentAdded --status-version 3 which is the same as version 2 (diff)
downloadopenvpn-ed3042470f498fbf1468d3d757982a19df38b3bd.tar.xz
Added --no-name-remapping option to allow Common Name, X509 Subject,
and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3467 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--openvpn.822
1 files changed, 22 insertions, 0 deletions
diff --git a/openvpn.8 b/openvpn.8
index b91dc7b..2e95d4a 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -203,6 +203,7 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-mute\fR\ \fIn\fR\ ]
[\ \fB\-\-nice\fR\ \fIn\fR\ ]
[\ \fB\-\-no\-iv\fR\ ]
+[\ \fB\-\-no\-name\-remapping\fR\ ]
[\ \fB\-\-no\-replay\fR\ ]
[\ \fB\-\-bind\fR\ ]
[\ \fB\-\-nobind\fR\ ]
@@ -3297,6 +3298,27 @@ the authenticated username as the common name,
rather than the common name from the client cert.
.\"*********************************************************
.TP
+.B --no-name-remapping
+Allow Common Name, X509 Subject, and username strings to include
+any printable character including space, but excluding control
+characters such as tab, newline, and carriage-return.
+
+By default, OpenVPN will remap
+any character other than alphanumeric, underbar ('_'), dash
+('-'), dot ('.'), and slash ('/') to underbar ('_'). The X509
+Subject string as returned by the
+.B tls_id
+environmental variable, can additionally contain colon (':') or
+equal ('=').
+
+While name remapping is performed for security reasons to reduce
+the possibility of introducing string expansion security vulnerabilities
+in user-defined authentication
+scripts, this option is provided for those cases where it is desirable to
+disable the remapping feature. Don't use this option unless you
+know what you are doing!
+.\"*********************************************************
+.TP
.B --port-share host port
When run in TCP server mode, share the OpenVPN port with
another application, such as an HTTPS server. If OpenVPN