Added --no-name-remapping option to allow Common Name, X509 Subject,

and username strings to include any printable character including
space, but excluding control characters such as tab, newline, and
carriage-return.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3467 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 22 insertions, 0 deletions

diff --git a/openvpn.8 b/openvpn.8
index b91dc7b..2e95d4a 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -203,6 +203,7 @@ openvpn \- secure IP tunnel daemon.
 [\ \fB\-\-mute\fR\ \fIn\fR\ ]
 [\ \fB\-\-nice\fR\ \fIn\fR\ ]
 [\ \fB\-\-no\-iv\fR\ ]
+[\ \fB\-\-no\-name\-remapping\fR\ ]
 [\ \fB\-\-no\-replay\fR\ ]
 [\ \fB\-\-bind\fR\ ]
 [\ \fB\-\-nobind\fR\ ]
@@ -3297,6 +3298,27 @@ the authenticated username as the common name,
 rather than the common name from the client cert.
 .\"*********************************************************
 .TP
+.B --no-name-remapping
+Allow Common Name, X509 Subject, and username strings to include
+any printable character including space, but excluding control
+characters such as tab, newline, and carriage-return.
+
+By default, OpenVPN will remap
+any character other than alphanumeric, underbar ('_'), dash
+('-'), dot ('.'), and slash ('/') to underbar ('_').  The X509
+Subject string as returned by the
+.B tls_id
+environmental variable, can additionally contain colon (':') or
+equal ('=').
+
+While name remapping is performed for security reasons to reduce
+the possibility of introducing string expansion security vulnerabilities
+in user-defined authentication
+scripts, this option is provided for those cases where it is desirable to
+disable the remapping feature.  Don't use this option unless you 
+know what you are doing!
+.\"*********************************************************
+.TP
 .B --port-share host port
 When run in TCP server mode, share the OpenVPN port with
 another application, such as an HTTPS server.  If OpenVPN