aboutsummaryrefslogtreecommitdiff
path: root/options.c
diff options
context:
space:
mode:
authorEmilien Mantel <emilien.mantel@businessdecision.com>2010-06-17 21:38:59 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2010-10-21 21:26:59 +0200
commit2e8337de248ef0b5b48cbb2964da0d5c3f28b15b (patch)
tree7f21b614c1c950cd0a8d9b521bf0d51205289027 /options.c
parentssl.c: fix use of openvpn_run_script()'s return value (diff)
downloadopenvpn-2e8337de248ef0b5b48cbb2964da0d5c3f28b15b.tar.xz
Choose a different field in X509 to be username
For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be username (few people can have the same "CN"). In our case, we only use the UID. With my patch, you can choose another field to be username with a new option called --x509-username-field, the default value is "CN". Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to '')
-rw-r--r--options.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/options.c b/options.c
index 8c5af91..717c5d7 100644
--- a/options.c
+++ b/options.c
@@ -49,6 +49,7 @@
#include "helper.h"
#include "manage.h"
#include "configure.h"
+#include <ctype.h>
#include "memdbg.h"
@@ -511,6 +512,8 @@ static const char usage_message[] =
"--key file : Local private key in .pem format.\n"
"--pkcs12 file : PKCS#12 file containing local private key, local certificate\n"
" and optionally the root CA certificate.\n"
+ "--x509-username-field : Field used in x509 certificat to be username.\n"
+ " Default is CN.\n"
#ifdef WIN32
"--cryptoapicert select-string : Load the certificate and private key from the\n"
" Windows Certificate System Store.\n"
@@ -767,6 +770,7 @@ init_options (struct options *o, const bool init_gc)
o->renegotiate_seconds = 3600;
o->handshake_window = 60;
o->transition_window = 3600;
+ o->x509_username_field = X509_USERNAME_FIELD_DEFAULT;
#endif
#endif
#ifdef ENABLE_PKCS11
@@ -5921,6 +5925,13 @@ add_option (struct options *options,
}
options->key_method = key_method;
}
+ else if (streq (p[0], "x509-username-field") && p[1])
+ {
+ char *s = p[1];
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ while ((*s = toupper(*s)) != '\0') s++; /* Uppercase if necessary */
+ options->x509_username_field = p[1];
+ }
#endif /* USE_SSL */
#endif /* USE_CRYPTO */
#ifdef ENABLE_PKCS11