diff options
author | Emilien Mantel <emilien.mantel@businessdecision.com> | 2010-06-17 21:38:59 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-10-21 21:26:59 +0200 |
commit | 2e8337de248ef0b5b48cbb2964da0d5c3f28b15b (patch) | |
tree | 7f21b614c1c950cd0a8d9b521bf0d51205289027 /options.c | |
parent | ssl.c: fix use of openvpn_run_script()'s return value (diff) | |
download | openvpn-2e8337de248ef0b5b48cbb2964da0d5c3f28b15b.tar.xz |
Choose a different field in X509 to be username
For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be
username (few people can have the same "CN"). In our case, we only use the UID.
With my patch, you can choose another field to be username with a new option called
--x509-username-field, the default value is "CN".
Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to '')
-rw-r--r-- | options.c | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -49,6 +49,7 @@ #include "helper.h" #include "manage.h" #include "configure.h" +#include <ctype.h> #include "memdbg.h" @@ -511,6 +512,8 @@ static const char usage_message[] = "--key file : Local private key in .pem format.\n" "--pkcs12 file : PKCS#12 file containing local private key, local certificate\n" " and optionally the root CA certificate.\n" + "--x509-username-field : Field used in x509 certificat to be username.\n" + " Default is CN.\n" #ifdef WIN32 "--cryptoapicert select-string : Load the certificate and private key from the\n" " Windows Certificate System Store.\n" @@ -767,6 +770,7 @@ init_options (struct options *o, const bool init_gc) o->renegotiate_seconds = 3600; o->handshake_window = 60; o->transition_window = 3600; + o->x509_username_field = X509_USERNAME_FIELD_DEFAULT; #endif #endif #ifdef ENABLE_PKCS11 @@ -5921,6 +5925,13 @@ add_option (struct options *options, } options->key_method = key_method; } + else if (streq (p[0], "x509-username-field") && p[1]) + { + char *s = p[1]; + VERIFY_PERMISSION (OPT_P_GENERAL); + while ((*s = toupper(*s)) != '\0') s++; /* Uppercase if necessary */ + options->x509_username_field = p[1]; + } #endif /* USE_SSL */ #endif /* USE_CRYPTO */ #ifdef ENABLE_PKCS11 |