Choose a different field in X509 to be username

For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be username (few people can have the same "CN"). In our case, we only use the UID. With my patch, you can choose another field to be username with a new option called --x509-username-field, the default value is "CN". Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
author: Emilien Mantel <emilien.mantel@businessdecision.com> 2010-06-17 21:38:59 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2010-06-17 21:46:09 +0200
commit: 935c62be9c0c8a256112df818bfb8470586a23b6 (patch)
tree: fc18cc3b6330bd0de8c536c60b905fb034ae2e6a /options.h
parent: ssl.c: fix use of openvpn_run_script()'s return value (diff)
download: openvpn-935c62be9c0c8a256112df818bfb8470586a23b6.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/options.h b/options.h
index a3114e2..10109e7 100644
--- a/options.h
+++ b/options.h
@@ -484,6 +484,9 @@ struct options
      within n seconds of handshake initiation. */
   int handshake_window;
 
+  /* Field used to be the username in X509 cert. */
+  char *x509_username_field;
+
   /* Old key allowed to live n seconds after new key goes active */
   int transition_window;
author	Emilien Mantel <emilien.mantel@businessdecision.com>	2010-06-17 21:38:59 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2010-06-17 21:46:09 +0200
commit	935c62be9c0c8a256112df818bfb8470586a23b6 (patch)
tree	fc18cc3b6330bd0de8c536c60b905fb034ae2e6a /options.h
parent	ssl.c: fix use of openvpn_run_script()'s return value (diff)
download	openvpn-935c62be9c0c8a256112df818bfb8470586a23b6.tar.xz