diff options
author | Emilien Mantel <emilien.mantel@businessdecision.com> | 2010-06-17 21:38:59 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-10-21 21:26:59 +0200 |
commit | 2e8337de248ef0b5b48cbb2964da0d5c3f28b15b (patch) | |
tree | 7f21b614c1c950cd0a8d9b521bf0d51205289027 /ssl.h | |
parent | ssl.c: fix use of openvpn_run_script()'s return value (diff) | |
download | openvpn-2e8337de248ef0b5b48cbb2964da0d5c3f28b15b.tar.xz |
Choose a different field in X509 to be username
For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be
username (few people can have the same "CN"). In our case, we only use the UID.
With my patch, you can choose another field to be username with a new option called
--x509-username-field, the default value is "CN".
Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'ssl.h')
-rw-r--r-- | ssl.h | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -278,8 +278,8 @@ * Buffer sizes (also see mtu.h). */ -/* Maximum length of common name */ -#define TLS_CN_LEN 64 +/* Maximum length of the username in cert */ +#define TLS_USERNAME_LEN 64 /* Legal characters in an X509 or common name */ #define X509_NAME_CHAR_CLASS (CC_ALNUM|CC_UNDERBAR|CC_DASH|CC_DOT|CC_AT|CC_COLON|CC_SLASH|CC_EQUAL) @@ -288,6 +288,9 @@ /* Maximum length of OCC options string passed as part of auth handshake */ #define TLS_OPTIONS_LEN 512 +/* Default field in X509 to be username */ +#define X509_USERNAME_FIELD_DEFAULT "CN" + /* * Range of key exchange methods */ |