aboutsummaryrefslogtreecommitdiff
path: root/ssl.h
diff options
context:
space:
mode:
authorEmilien Mantel <emilien.mantel@businessdecision.com>2010-06-17 21:38:59 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2010-10-21 21:26:59 +0200
commit2e8337de248ef0b5b48cbb2964da0d5c3f28b15b (patch)
tree7f21b614c1c950cd0a8d9b521bf0d51205289027 /ssl.h
parentssl.c: fix use of openvpn_run_script()'s return value (diff)
downloadopenvpn-2e8337de248ef0b5b48cbb2964da0d5c3f28b15b.tar.xz
Choose a different field in X509 to be username
For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be username (few people can have the same "CN"). In our case, we only use the UID. With my patch, you can choose another field to be username with a new option called --x509-username-field, the default value is "CN". Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'ssl.h')
-rw-r--r--ssl.h7
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl.h b/ssl.h
index 19a8540..8415d55 100644
--- a/ssl.h
+++ b/ssl.h
@@ -278,8 +278,8 @@
* Buffer sizes (also see mtu.h).
*/
-/* Maximum length of common name */
-#define TLS_CN_LEN 64
+/* Maximum length of the username in cert */
+#define TLS_USERNAME_LEN 64
/* Legal characters in an X509 or common name */
#define X509_NAME_CHAR_CLASS (CC_ALNUM|CC_UNDERBAR|CC_DASH|CC_DOT|CC_AT|CC_COLON|CC_SLASH|CC_EQUAL)
@@ -288,6 +288,9 @@
/* Maximum length of OCC options string passed as part of auth handshake */
#define TLS_OPTIONS_LEN 512
+/* Default field in X509 to be username */
+#define X509_USERNAME_FIELD_DEFAULT "CN"
+
/*
* Range of key exchange methods
*/