aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac11
-rw-r--r--options.c6
-rw-r--r--options.h2
-rw-r--r--ssl.c4
4 files changed, 23 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 1d55263..e30f990 100644
--- a/configure.ac
+++ b/configure.ac
@@ -80,6 +80,12 @@ AC_ARG_ENABLE(ssl,
[SSL="yes"]
)
+AC_ARG_ENABLE(x509-alt-username,
+ [ --enable-x509-alt-username Enable the --x509-username-field feature],
+ [X509ALTUSERNAME="$enableval"],
+ [X509ALTUSERNAME="no"]
+)
+
AC_ARG_ENABLE(multi,
[ --disable-multi Disable client/server support (--mode server + client mode)],
[MULTI="$enableval"],
@@ -751,6 +757,11 @@ dnl
fi
fi
+dnl enable --x509-username-field feature if requested
+if test "$X509ALTUSERNAME" = "yes"; then
+ AC_DEFINE(ENABLE_X509ALTUSERNAME, 1, [Enable --x509-username-field feature])
+fi
+
dnl enable pkcs11 capability
if test "$PKCS11" = "yes"; then
AC_CHECKING([for pkcs11-helper Library and Header files])
diff --git a/options.c b/options.c
index 524c781..f4eeaee 100644
--- a/options.c
+++ b/options.c
@@ -506,8 +506,10 @@ static const char usage_message[] =
"--key file : Local private key in .pem format.\n"
"--pkcs12 file : PKCS#12 file containing local private key, local certificate\n"
" and optionally the root CA certificate.\n"
+#ifdef ENABLE_X509ALTUSERNAME
"--x509-username-field : Field used in x509 certificat to be username.\n"
" Default is CN.\n"
+#endif
#ifdef WIN32
"--cryptoapicert select-string : Load the certificate and private key from the\n"
" Windows Certificate System Store.\n"
@@ -761,9 +763,11 @@ init_options (struct options *o, const bool init_gc)
o->renegotiate_seconds = 3600;
o->handshake_window = 60;
o->transition_window = 3600;
+#ifdef ENABLE_X509ALTUSERNAME
o->x509_username_field = X509_USERNAME_FIELD_DEFAULT;
#endif
#endif
+#endif
#ifdef ENABLE_PKCS11
o->pkcs11_pin_cache_period = -1;
#endif /* ENABLE_PKCS11 */
@@ -5898,6 +5902,7 @@ add_option (struct options *options,
}
options->key_method = key_method;
}
+#ifdef ENABLE_X509ALTUSERNAME
else if (streq (p[0], "x509-username-field") && p[1])
{
char *s = p[1];
@@ -5905,6 +5910,7 @@ add_option (struct options *options,
while ((*s = toupper(*s)) != '\0') s++; /* Uppercase if necessary */
options->x509_username_field = p[1];
}
+#endif /* ENABLE_X509ALTUSERNAME */
#endif /* USE_SSL */
#endif /* USE_CRYPTO */
#ifdef ENABLE_PKCS11
diff --git a/options.h b/options.h
index 7a61e3d..7f4c0cd 100644
--- a/options.h
+++ b/options.h
@@ -508,8 +508,10 @@ struct options
within n seconds of handshake initiation. */
int handshake_window;
+#ifdef ENABLE_X509ALTUSERNAME
/* Field used to be the username in X509 cert. */
char *x509_username_field;
+#endif
/* Old key allowed to live n seconds after new key goes active */
int transition_window;
diff --git a/ssl.c b/ssl.c
index 2fa091a..da6f7d7 100644
--- a/ssl.c
+++ b/ssl.c
@@ -1874,7 +1874,11 @@ init_ssl (const struct options *options)
}
else
#endif
+#ifdef ENABLE_X509ALTUSERNAME
x509_username_field = (char *) options->x509_username_field;
+#else
+ x509_username_field = X509_USERNAME_FIELD_DEFAULT;
+#endif
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);