From ca8af756c52ab7a4aecb857f60d6124e58458f0a Mon Sep 17 00:00:00 2001 From: Robert Fischer Date: Thu, 21 Apr 2011 22:55:52 +0200 Subject: Documented --x509-username-field option Also fixed a typo in the --help screen. Signed-off-by: Robert Fischer Acked-by: David Sommerseth Signed-off-by: David Sommerseth --- openvpn.8 | 8 ++++++++ options.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/openvpn.8 b/openvpn.8 index 45c0663..e4b5eb6 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4434,6 +4434,14 @@ the tls-verify script returns. The file name used for the certificate is available via the peer_cert environment variable. .\"********************************************************* .TP +.B \-\-x509-username-field fieldname +Field in x509 certificate subject to be used as username (default=CN). +.B Fieldname +will be uppercased before matching. When this option is used, the +--tls-remote option will match against the chosen fieldname instead +of the CN. +.\"********************************************************* +.TP .B \-\-tls-remote name Accept connections only from a host with X509 name or common name equal to diff --git a/options.c b/options.c index ab4228d..77e7c7f 100644 --- a/options.c +++ b/options.c @@ -538,7 +538,7 @@ static const char usage_message[] = "--pkcs12 file : PKCS#12 file containing local private key, local certificate\n" " and optionally the root CA certificate.\n" #ifdef ENABLE_X509ALTUSERNAME - "--x509-username-field : Field used in x509 certificat to be username.\n" + "--x509-username-field : Field used in x509 certificate to be username.\n" " Default is CN.\n" #endif "--verify-hash : Specify SHA1 fingerprint for level-1 cert.\n" -- cgit v1.2.3