Document x509-username-fields oid usage

When built against OpenSSL, the parameters of the x509-username-fields
option are in extract_x509_field_ssl() fed through OBJ_txt2obj() [0]
which accepts "long names and short names [...] as well as numerical
forms." Because of this, you can for example use `x509-username-field
2.5.4.41` to make OpenVPN read the `name` field [1].

x509-username-fields is currently not implemented for mbed TLS, so that
can be ignored.

[0] https://docs.openssl.org/1.1.1/man3/OBJ_nid2obj/
[1] https://oidref.com/2.5.4.41

Signed-off-by: Corubba Smith <corubba@gmx.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <eac80c73-e702-4d5c-b90a-fdaf4edd74f1@gmx.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30916.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst
index cdb857162cd05332c58289b0c82beb2fef020038..a8477508a880eaa307f62d19a73321c790f5356f 100644 (file)
--- a/doc/man-sections/tls-options.rst
+++ b/doc/man-sections/tls-options.rst
@@ -744,11 +744,13 @@ If the option is inlined, ``algo`` is always :code:`SHA256`.
   ::
 
      x509-username-field emailAddress
+     x509-username-field 1.2.840.113549.1.9.1
      x509-username-field ext:subjectAltName
      x509-username-field CN serialNumber
 
-  The first example uses the value of the :code:`emailAddress` attribute
-  in the certificate's Subject field as the username. The second example
+  The first two examples use the value of the :code:`emailAddress` attribute
+  in the certificate's Subject field as the username, where the first example
+  uses the name while the second example uses the oid. The third example
   uses the :code:`ext:` prefix to signify that the X.509 extension
   ``fieldname`` :code:`subjectAltName` be searched for an rfc822Name
   (email) field to be used as the username. In cases where there are