From: Corubba Smith Date: Sat, 15 Feb 2025 19:01:44 +0000 (+0100) Subject: Document x509-username-fields oid usage X-Git-Tag: v2.7_alpha1~76 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=680ad840bda4f869d16dac38fd9fa6a643dc10c0;p=thirdparty%2Fopenvpn.git Document x509-username-fields oid usage When built against OpenSSL, the parameters of the x509-username-fields option are in extract_x509_field_ssl() fed through OBJ_txt2obj() [0] which accepts "long names and short names [...] as well as numerical forms." Because of this, you can for example use `x509-username-field 2.5.4.41` to make OpenVPN read the `name` field [1]. x509-username-fields is currently not implemented for mbed TLS, so that can be ignored. [0] https://docs.openssl.org/1.1.1/man3/OBJ_nid2obj/ [1] https://oidref.com/2.5.4.41 Signed-off-by: Corubba Smith Acked-by: Gert Doering Message-Id: URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30916.html Signed-off-by: Gert Doering --- diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index cdb857162..a8477508a 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -744,11 +744,13 @@ If the option is inlined, ``algo`` is always :code:`SHA256`. :: x509-username-field emailAddress + x509-username-field 1.2.840.113549.1.9.1 x509-username-field ext:subjectAltName x509-username-field CN serialNumber - The first example uses the value of the :code:`emailAddress` attribute - in the certificate's Subject field as the username. The second example + The first two examples use the value of the :code:`emailAddress` attribute + in the certificate's Subject field as the username, where the first example + uses the name while the second example uses the oid. The third example uses the :code:`ext:` prefix to signify that the X.509 extension ``fieldname`` :code:`subjectAltName` be searched for an rfc822Name (email) field to be used as the username. In cases where there are