Documented --x509-username-field option

Also fixed a typo in the --help screen.

Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit ca8af756c52ab7a4aecb857f60d6124e58458f0a)

diff --git a/openvpn.8 b/openvpn.8
index 64445583ef16c0015d6db8d215f4b4465136e7ea..428233f49462d5269e9308c8513a1db5542c25a4 100644 (file)
--- a/openvpn.8
+++ b/openvpn.8
@@ -4356,6 +4356,14 @@ the tls-verify script returns.  The file name used for the certificate
 is available via the peer_cert environment variable.
 .\"*********************************************************
 .TP
+.B \-\-x509-username-field fieldname
+Field in x509 certificate subject to be used as username (default=CN).
+.B Fieldname
+will be uppercased before matching. When this option is used, the
+--tls-remote option will match against the chosen fieldname instead
+of the CN.
+.\"*********************************************************
+.TP
 .B \-\-tls-remote name
 Accept connections only from a host with X509 name
 or common name equal to

diff --git a/options.c b/options.c
index 4a11f53e8b3172f3cbe1d2aac62ed77386b2de3b..7a5e35d6642158c2daf3108ca7abb944d158c3b0 100644 (file)
--- a/options.c
+++ b/options.c
@@ -508,7 +508,7 @@ static const char usage_message[] =
   "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"
   "                  and optionally the root CA certificate.\n"
 #ifdef ENABLE_X509ALTUSERNAME
-  "--x509-username-field : Field used in x509 certificat to be username.\n"
+  "--x509-username-field : Field used in x509 certificate to be username.\n"
   "                        Default is CN.\n"
 #endif
 #ifdef WIN32