Documented --x509-username-field option

Also fixed a typo in the --help screen.

Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

diff --git a/openvpn.8 b/openvpn.8
index 45c0663b584cdd6bf8a654d4d6a1bcaed62246af..e4b5eb60ff3845b9722a1bf7b05f623f0418daa1 100644 (file)
--- a/openvpn.8
+++ b/openvpn.8
@@ -4434,6 +4434,14 @@ the tls-verify script returns.  The file name used for the certificate
 is available via the peer_cert environment variable.
 .\"*********************************************************
 .TP
+.B \-\-x509-username-field fieldname
+Field in x509 certificate subject to be used as username (default=CN).
+.B Fieldname
+will be uppercased before matching. When this option is used, the
+--tls-remote option will match against the chosen fieldname instead
+of the CN.
+.\"*********************************************************
+.TP
 .B \-\-tls-remote name
 Accept connections only from a host with X509 name
 or common name equal to

diff --git a/options.c b/options.c
index ab4228deb7602633e48af714e5df416a0849f3ce..77e7c7f44e88b7762e590b5b09284f792123536d 100644 (file)
--- a/options.c
+++ b/options.c
@@ -538,7 +538,7 @@ static const char usage_message[] =
   "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"
   "                  and optionally the root CA certificate.\n"
 #ifdef ENABLE_X509ALTUSERNAME
-  "--x509-username-field : Field used in x509 certificat to be username.\n"
+  "--x509-username-field : Field used in x509 certificate to be username.\n"
   "                        Default is CN.\n"
 #endif
   "--verify-hash   : Specify SHA1 fingerprint for level-1 cert.\n"