From: Robert Fischer Date: Thu, 21 Apr 2011 20:55:52 +0000 (+0200) Subject: Documented --x509-username-field option X-Git-Tag: v2.3-alpha1~228 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca8af756c52ab7a4aecb857f60d6124e58458f0a;p=thirdparty%2Fopenvpn.git Documented --x509-username-field option Also fixed a typo in the --help screen. Signed-off-by: Robert Fischer Acked-by: David Sommerseth Signed-off-by: David Sommerseth --- diff --git a/openvpn.8 b/openvpn.8 index 45c0663b5..e4b5eb60f 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4434,6 +4434,14 @@ the tls-verify script returns. The file name used for the certificate is available via the peer_cert environment variable. .\"********************************************************* .TP +.B \-\-x509-username-field fieldname +Field in x509 certificate subject to be used as username (default=CN). +.B Fieldname +will be uppercased before matching. When this option is used, the +--tls-remote option will match against the chosen fieldname instead +of the CN. +.\"********************************************************* +.TP .B \-\-tls-remote name Accept connections only from a host with X509 name or common name equal to diff --git a/options.c b/options.c index ab4228deb..77e7c7f44 100644 --- a/options.c +++ b/options.c @@ -538,7 +538,7 @@ static const char usage_message[] = "--pkcs12 file : PKCS#12 file containing local private key, local certificate\n" " and optionally the root CA certificate.\n" #ifdef ENABLE_X509ALTUSERNAME - "--x509-username-field : Field used in x509 certificat to be username.\n" + "--x509-username-field : Field used in x509 certificate to be username.\n" " Default is CN.\n" #endif "--verify-hash : Specify SHA1 fingerprint for level-1 cert.\n"