Documented --x509-username-field option

Also fixed a typo in the --help screen. Signed-off-by: Robert Fischer <ml-openvpn@trispace.org> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
2024-09-20 03:52:28 +02:00 · 2011-04-21 22:55:52 +02:00 · 2011-04-21 22:55:52 +02:00 · ca8af756c5
commit ca8af756c5
parent 54d40afdfa
2 changed files with 9 additions and 1 deletions
--- a/openvpn.8
+++ b/openvpn.8
@ -4434,6 +4434,14 @@ the tls-verify script returns.  The file name used for the certificate
 is available via the peer_cert environment variable.
 .\"*********************************************************
 .TP
+.B \-\-x509-username-field fieldname
+Field in x509 certificate subject to be used as username (default=CN).
+.B Fieldname
+will be uppercased before matching. When this option is used, the
+--tls-remote option will match against the chosen fieldname instead
+of the CN.
+.\"*********************************************************
+.TP
 .B \-\-tls-remote name
 Accept connections only from a host with X509 name
 or common name equal to
--- a/options.c
+++ b/options.c
@ -538,7 +538,7 @@ static const char usage_message[] =
  "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"
  "                  and optionally the root CA certificate.\n"
 #ifdef ENABLE_X509ALTUSERNAME
-  "--x509-username-field : Field used in x509 certificat to be username.\n"
+  "--x509-username-field : Field used in x509 certificate to be username.\n"
  "                        Default is CN.\n"
 #endif
  "--verify-hash   : Specify SHA1 fingerprint for level-1 cert.\n"