When built against OpenSSL, the parameters of the x509-username-fields option are in extract_x509_field_ssl() fed through OBJ_txt2obj() [0] which accepts "long names and short names [...] as well as numerical forms." Because of this, you can for example use `x509-username-field 2.5.4.41` to make OpenVPN read the `name` field [1].
x509-username-fields is currently not implemented for mbed TLS, so that can be ignored. [0] https://docs.openssl.org/1.1.1/man3/OBJ_nid2obj/ [1] https://oidref.com/2.5.4.41 Signed-off-by: Corubba Smith <coru...@gmx.de> --- doc/man-sections/tls-options.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index 7882e924..0638d095 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -744,11 +744,13 @@ If the option is inlined, ``algo`` is always :code:`SHA256`. :: x509-username-field emailAddress + x509-username-field 1.2.840.113549.1.9.1 x509-username-field ext:subjectAltName x509-username-field CN serialNumber - The first example uses the value of the :code:`emailAddress` attribute - in the certificate's Subject field as the username. The second example + The first two examples use the value of the :code:`emailAddress` attribute + in the certificate's Subject field as the username, where the first example + uses the name while the second example uses the oid. The third example uses the :code:`ext:` prefix to signify that the X.509 extension ``fieldname`` :code:`subjectAltName` be searched for an rfc822Name (email) field to be used as the username. In cases where there are -- 2.48.1 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
