diff options
| author | David Sommerseth <davids@redhat.com> | 2010-12-15 10:53:04 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-12-17 20:46:26 +0100 |
| commit | fbd18db6485e3d08d8d933263cff96ee60eddb39 (patch) | |
| tree | 683bf0e0f025442e54ac8f6993dfeccbb502512c /options.c | |
| parent | 709271e8af5d19472cb200956bcc9b756a655f77 (diff) | |
| download | openvpn-fbd18db6485e3d08d8d933263cff96ee60eddb39.tar.gz openvpn-fbd18db6485e3d08d8d933263cff96ee60eddb39.tar.xz openvpn-fbd18db6485e3d08d8d933263cff96ee60eddb39.zip | |
Make the --x509-username-field feature an opt-in feature
After some discussion [1] regarding an extension of this feature,
James Yonan wanted this extension to be an opt-in feature. However,
as it does not make sense to opt-in on a extension of a feature which
was discussed, this patch makes the base feature an opt-in instead.
The base feature comes from commit 2e8337de248ef0b5b48cbb2964 (beta2.2)
and commit 935c62be9c0c8a256112 (feat_misc).
[1] http://thread.gmane.org/gmane.network.openvpn.devel/4266
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
(cherry picked from commit 024972e2ced84c6e5cabc43620ab510e5693d1d4)
Diffstat (limited to 'options.c')
| -rw-r--r-- | options.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -506,8 +506,10 @@ static const char usage_message[] = "--key file : Local private key in .pem format.\n" "--pkcs12 file : PKCS#12 file containing local private key, local certificate\n" " and optionally the root CA certificate.\n" +#ifdef ENABLE_X509ALTUSERNAME "--x509-username-field : Field used in x509 certificat to be username.\n" " Default is CN.\n" +#endif #ifdef WIN32 "--cryptoapicert select-string : Load the certificate and private key from the\n" " Windows Certificate System Store.\n" @@ -761,9 +763,11 @@ init_options (struct options *o, const bool init_gc) o->renegotiate_seconds = 3600; o->handshake_window = 60; o->transition_window = 3600; +#ifdef ENABLE_X509ALTUSERNAME o->x509_username_field = X509_USERNAME_FIELD_DEFAULT; #endif #endif +#endif #ifdef ENABLE_PKCS11 o->pkcs11_pin_cache_period = -1; #endif /* ENABLE_PKCS11 */ @@ -5898,6 +5902,7 @@ add_option (struct options *options, } options->key_method = key_method; } +#ifdef ENABLE_X509ALTUSERNAME else if (streq (p[0], "x509-username-field") && p[1]) { char *s = p[1]; @@ -5905,6 +5910,7 @@ add_option (struct options *options, while ((*s = toupper(*s)) != '\0') s++; /* Uppercase if necessary */ options->x509_username_field = p[1]; } +#endif /* ENABLE_X509ALTUSERNAME */ #endif /* USE_SSL */ #endif /* USE_CRYPTO */ #ifdef ENABLE_PKCS11 |