diff options
author | Heiko Hund <heiko.hund@sophos.com> | 2012-02-04 12:56:24 +0000 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-02-04 14:50:50 +0100 |
commit | 5e86fd93779482b90a191f929edebe414cd78a4f (patch) | |
tree | 2bcc361091366cd0c0e1cbba0af5a7a869b747dd /options.c | |
parent | fc3ee19dee6c66e2325a24e864b5328128404e83 (diff) | |
download | openvpn-5e86fd93779482b90a191f929edebe414cd78a4f.tar.gz openvpn-5e86fd93779482b90a191f929edebe414cd78a4f.tar.xz openvpn-5e86fd93779482b90a191f929edebe414cd78a4f.zip |
UTF-8 X.509 distinguished names
The UTF-8 support that came with commit 2627335 does allow international
usernames and passwords. This patch introduces UTF-8 support for X.509 DNs.
Additionally, instead of using the legacy openssl format, DNs are now
displayed in RFC 2253 format; "/C=ru/L=\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0
\xB2\xD0\xB0/O=\xD0\x9A\xD1\x80\xD0\xB5\xD0\xBC\xD0\xBB\xD1\x8C/CN=kreml.ru"
becomes "C=ru, L=Москва, O=Кремль, CN=kreml.ru".
Since the specific character classes for X.509 names are removed, the
"no-name-remapping" configuration option has no use anymore and is removed
as well.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'options.c')
-rw-r--r-- | options.c | 12 |
1 files changed, 1 insertions, 11 deletions
@@ -601,7 +601,7 @@ static const char usage_message[] = " pending TLS connection that has otherwise passed all other\n" " tests of certification. cmd should return 0 to allow\n" " TLS handshake to proceed, or 1 to fail. (cmd is\n" - " executed as 'cmd certificate_depth X509_NAME_oneline')\n" + " executed as 'cmd certificate_depth subject')\n" "--tls-export-cert [directory] : Get peer cert in PEM format and store it \n" " in an openvpn temporary file in [directory]. Peer cert is \n" " stored before tls-verify script execution and deleted after.\n" @@ -2164,9 +2164,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne if ((options->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL) && !ccnr) msg (M_USAGE, "--auth-user-pass-optional %s", postfix); } - - if ((options->ssl_flags & SSLF_NO_NAME_REMAPPING) && script_method == SM_SYSTEM) - msg (M_USAGE, "--script-security method='system' cannot be combined with --no-name-remapping"); } else { @@ -2201,8 +2198,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--username-as-common-name requires --mode server"); if (options->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL) msg (M_USAGE, "--auth-user-pass-optional requires --mode server"); - if (options->ssl_flags & SSLF_NO_NAME_REMAPPING) - msg (M_USAGE, "--no-name-remapping requires --mode server"); if (options->ssl_flags & SSLF_OPT_VERIFY) msg (M_USAGE, "--opt-verify requires --mode server"); if (options->server_flags & SF_TCP_NODELAY_HELPER) @@ -5581,11 +5576,6 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->ssl_flags |= SSLF_AUTH_USER_PASS_OPTIONAL; } - else if (streq (p[0], "no-name-remapping")) - { - VERIFY_PERMISSION (OPT_P_GENERAL); - options->ssl_flags |= SSLF_NO_NAME_REMAPPING; - } else if (streq (p[0], "opt-verify")) { VERIFY_PERMISSION (OPT_P_GENERAL); |