diff options
| author | Heiko Hund <heiko.hund@sophos.com> | 2012-09-11 17:34:24 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-09-12 15:08:10 +0200 |
| commit | e7412ca3eee2f2a2fb0af5acbe968137cfd7e995 (patch) | |
| tree | 70909046f97e8c108422b6ada53342bb42be856b /src/openvpn/options.c | |
| parent | 5d4f5435a421299ed047485d8d99bdf9a0d22fd1 (diff) | |
| download | openvpn-e7412ca3eee2f2a2fb0af5acbe968137cfd7e995.tar.gz openvpn-e7412ca3eee2f2a2fb0af5acbe968137cfd7e995.tar.xz openvpn-e7412ca3eee2f2a2fb0af5acbe968137cfd7e995.zip | |
Add --compat-names option
With this option, users can basically undo the changes of the UTF-8
support commit 5e86fd93779482b90a191f929edebe414cd78a4f. It's here for
short term compatibility and should be removed again as soon as possible.
When OpenSSL is used, the subject strings will be in the proprietary
format again. Generally username, X.509 CN, and X.509 subject will again
be subject to '_' replacemant, unless the "no-remapping" flag is
also specified. That flag ensures compatibility with setups using the
--no-name-remapping option, that has been removed in 2.3.
[v2: More comments related to compat_flags() added by DS plus using
COMPAT_FLAG_QUERY expclit]
[v3: Improved the man page entry for --compat-names, after suggestions
from Bernhard R. Link]
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1347377664-15462-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7053
Diffstat (limited to 'src/openvpn/options.c')
| -rw-r--r-- | src/openvpn/options.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 05d3523..05a0f54 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2130,6 +2130,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne if (options->stale_routes_check_interval) msg (M_USAGE, "--stale-routes-check requires --mode server"); + + if (compat_flag (COMPAT_FLAG_QUERY | COMPAT_NO_NAME_REMAPPING)) + msg (M_USAGE, "--compat-x509-names no-remapping requires --mode server"); } #endif /* P2MP_SERVER */ @@ -5548,6 +5551,13 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->ssl_flags |= SSLF_AUTH_USER_PASS_OPTIONAL; } + else if (streq (p[0], "compat-names")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES); + if (p[1] && streq (p[1], "no-remapping")) + compat_flag (COMPAT_FLAG_SET | COMPAT_NO_NAME_REMAPPING); + } else if (streq (p[0], "opt-verify")) { VERIFY_PERMISSION (OPT_P_GENERAL); |