diff options
| -rw-r--r-- | configure.ac | 11 | ||||
| -rw-r--r-- | options.c | 6 | ||||
| -rw-r--r-- | options.h | 2 | ||||
| -rw-r--r-- | ssl.c | 4 |
4 files changed, 23 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 1d55263..e30f990 100644 --- a/configure.ac +++ b/configure.ac @@ -80,6 +80,12 @@ AC_ARG_ENABLE(ssl, [SSL="yes"] ) +AC_ARG_ENABLE(x509-alt-username, + [ --enable-x509-alt-username Enable the --x509-username-field feature], + [X509ALTUSERNAME="$enableval"], + [X509ALTUSERNAME="no"] +) + AC_ARG_ENABLE(multi, [ --disable-multi Disable client/server support (--mode server + client mode)], [MULTI="$enableval"], @@ -751,6 +757,11 @@ dnl fi fi +dnl enable --x509-username-field feature if requested +if test "$X509ALTUSERNAME" = "yes"; then + AC_DEFINE(ENABLE_X509ALTUSERNAME, 1, [Enable --x509-username-field feature]) +fi + dnl enable pkcs11 capability if test "$PKCS11" = "yes"; then AC_CHECKING([for pkcs11-helper Library and Header files]) @@ -506,8 +506,10 @@ static const char usage_message[] = "--key file : Local private key in .pem format.\n" "--pkcs12 file : PKCS#12 file containing local private key, local certificate\n" " and optionally the root CA certificate.\n" +#ifdef ENABLE_X509ALTUSERNAME "--x509-username-field : Field used in x509 certificat to be username.\n" " Default is CN.\n" +#endif #ifdef WIN32 "--cryptoapicert select-string : Load the certificate and private key from the\n" " Windows Certificate System Store.\n" @@ -761,9 +763,11 @@ init_options (struct options *o, const bool init_gc) o->renegotiate_seconds = 3600; o->handshake_window = 60; o->transition_window = 3600; +#ifdef ENABLE_X509ALTUSERNAME o->x509_username_field = X509_USERNAME_FIELD_DEFAULT; #endif #endif +#endif #ifdef ENABLE_PKCS11 o->pkcs11_pin_cache_period = -1; #endif /* ENABLE_PKCS11 */ @@ -5898,6 +5902,7 @@ add_option (struct options *options, } options->key_method = key_method; } +#ifdef ENABLE_X509ALTUSERNAME else if (streq (p[0], "x509-username-field") && p[1]) { char *s = p[1]; @@ -5905,6 +5910,7 @@ add_option (struct options *options, while ((*s = toupper(*s)) != '\0') s++; /* Uppercase if necessary */ options->x509_username_field = p[1]; } +#endif /* ENABLE_X509ALTUSERNAME */ #endif /* USE_SSL */ #endif /* USE_CRYPTO */ #ifdef ENABLE_PKCS11 @@ -508,8 +508,10 @@ struct options within n seconds of handshake initiation. */ int handshake_window; +#ifdef ENABLE_X509ALTUSERNAME /* Field used to be the username in X509 cert. */ char *x509_username_field; +#endif /* Old key allowed to live n seconds after new key goes active */ int transition_window; @@ -1874,7 +1874,11 @@ init_ssl (const struct options *options) } else #endif +#ifdef ENABLE_X509ALTUSERNAME x509_username_field = (char *) options->x509_username_field; +#else + x509_username_field = X509_USERNAME_FIELD_DEFAULT; +#endif SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); |