summaryrefslogtreecommitdiff
path: root/app/openvpn/src/openvpn/options.c
diff options
context:
space:
mode:
Diffstat (limited to 'app/openvpn/src/openvpn/options.c')
-rw-r--r--app/openvpn/src/openvpn/options.c41
1 files changed, 35 insertions, 6 deletions
diff --git a/app/openvpn/src/openvpn/options.c b/app/openvpn/src/openvpn/options.c
index fc764616..9ff2db5a 100644
--- a/app/openvpn/src/openvpn/options.c
+++ b/app/openvpn/src/openvpn/options.c
@@ -575,8 +575,8 @@ static const char usage_message[] =
" and optionally the root CA certificate.\n"
#endif
#ifdef ENABLE_X509ALTUSERNAME
- "--x509-username-field : Field used in x509 certificate to be username.\n"
- " Default is CN.\n"
+ "--x509-username-field : Field in x509 certificate containing the username.\n"
+ " Default is CN in the Subject field.\n"
#endif
"--verify-hash : Specify SHA1 fingerprint for level-1 cert.\n"
#ifdef WIN32
@@ -3898,7 +3898,8 @@ apply_push_options (struct options *options,
struct buffer *buf,
unsigned int permission_mask,
unsigned int *option_types_found,
- struct env_set *es)
+ struct env_set *es,
+ struct tls_multi *tls_multi)
{
char line[OPTION_PARM_SIZE];
int line_num = 0;
@@ -3912,7 +3913,17 @@ apply_push_options (struct options *options,
++line_num;
if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
{
- add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
+ if (streq(p[0], "session_id"))
+ {
+ /* Server supports P_DATA_V2 */
+ tls_multi->vpn_session_id = atoi(p[1]);
+ tls_multi->use_session_id = true;
+ msg(D_PUSH, "session id: %d", tls_multi->vpn_session_id);
+ }
+ else
+ {
+ add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
+ }
}
}
return true;
@@ -6870,10 +6881,28 @@ add_option (struct options *options,
#ifdef ENABLE_X509ALTUSERNAME
else if (streq (p[0], "x509-username-field") && p[1])
{
+ /* This option used to automatically upcase the fieldname passed as the
+ * option argument, e.g., "ou" became "OU". Now, this "helpfulness" is
+ * fine-tuned by only upcasing Subject field attribute names which consist
+ * of all lower-case characters. Mixed-case attributes such as
+ * "emailAddress" are left as-is. An option parameter having the "ext:"
+ * prefix for matching X.509v3 extended fields will also remain unchanged.
+ */
char *s = p[1];
+
VERIFY_PERMISSION (OPT_P_GENERAL);
- if( strncmp ("ext:",s,4) != 0 )
- while ((*s = toupper(*s)) != '\0') s++; /* Uppercase if necessary */
+ if (strncmp("ext:", s, 4) != 0)
+ {
+ size_t i = 0;
+ while (s[i] && !isupper(s[i])) i++;
+ if (strlen(s) == i)
+ {
+ while ((*s = toupper(*s)) != '\0') s++;
+ msg(M_WARN, "DEPRECATED FEATURE: automatically upcased the "
+ "--x509-username-field parameter to '%s'; please update your"
+ "configuration", p[1]);
+ }
+ }
options->x509_username_field = p[1];
}
#endif /* ENABLE_X509ALTUSERNAME */
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-07 23:49:31 +0000