Browse code
Refactored: removed global x509_username_field
Moved to tls_options.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong authored on 2011/06/30 19:37:33Showing 3 changed files
| ... | ... |
@@ -2211,6 +2211,11 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) |
| 2211 | 2211 |
memmove (to.remote_cert_ku, options->remote_cert_ku, sizeof (to.remote_cert_ku)); |
| 2212 | 2212 |
to.remote_cert_eku = options->remote_cert_eku; |
| 2213 | 2213 |
to.verify_hash = options->verify_hash; |
| 2214 |
+#ifdef ENABLE_X509ALTUSERNAME |
|
| 2215 |
+ to.x509_username_field = (char *) options->x509_username_field; |
|
| 2216 |
+#else |
|
| 2217 |
+ to.x509_username_field = X509_USERNAME_FIELD_DEFAULT; |
|
| 2218 |
+#endif |
|
| 2214 | 2219 |
to.es = c->c2.es; |
| 2215 | 2220 |
|
| 2216 | 2221 |
#ifdef ENABLE_DEBUG |
| ... | ... |
@@ -594,8 +594,6 @@ write_peer_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc) |
| 594 | 594 |
return peercert_filename; |
| 595 | 595 |
} |
| 596 | 596 |
|
| 597 |
-char * x509_username_field; /* GLOBAL */ |
|
| 598 |
- |
|
| 599 | 597 |
int |
| 600 | 598 |
verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth) |
| 601 | 599 |
{
|
| ... | ... |
@@ -632,14 +630,14 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth) |
| 632 | 632 |
string_replace_leading (subject, '-', '_'); |
| 633 | 633 |
|
| 634 | 634 |
/* extract the username (default is CN) */ |
| 635 |
- if (verify_get_username (common_name, TLS_USERNAME_LEN, x509_username_field, cert)) |
|
| 635 |
+ if (verify_get_username (common_name, TLS_USERNAME_LEN, opt->x509_username_field, cert)) |
|
| 636 | 636 |
{
|
| 637 | 637 |
if (!cert_depth) |
| 638 | 638 |
{
|
| 639 | 639 |
msg (D_TLS_ERRORS, "VERIFY ERROR: could not extract %s from X509 " |
| 640 | 640 |
"subject string ('%s') -- note that the username length is "
|
| 641 | 641 |
"limited to %d characters", |
| 642 |
- x509_username_field, |
|
| 642 |
+ opt->x509_username_field, |
|
| 643 | 643 |
subject, |
| 644 | 644 |
TLS_USERNAME_LEN); |
| 645 | 645 |
goto err; |
| ... | ... |
@@ -1045,17 +1043,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) |
| 1045 | 1045 |
tls_ctx_load_extra_certs(new_ctx, options->extra_certs_file, options->extra_certs_file_inline); |
| 1046 | 1046 |
} |
| 1047 | 1047 |
|
| 1048 |
-#if P2MP_SERVER |
|
| 1049 |
- if (!(options->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)) |
|
| 1050 |
-#endif |
|
| 1051 |
- {
|
|
| 1052 |
-#ifdef ENABLE_X509ALTUSERNAME |
|
| 1053 |
- x509_username_field = (char *) options->x509_username_field; |
|
| 1054 |
-#else |
|
| 1055 |
- x509_username_field = X509_USERNAME_FIELD_DEFAULT; |
|
| 1056 |
-#endif |
|
| 1057 |
- } |
|
| 1058 |
- |
|
| 1059 | 1048 |
/* Allowable ciphers */ |
| 1060 | 1049 |
if (options->cipher_list) |
| 1061 | 1050 |
{
|