Moved to tls_options.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -2211,6 +2211,11 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) |
2211 | 2211 |
memmove (to.remote_cert_ku, options->remote_cert_ku, sizeof (to.remote_cert_ku)); |
2212 | 2212 |
to.remote_cert_eku = options->remote_cert_eku; |
2213 | 2213 |
to.verify_hash = options->verify_hash; |
2214 |
+#ifdef ENABLE_X509ALTUSERNAME |
|
2215 |
+ to.x509_username_field = (char *) options->x509_username_field; |
|
2216 |
+#else |
|
2217 |
+ to.x509_username_field = X509_USERNAME_FIELD_DEFAULT; |
|
2218 |
+#endif |
|
2214 | 2219 |
to.es = c->c2.es; |
2215 | 2220 |
|
2216 | 2221 |
#ifdef ENABLE_DEBUG |
... | ... |
@@ -594,8 +594,6 @@ write_peer_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc) |
594 | 594 |
return peercert_filename; |
595 | 595 |
} |
596 | 596 |
|
597 |
-char * x509_username_field; /* GLOBAL */ |
|
598 |
- |
|
599 | 597 |
int |
600 | 598 |
verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth) |
601 | 599 |
{ |
... | ... |
@@ -632,14 +630,14 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth) |
632 | 632 |
string_replace_leading (subject, '-', '_'); |
633 | 633 |
|
634 | 634 |
/* extract the username (default is CN) */ |
635 |
- if (verify_get_username (common_name, TLS_USERNAME_LEN, x509_username_field, cert)) |
|
635 |
+ if (verify_get_username (common_name, TLS_USERNAME_LEN, opt->x509_username_field, cert)) |
|
636 | 636 |
{ |
637 | 637 |
if (!cert_depth) |
638 | 638 |
{ |
639 | 639 |
msg (D_TLS_ERRORS, "VERIFY ERROR: could not extract %s from X509 " |
640 | 640 |
"subject string ('%s') -- note that the username length is " |
641 | 641 |
"limited to %d characters", |
642 |
- x509_username_field, |
|
642 |
+ opt->x509_username_field, |
|
643 | 643 |
subject, |
644 | 644 |
TLS_USERNAME_LEN); |
645 | 645 |
goto err; |
... | ... |
@@ -1045,17 +1043,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) |
1045 | 1045 |
tls_ctx_load_extra_certs(new_ctx, options->extra_certs_file, options->extra_certs_file_inline); |
1046 | 1046 |
} |
1047 | 1047 |
|
1048 |
-#if P2MP_SERVER |
|
1049 |
- if (!(options->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)) |
|
1050 |
-#endif |
|
1051 |
- { |
|
1052 |
-#ifdef ENABLE_X509ALTUSERNAME |
|
1053 |
- x509_username_field = (char *) options->x509_username_field; |
|
1054 |
-#else |
|
1055 |
- x509_username_field = X509_USERNAME_FIELD_DEFAULT; |
|
1056 |
-#endif |
|
1057 |
- } |
|
1058 |
- |
|
1059 | 1048 |
/* Allowable ciphers */ |
1060 | 1049 |
if (options->cipher_list) |
1061 | 1050 |
{ |