@@ -92,6 +92,11 @@ Compression on send

     ``--allow-compression yes`` is now an alias for

     ``--allow-compression asym``.

+User-visible Changes

+--------------------

+- ``--x509-username-field`` will no longer automatically convert fieldnames to

+  uppercase. This is deprecated since OpenVPN 2.4, and has now been removed.

+

 Overview of changes in 2.6

 ==========================

@@ -765,12 +765,6 @@ If the option is inlined, ``algo`` is always :code:`SHA256`.

   Only the :code:`subjectAltName` and :code:`issuerAltName` X.509

   extensions and :code:`serialNumber` X.509 attribute are supported.

-  **Please note:** This option has a feature which will convert an

-  all-lowercase ``fieldname`` to uppercase characters, e.g.,

-  :code:`ou` -> :code:`OU`. A mixed-case ``fieldname`` or one having the

-  :code:`ext:` prefix will be left as-is. This automatic upcasing feature is

-  deprecated and will be removed in a future release.

-

   Non-compliant symbols are being replaced with the :code:`_` symbol, same as

   the field separator, so concatenating multiple fields with such or :code:`_`

   symbols can potentially lead to username collisions.

@@ -9395,37 +9395,12 @@ add_option(struct options *options,

 #ifdef ENABLE_X509ALTUSERNAME

     else if (streq(p[0], "x509-username-field") && p[1])

     {

-        /* This option used to automatically upcase the fieldnames passed as the

-         * option arguments, e.g., "ou" became "OU". Now, this "helpfulness" is

-         * fine-tuned by only upcasing Subject field attribute names which consist

-         * of all lower-case characters. Mixed-case attributes such as

-         * "emailAddress" are left as-is. An option parameter having the "ext:"

-         * prefix for matching X.509v3 extended fields will also remain unchanged.

-         */

         VERIFY_PERMISSION(OPT_P_GENERAL);

         for (size_t j = 1; j < MAX_PARMS && p[j] != NULL; ++j)

         {

             char *s = p[j];

-            if (strncmp("ext:", s, 4) != 0)

-            {

-                size_t i = 0;

-                while (s[i] && !isupper(s[i]))

-                {

-                    i++;

-                }

-                if (strlen(s) == i)

-                {

-                    while ((*s = toupper(*s)) != '\0')

-                    {

-                        s++;

-                    }

-                    msg(M_WARN, "DEPRECATED FEATURE: automatically upcased the "

-                        "--x509-username-field parameter to '%s'; please update your "

-                        "configuration", p[j]);

-                }

-            }

-            else if (!x509_username_field_ext_supported(s+4))

+            if (strncmp("ext:", s, 4) == 0 && !x509_username_field_ext_supported(s+4))

             {

                 msg(msglevel, "Unsupported x509-username-field extension: %s", s);

             }