git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3462 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/10/29 05:24:46... | ... |
@@ -5468,6 +5468,43 @@ script execution only when the |
5468 | 5468 |
.B via-env |
5469 | 5469 |
modifier is specified. |
5470 | 5470 |
.\"********************************************************* |
5471 |
+.TP |
|
5472 |
+.B X509_{n}_{subject_field} |
|
5473 |
+An X509 subject field from the remote peer certificate, |
|
5474 |
+where |
|
5475 |
+.B n |
|
5476 |
+is the verification level. Only set for TLS connections. Set prior |
|
5477 |
+to execution of |
|
5478 |
+.B --tls-verify |
|
5479 |
+script. This variable is similar to |
|
5480 |
+.B tls_id_{n} |
|
5481 |
+except the component X509 subject fields are broken out, and |
|
5482 |
+no string remapping occurs on these field values (except for remapping |
|
5483 |
+of control characters to "_"). |
|
5484 |
+For example, the following variables would be set on the |
|
5485 |
+OpenVPN server using the sample client certificate |
|
5486 |
+in sample-keys (client.crt). |
|
5487 |
+Note that the verification level is 0 for the client certificate |
|
5488 |
+and 1 for the CA certificate. |
|
5489 |
+.RS |
|
5490 |
+.ft 3 |
|
5491 |
+.nf |
|
5492 |
+.sp |
|
5493 |
+X509_0_emailAddress=me@myhost.mydomain |
|
5494 |
+X509_0_CN=Test-Client |
|
5495 |
+X509_0_O=OpenVPN-TEST |
|
5496 |
+X509_0_ST=NA |
|
5497 |
+X509_0_C=KG |
|
5498 |
+X509_1_emailAddress=me@myhost.mydomain |
|
5499 |
+X509_1_O=OpenVPN-TEST |
|
5500 |
+X509_1_L=BISHKEK |
|
5501 |
+X509_1_ST=NA |
|
5502 |
+X509_1_C=KG |
|
5503 |
+.ft |
|
5504 |
+.LP |
|
5505 |
+.RE |
|
5506 |
+.fi |
|
5507 |
+.\"********************************************************* |
|
5471 | 5508 |
.SH SIGNALS |
5472 | 5509 |
.TP |
5473 | 5510 |
.B SIGHUP |