Browse code
Added man page entry for new environmental variable set X509_{n}_{subject_field}.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3462 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/10/29 05:24:46Showing 1 changed files
| ... | ... |
@@ -5468,6 +5468,43 @@ script execution only when the |
| 5468 | 5468 |
.B via-env |
| 5469 | 5469 |
modifier is specified. |
| 5470 | 5470 |
.\"********************************************************* |
| 5471 |
+.TP |
|
| 5472 |
+.B X509_{n}_{subject_field}
|
|
| 5473 |
+An X509 subject field from the remote peer certificate, |
|
| 5474 |
+where |
|
| 5475 |
+.B n |
|
| 5476 |
+is the verification level. Only set for TLS connections. Set prior |
|
| 5477 |
+to execution of |
|
| 5478 |
+.B --tls-verify |
|
| 5479 |
+script. This variable is similar to |
|
| 5480 |
+.B tls_id_{n}
|
|
| 5481 |
+except the component X509 subject fields are broken out, and |
|
| 5482 |
+no string remapping occurs on these field values (except for remapping |
|
| 5483 |
+of control characters to "_"). |
|
| 5484 |
+For example, the following variables would be set on the |
|
| 5485 |
+OpenVPN server using the sample client certificate |
|
| 5486 |
+in sample-keys (client.crt). |
|
| 5487 |
+Note that the verification level is 0 for the client certificate |
|
| 5488 |
+and 1 for the CA certificate. |
|
| 5489 |
+.RS |
|
| 5490 |
+.ft 3 |
|
| 5491 |
+.nf |
|
| 5492 |
+.sp |
|
| 5493 |
+X509_0_emailAddress=me@myhost.mydomain |
|
| 5494 |
+X509_0_CN=Test-Client |
|
| 5495 |
+X509_0_O=OpenVPN-TEST |
|
| 5496 |
+X509_0_ST=NA |
|
| 5497 |
+X509_0_C=KG |
|
| 5498 |
+X509_1_emailAddress=me@myhost.mydomain |
|
| 5499 |
+X509_1_O=OpenVPN-TEST |
|
| 5500 |
+X509_1_L=BISHKEK |
|
| 5501 |
+X509_1_ST=NA |
|
| 5502 |
+X509_1_C=KG |
|
| 5503 |
+.ft |
|
| 5504 |
+.LP |
|
| 5505 |
+.RE |
|
| 5506 |
+.fi |
|
| 5507 |
+.\"********************************************************* |
|
| 5471 | 5508 |
.SH SIGNALS |
| 5472 | 5509 |
.TP |
| 5473 | 5510 |
.B SIGHUP |