crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openvpn: refresh verify-cn (upstream)

Browse source
This commit is contained in:
Daniel STAN 2015-08-05 19:25:48 +02:00
parent 29fdd087c3
commit 4504a3925d
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
utils/verify-cn
View file

@ -3,7 +3,7 @@
# verify-cn -- a sample OpenVPN tls-verify script # verify-cn -- a sample OpenVPN tls-verify script
# #
# Return 0 if cn matches the common name component of # Return 0 if cn matches the common name component of
# X509_NAME_oneline, 1 otherwise. # subject, 1 otherwise.
# #
# For example in OpenVPN, you could use the directive: # For example in OpenVPN, you could use the directive:
# #
@ -13,7 +13,7 @@
# the client common name is listed on a line in the # the client common name is listed on a line in the
# allowed_clients file. # allowed_clients file.
die "usage: verify-cn cnfile certificate_depth X509_NAME_oneline" if (@ARGV != 3); die "usage: verify-cn cnfile certificate_depth subject" if (@ARGV != 3);
# Parse out arguments: # Parse out arguments:
# cnfile -- The file containing the list of common names, one per # cnfile -- The file containing the list of common names, one per
@ -37,7 +37,7 @@ if ($depth == 0) {
# If so, parse out the common name substring in # If so, parse out the common name substring in
# the X509 subject string. # the X509 subject string.
if ($x509 =~ /\/CN=([^\/]+)/) { if ($x509 =~ / CN=([^,]+)/) {
$cn = $1; $cn = $1;
# Accept the connection if the X509 common name # Accept the connection if the X509 common name
# string matches the passed cn argument. # string matches the passed cn argument.