Using x509-username-field

[krishnamurthydv]

Hi

We are using x509-username-field option in openvpn server configuration file as:

....
tcp-nodelay
x509-username-field ext:subjectAltName
....
Our intention was to use Subject AltName? in the client certificate instead of their CN. Clients connecting to this server do have x509v3 extensions in their certificates (like example)
....
X509v3 Subject Alternative Name:

DNS:client1.abc.io, DNS:client2.abc.io, DNS:client3.abc.io

....

But when client tries to connect to the server we are seeing an error at the server and connection fails. Is there anything wrong in the configuration of anything missed?

Fri Jun 12 10:23:16 2020 us=970524 119.82.104.234:39962 VERIFY ERROR: could not extract ext:subjectAltName from X509 subject string ('O=ABC, OU=abc-system, CN=client1.abc.io') -- note that the username length is limited to 64 characters

[tct]

Please see:

--x509-username-field [ext:]fieldname
    Field in the X.509 certificate subject to be used as the 
username (default=CN). Typically, this option is specified with 
fieldname as either of the following:

    --x509-username-field emailAddress
    --x509-username-field ext:subjectAltName

    The first example uses the value of the "emailAddress" 
attribute in the certificate's Subject field as the username. 
The second example uses the ext: prefix to signify that the 
X.509 extension fieldname "subjectAltName" be searched for an 
rfc822Name (email) field to be used as the username. In cases 
where there are multiple email addresses in ext:fieldname, the 
last occurrence is chosen. 

[krishnamurthydv]

So looks like only email id in SAN is supported. Is that right? Are FQDNs not supported?
Is there any plans to add this is the near future?