id summary reporter owner description type status priority milestone component version severity resolution keywords cc 717 auth-user-pass-verify script cannot verify username belogs to certificate unless matches common name gp! "The auth-user-pass-verify script does not have access to the complete client certificate or the client certificate san data. when the username is listed in the san and not the common name the script cannot verify the certificate has permission to the username. So, it would be beneficial for the auth-user-pass-verify to have the peer_cert environment variable. It might also be nice for the san to be parsed and provided like X509_{n}_{subject_field}. Something like X509_SAN_0_DNS or X509_SAN_0_UPN. But access to the raw data would be just as nice or maybe better as it is less restrictive." Feature Wish closed major Certificates OpenVPN 2.3.10 (Community Ed) Not set (select this one, unless your'e a OpenVPN developer) worksforme