as stated in the changelog, OpenVPN has some new features for playing with X509 certs since 2.3.0:
Challenge:New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins
New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name
we would like to check if the user loginname John.Doe@example.com is the same as the "User Principal Name" in the "Subject Alternative Name" field in the client cert.
The value of this field looks like this:
How can this be accomplished?