From b9d21406c26070c1f6fc785903f82d9a647e57f6 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 2 Jan 2017 10:55:53 +0100
Subject: Use verify-x509-name where possible

---
 Generate | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Generate b/Generate
index 6eff8d3..66677a6 100755
--- a/Generate
+++ b/Generate
@@ -683,7 +683,11 @@ hostlist.each{ |host|
 		else
 			conffile.puts "tls-client"
 		end
-		conffile.puts "tls-remote %s.%s"%[peer['name'], $config['cadndomain']]
+		if host['openvpn_ge_23']
+			conffile.puts "verify-x509-name \"%s%s.%s\""%[$config['x509nameprefix'], peer['name'], $config['cadndomain']]
+		else
+			conffile.puts "tls-remote %s.%s"%[peer['name'], $config['cadndomain']]
+		end
 		if host['pkcs12']
 			conffile.puts "pkcs12 #{$NAMESPACE}-%s.%s.p12"%[host['name'], $config['cadndomain']]
 		else
-- 
cgit v1.2.3