#!/usr/bin/perl

# Verify X509 Common Name
#
# Return 0 if cn matches the common name component of X509_NAME_oneline,
# 1 otherwise.
#
# For example in openvpn, you could use the option:
#  --tls-verify "./verify-cn Test-Client"

die "usage: verify-cn cn certificate_depth X509_NAME_oneline" if (@ARGV != 3);
($cn, $depth, $x509) = @ARGV;

if ($depth == 0) {
    if ($x509 =~ /\/CN=([^\/]+)/) {
	if ($cn eq $1) {
	    exit 0;
	}
    }
    exit 1;
}

exit 0;
