summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGert Doering <gert@greenie.muc.de>2015-05-02 21:07:05 +0200
committerGert Doering <gert@greenie.muc.de>2015-05-02 22:56:32 +0200
commit755e12fddf32e6e2bbfce0157d9f17e8f1ff5eb5 (patch)
tree145b4c810021524189cefc03e2d7e8d57cd5c31c
parent95f47ab88e1f240984ba3c79f2243ed304b46a94 (diff)
downloadopenvpn-755e12fddf32e6e2bbfce0157d9f17e8f1ff5eb5.tar.gz
openvpn-755e12fddf32e6e2bbfce0157d9f17e8f1ff5eb5.tar.xz
openvpn-755e12fddf32e6e2bbfce0157d9f17e8f1ff5eb5.zip
Add note about file permissions and --crl-verify to manpage.
Trac #522 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1430593625-855-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9634 (cherry picked from commit d55be0fb8091ff03af1319a27f68401d31ce8571)
Diffstat
-rw-r--r--doc/openvpn.85
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index fb0596c..b955a42 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5032,6 +5032,11 @@ is a directory containing files named as revoked serial numbers
requests a connection, where the client certificate serial number
(decimal string) is the name of a file present in the directory,
it will be rejected.
+
+Note: As the crl file (or directory) is read every time a peer connects,
+if you are dropping root privileges with
+.B --user,
+make sure that this user has sufficient privileges to read the file.
.\"*********************************************************
.SS SSL Library information:
.\"*********************************************************
generated by cgit (git 2.34.1) at 2024-04-27 01:45:58 +0000