diff options
| author | James Yonan <james@openvpn.net> | 2010-08-10 17:31:31 +0000 |
|---|---|---|
| committer | James Yonan <james@openvpn.net> | 2010-08-10 17:31:31 +0000 |
| commit | 379b549c81a8085c8134d46e55c6fbbd0884a404 (patch) | |
| tree | 1b192dd00f78ee856214d0425e1dd66791d66f54 | |
| parent | fe7c58f0d24377f63f04c201f64210049cee7f86 (diff) | |
| download | openvpn-379b549c81a8085c8134d46e55c6fbbd0884a404.tar.gz openvpn-379b549c81a8085c8134d46e55c6fbbd0884a404.tar.xz openvpn-379b549c81a8085c8134d46e55c6fbbd0884a404.zip | |
Added warning about tls-remote in man page.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6384 e7ae566f-a301-0410-adde-c780ea21d3b5
| -rw-r--r-- | openvpn.8 | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -4278,6 +4278,13 @@ or common name equal to The remote host must also pass all other tests of verification. +.B NOTE: +Because tls-remote may test against a common name prefix, +only use this option when you are using OpenVPN with a custom CA +certificate that is under your control. +Never use this option when your client certificates are signed by +a third party, such as a commercial web CA. + Name can also be a common name prefix, for example if you want a client to only accept connections to "Server-1", "Server-2", etc., you can simply use |