Add note about file permissions and --crl-verify to manpage.

Trac #522 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1430593625-855-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9634
author: Gert Doering <gert@greenie.muc.de> 2015-05-02 21:07:05 +0200
committer: Gert Doering <gert@greenie.muc.de> 2015-05-02 22:54:25 +0200
commit: d55be0fb8091ff03af1319a27f68401d31ce8571 (patch)
tree: 34c601f84e5f1ed714988fdd240f6f5b4b634011 /doc
parent: e473b7c4ce41a450645e0f89579bc25b4a7f7d49 (diff)
download: openvpn-d55be0fb8091ff03af1319a27f68401d31ce8571.tar.gz
openvpn-d55be0fb8091ff03af1319a27f68401d31ce8571.tar.xz
openvpn-d55be0fb8091ff03af1319a27f68401d31ce8571.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 587b769..b09f7d7 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5068,6 +5068,11 @@ is a directory containing files named as revoked serial numbers
 requests a connection, where the client certificate serial number
 (decimal string) is the name of a file present in the directory,
 it will be rejected.
+
+Note: As the crl file (or directory) is read every time a peer connects,
+if you are dropping root privileges with
+.B --user,
+make sure that this user has sufficient privileges to read the file.
 .\"*********************************************************
 .SS SSL Library information:
 .\"*********************************************************
author	Gert Doering <gert@greenie.muc.de>	2015-05-02 21:07:05 +0200
committer	Gert Doering <gert@greenie.muc.de>	2015-05-02 22:54:25 +0200
commit	d55be0fb8091ff03af1319a27f68401d31ce8571 (patch)
tree	34c601f84e5f1ed714988fdd240f6f5b4b634011 /doc
parent	e473b7c4ce41a450645e0f89579bc25b4a7f7d49 (diff)
download	openvpn-d55be0fb8091ff03af1319a27f68401d31ce8571.tar.gz openvpn-d55be0fb8091ff03af1319a27f68401d31ce8571.tar.xz openvpn-d55be0fb8091ff03af1319a27f68401d31ce8571.zip