Browse code
Added warning about tls-remote in man page.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6384 e7ae566f-a301-0410-adde-c780ea21d3b5
James Yonan authored on 2010/08/11 02:31:31Showing 1 changed files
| ... | ... |
@@ -4278,6 +4278,13 @@ or common name equal to |
| 4278 | 4278 |
The remote host must also pass all other tests |
| 4279 | 4279 |
of verification. |
| 4280 | 4280 |
|
| 4281 |
+.B NOTE: |
|
| 4282 |
+Because tls-remote may test against a common name prefix, |
|
| 4283 |
+only use this option when you are using OpenVPN with a custom CA |
|
| 4284 |
+certificate that is under your control. |
|
| 4285 |
+Never use this option when your client certificates are signed by |
|
| 4286 |
+a third party, such as a commercial web CA. |
|
| 4287 |
+ |
|
| 4281 | 4288 |
Name can also be a common name prefix, for example if you |
| 4282 | 4289 |
want a client to only accept connections to "Server-1", |
| 4283 | 4290 |
"Server-2", etc., you can simply use |