Trac #522
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1430593625-855-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9634
... | ... |
@@ -5068,6 +5068,11 @@ is a directory containing files named as revoked serial numbers |
5068 | 5068 |
requests a connection, where the client certificate serial number |
5069 | 5069 |
(decimal string) is the name of a file present in the directory, |
5070 | 5070 |
it will be rejected. |
5071 |
+ |
|
5072 |
+Note: As the crl file (or directory) is read every time a peer connects, |
|
5073 |
+if you are dropping root privileges with |
|
5074 |
+.B --user, |
|
5075 |
+make sure that this user has sufficient privileges to read the file. |
|
5071 | 5076 |
.\"********************************************************* |
5072 | 5077 |
.SS SSL Library information: |
5073 | 5078 |
.\"********************************************************* |