Browse code
Add note about file permissions and --crl-verify to manpage.
Trac #522
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1430593625-855-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9634
Gert Doering authored on 2015/05/03 04:07:05Showing 1 changed files
| ... | ... |
@@ -5068,6 +5068,11 @@ is a directory containing files named as revoked serial numbers |
| 5068 | 5068 |
requests a connection, where the client certificate serial number |
| 5069 | 5069 |
(decimal string) is the name of a file present in the directory, |
| 5070 | 5070 |
it will be rejected. |
| 5071 |
+ |
|
| 5072 |
+Note: As the crl file (or directory) is read every time a peer connects, |
|
| 5073 |
+if you are dropping root privileges with |
|
| 5074 |
+.B --user, |
|
| 5075 |
+make sure that this user has sufficient privileges to read the file. |
|
| 5071 | 5076 |
.\"********************************************************* |
| 5072 | 5077 |
.SS SSL Library information: |
| 5073 | 5078 |
.\"********************************************************* |