From: Gert Doering <gert@greenie.muc.de>
Date: Sat, 2 May 2015 19:07:05 +0000 (+0200)
Subject: Add note about file permissions and --crl-verify to manpage.
X-Git-Tag: v2.3.7~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=755e12fddf32e6e2bbfce0157d9f17e8f1ff5eb5;p=thirdparty%2Fopenvpn.git

Add note about file permissions and --crl-verify to manpage.

Trac #522

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1430593625-855-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9634
(cherry picked from commit d55be0fb8091ff03af1319a27f68401d31ce8571)
---

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index fb0596cff..b955a422b 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5032,6 +5032,11 @@ is a directory containing files named as revoked serial numbers
 requests a connection, where the client certificate serial number
 (decimal string) is the name of a file present in the directory,
 it will be rejected.
+
+Note: As the crl file (or directory) is read every time a peer connects,
+if you are dropping root privileges with
+.B --user,
+make sure that this user has sufficient privileges to read the file.
 .\"*********************************************************
 .SS SSL Library information:
 .\"*********************************************************