On 02-05-15 21:07, Gert Doering wrote:
Trac #522
Signed-off-by: Gert Doering <[email protected]>
---
doc/openvpn.8 | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 587b769..24f05bb 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5068,6 +5068,11 @@ is a directory containing files named as revoked serial
numbers
requests a connection, where the client certificate serial number
(decimal string) is the name of a file present in the directory,
it will be rejected.
+
+Note: As the crl file (or directory) is read every time a peer connects,
+if you are dropping root privileges with
+.B --user,
+make sure that this user has sufficient privileges to read the file.
.\"*********************************************************
.SS SSL Library information:
.\"*********************************************************
ACK
-Steffan
