Signed-off-by: Steffan Karger <stef...@karger.me> --- doc/openvpn.8 | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 612cddd..284e8e6 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5208,6 +5208,15 @@ Note: As the crl file (or directory) is read every time a peer connects, if you are dropping root privileges with .B \-\-user, make sure that this user has sufficient privileges to read the file. + +.B Security considerations + +.B \-\-crl\-verify +does not check whether the CRL is correctly signed by the CA. It merely checks +that the CRL issuers matches the CA CN. Therefore, users should ensure that +the supplied CRL is correct. + +OpenVPN 2.4 and newer resolve this issue. .\"********************************************************* .SS SSL Library information: .\"********************************************************* -- 2.7.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
