Small fixes:

* Fixed variable declaration in crypto.c that is not at
  the head of a block.
* Added library to Visual C makefile.
* In server.conf config sample, add additional comment
  text on "dev tap" usage.
* Added some short documentation on revoke-full script.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@877 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 14 insertions, 0 deletions

diff --git a/easy-rsa/2.0/README b/easy-rsa/2.0/README
index 02800c2..92c550c 100644
--- a/easy-rsa/2.0/README
+++ b/easy-rsa/2.0/README
@@ -47,6 +47,20 @@ Release Notes for easy-rsa-2.0
 * This release only affects the Linux/Unix version of easy-rsa.
   The Windows version (written to use the Windows shell) is unchanged.
 
+* Use the revoke-full script to revoke a certificate, and generate
+  (or update) the crl.pem file in the keys directory (as set by the
+  vars script).  Then use "crl-verify crl.pem" in your OpenVPN server
+  config file, so that OpenVPN can reject any connections coming from
+  clients which present a revoked certificate.  Usage for the script is:
+
+    revoke-full <common-name>
+
+  Note this this procedure is primarily designed to revoke client
+  certificates. You could theoretically use this method to revoke
+  server certificates as well, but then you would need to propagate
+  the crl.pem file to all clients as well, and have them include
+  "crl-verify crl.pem" in their configuration files.
+
 INSTALL easy-rsa
 
 1. Edit vars.