Merge branch 'svn-BETA21' into beta2.2

author: David Sommerseth <dazo@users.sourceforge.net> 2010-08-16 20:28:37 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2010-08-16 20:28:37 +0200
commit: 0afa8dfb078fb61def8fa62ff57229251f2baa6f (patch)
tree: 7cfb6e69e20d48a52ad7e70a3c0bcebe75a72eff /openvpn.8
parent: Fixed compiler warning in ssl.c (diff)
parent: Windows security issue: (diff)
download: openvpn-0afa8dfb078fb61def8fa62ff57229251f2baa6f.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/openvpn.8 b/openvpn.8
index d8b8653..272b134 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4301,6 +4301,13 @@ or common name equal to
 The remote host must also pass all other tests
 of verification.
 
+.B NOTE:
+Because tls-remote may test against a common name prefix,
+only use this option when you are using OpenVPN with a custom CA
+certificate that is under your control.
+Never use this option when your client certificates are signed by
+a third party, such as a commercial web CA.
+
 Name can also be a common name prefix, for example if you
 want a client to only accept connections to "Server-1",
 "Server-2", etc., you can simply use
author	David Sommerseth <dazo@users.sourceforge.net>	2010-08-16 20:28:37 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2010-08-16 20:28:37 +0200
commit	0afa8dfb078fb61def8fa62ff57229251f2baa6f (patch)
tree	7cfb6e69e20d48a52ad7e70a3c0bcebe75a72eff /openvpn.8
parent	Fixed compiler warning in ssl.c (diff)
parent	Windows security issue: (diff)
download	openvpn-0afa8dfb078fb61def8fa62ff57229251f2baa6f.tar.xz