From 379b549c81a8085c8134d46e55c6fbbd0884a404 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Tue, 10 Aug 2010 17:31:31 +0000
Subject: Added warning about tls-remote in man page.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6384 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 openvpn.8 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/openvpn.8 b/openvpn.8
index 53aabdc..f523609 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4278,6 +4278,13 @@ or common name equal to
 The remote host must also pass all other tests
 of verification.
 
+.B NOTE:
+Because tls-remote may test against a common name prefix,
+only use this option when you are using OpenVPN with a custom CA
+certificate that is under your control.
+Never use this option when your client certificates are signed by
+a third party, such as a commercial web CA.
+
 Name can also be a common name prefix, for example if you
 want a client to only accept connections to "Server-1",
 "Server-2", etc., you can simply use
-- 
cgit v1.2.3