Small fixes:

* Fixed variable declaration in crypto.c that is not at the head of a block. * Added library to Visual C makefile. * In server.conf config sample, add additional comment text on "dev tap" usage. * Added some short documentation on revoke-full script. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@877 e7ae566f-a301-0410-adde-c780ea21d3b5
OpenVPN · Jan 7, 2006 · 513baee · 513baee
1 parent b366a1f
commit 513baee
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 3 deletions.
diff --git a/crypto.c b/crypto.c
@@ -1012,6 +1012,7 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
   const char *error_filename = file;
 
   /* parse info */
+  const char *cp;
   int hb_index = 0;
   int line_num = 1;
   int line_index = 0;
@@ -1062,7 +1063,7 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
       close (fd);
     }
 
-  const char *cp = (char *)in.data;
+  cp = (char *)in.data;
   while (size)
     {
       const char c = *cp;

diff --git a/easy-rsa/2.0/README b/easy-rsa/2.0/README
@@ -47,6 +47,20 @@ Release Notes for easy-rsa-2.0
 * This release only affects the Linux/Unix version of easy-rsa.
   The Windows version (written to use the Windows shell) is unchanged.
 
+* Use the revoke-full script to revoke a certificate, and generate
+  (or update) the crl.pem file in the keys directory (as set by the
+  vars script).  Then use "crl-verify crl.pem" in your OpenVPN server
+  config file, so that OpenVPN can reject any connections coming from
+  clients which present a revoked certificate.  Usage for the script is:
+
+    revoke-full <common-name>
+
+  Note this this procedure is primarily designed to revoke client
+  certificates. You could theoretically use this method to revoke
+  server certificates as well, but then you would need to propagate
+  the crl.pem file to all clients as well, and have them include
+  "crl-verify crl.pem" in their configuration files.
+
 INSTALL easy-rsa
 
 1. Edit vars.

diff --git a/makefile.w32-vc b/makefile.w32-vc
@@ -24,7 +24,7 @@ LZO = \src\lzo-1.08.vc
 
 INCLUDE_DIRS = -I$(OPENSSL)/include -I$(LZO)/include
 
-LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib gdi32.lib advapi32.lib
+LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib gdi32.lib advapi32.lib wininet.lib
 
 LIB_DIRS = -LIBPATH:$(OPENSSL)\out -LIBPATH:$(LZO)
 

diff --git a/sample-config-files/server.conf b/sample-config-files/server.conf
@@ -37,7 +37,9 @@ proto udp
 
 # "dev tun" will create a routed IP tunnel,
 # "dev tap" will create an ethernet tunnel.
-# Use "dev tap" if you are ethernet bridging.
+# Use "dev tap0" if you are ethernet bridging
+# and have precreated a tap0 virtual interface
+# and bridged it with your ethernet interface.
 # If you want to control access policies
 # over the VPN, you must create firewall
 # rules for the the TUN/TAP interface.