The man page states that when using --capath, the user is required to
provide CRLs for CAs. This is not true and providing CRLs is optional -
both in case of --capath as well as --crl-verify options. When relevant
CRL is not found OpenVPN simply logs the warning in the logs while
allowing the conne
A while ago I asked on the user list about correcting the description
of those two options:
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg04461.html
While it slipped my mind for a bit due to other work related stuff, here
is the patch against the master branch. Due to syntax
