doc: add note about CRL numbers to man page

Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>
author: Martin Sucha <anty.sk+git@gmail.com> 2018-05-18 13:00:43 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-05-19 11:55:59 +0200
commit: 62314f705944a1c15c1664adf62d894449a430ae (patch)
tree: 254067162118114173b4e12f7b6f96e8af425e41
parent: 1e66c7e6e5bcfca4082c520d3bd970f39fa1751b (diff)
download: gnutls-62314f705944a1c15c1664adf62d894449a430ae.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 204088a735..1eb123003b 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -1112,6 +1112,13 @@ encryption_key
 # this is the 5th CRL by this CA
 # The value is in decimal (i.e. 1963) or hex (i.e. 0x07ab).
 # Comment the field for a time-based number.
+# Time-based CRL numbers generated in GnuTLS 3.6.3 and later
+# are significantly larger than those generated in previous
+# versions. Since CRL numbers need to be monotonic, you need
+# to specify the CRL number here manually if you intend to
+# downgrade to an earlier version than 3.6.3 after publishing
+# the CRL as it is not possible to specify CRL numbers greater
+# than 2**63-2 using hex notation in those versions.
 #crl_number = 5
 
 # Specify the update dates more precisely.
author	Martin Sucha <anty.sk+git@gmail.com>	2018-05-18 13:00:43 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-19 11:55:59 +0200
commit	62314f705944a1c15c1664adf62d894449a430ae (patch)
tree	254067162118114173b4e12f7b6f96e8af425e41
parent	1e66c7e6e5bcfca4082c520d3bd970f39fa1751b (diff)
download	gnutls-62314f705944a1c15c1664adf62d894449a430ae.tar.gz