From 62314f705944a1c15c1664adf62d894449a430ae Mon Sep 17 00:00:00 2001
From: Martin Sucha <anty.sk+git@gmail.com>
Date: Fri, 18 May 2018 13:00:43 +0200
Subject: doc: add note about CRL numbers to man page

Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>
---
 src/certtool-args.def | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 204088a735..1eb123003b 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -1112,6 +1112,13 @@ encryption_key
 # this is the 5th CRL by this CA
 # The value is in decimal (i.e. 1963) or hex (i.e. 0x07ab).
 # Comment the field for a time-based number.
+# Time-based CRL numbers generated in GnuTLS 3.6.3 and later
+# are significantly larger than those generated in previous
+# versions. Since CRL numbers need to be monotonic, you need
+# to specify the CRL number here manually if you intend to
+# downgrade to an earlier version than 3.6.3 after publishing
+# the CRL as it is not possible to specify CRL numbers greater
+# than 2**63-2 using hex notation in those versions.
 #crl_number = 5
 
 # Specify the update dates more precisely.
-- 
cgit v1.2.1