[strongSwan] CRL check: how to fail over to local CRL if fetch fails
Tobias Brunner
tobias at strongswan.org
Mon Apr 24 10:28:48 CEST 2017
Hi Zach,
> I do wish I could figure out the file:/// problem though.
> /usr/bin/curl has no problem fetching the CRL via the file URI, so I
> don't suspect libcurl is the problem. Besides it's a default Debian
> installation. Debian's libcurl should be pretty typical. Is there a
> way to coax more information out of the logs about why the fetch is
> failing?
It's caused by a too strict result code check that was added with 5.2.0
and was fixed with 5.3.4, see [1].
> After seeing:
> 09[LIB] sending http request to 'file:///...'
> All I see is "crl fetching failed."
>
> The http request to file:// seems weird, though.
That's just the log message, the 'http' part was removed with the fix
for the issue above.
Regards,
Tobias
[1] https://wiki.strongswan.org/issues/1203
More information about the Users
mailing list