<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks Much! Yes it would be sufficient for 'dynamic purpose' in our
situation!<br>
<br>
So to be sure:<br>
charon { <br>
...<br>
load = revocation <br>
} --> charon would load the 'revocation' plugin<br>
<br>
charon {<br>
...<br>
} --> charon would NOT load the 'revocation' plugin<br>
<br>
Correct?<br>
<br>
ps.<br>
The statement in the release note was what got me confused, i.e. I
thought that without 'load', the statement led me to believe that
the revocation plugin is automatically loaded in :)<br>
<u>"OCSP/CRL checking in IKEv2 has been moved to the revocation
plugin, enabled by default."</u><br>
<br>
-Yong Choo<br>
<br>
On 1/9/2012 10:43 PM, Andreas Steffen wrote:
<blockquote cite="mid:4F0BB3CF.1060206@strongswan.org" type="cite">
<pre wrap="">Hello Yong Choo,
you can do that with an explicit load statement in strongswan.conf.
Just prepare two versions of strongswan.conf - one with the
revocation plugin in the load statement and one without it.
Depending on the situation you either start strongSwan with
one strongswan.conf or the second one. Is this dynamical enough?
Regards
Andreas
On 09.01.2012 20:59, Yong Choo wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Searching in database, I came up on the following in
<a class="moz-txt-link-freetext" href="http://www.mail-archive.com/users@lists.strongswan.org/msg03918.html">http://www.mail-archive.com/users@lists.strongswan.org/msg03918.html</a>
So, the question is 'how not to load the revocation plugin when it is
already enabled by default?'
-----Original Message-----
From: Andreas Steffen [<a class="moz-txt-link-freetext" href="mailto:andreas.stef...@strongswan.org">mailto:andreas.stef...@strongswan.org</a>]
Sent: jeudi 24 novembre 2011 12:51
To: ABULIUS, MUGUR (MUGUR)
Cc: <a class="moz-txt-link-abbreviated" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a>; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen
G (Stephen); WASNIEWSKI, ALAIN (ALAIN)
Subject: Re: [strongSwan] How to bypass CRL checks?
Hello Mugur,
with IKEv2 revocation checks can be easily disabled by not loading the
revocation plugin. What is not possible is to disable CRL checking on a per
connection definition basis.
Regards
Andreas
On 1/9/2012 12:30 PM, Yong Choo wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
Looking at <a class="moz-txt-link-freetext" href="http://wiki.strongswan.org/projects/1/wiki/441">http://wiki.strongswan.org/projects/1/wiki/441</a>,
OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
enabled
by default. Plase update manual load directives in strongswan.conf.
How can I disable this plugin dynamically? We have a need of
dynamically controlling the loading of plugin at run-time.
Thanks Much,
-Yong Choo
</pre>
</blockquote>
</blockquote>
<pre wrap="">
======================================================================
Andreas Steffen <a class="moz-txt-link-abbreviated" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>
strongSwan - the Linux VPN Solution! <a class="moz-txt-link-abbreviated" href="http://www.strongswan.org">www.strongswan.org</a>
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
</pre>
</blockquote>
</body>
</html>