[strongSwan-dev] crluri token and local files

Tobias Brunner tobias at strongswan.org
Thu Feb 12 09:22:10 CET 2015

Hi Emeric,

> I have another question: this local crl file may be updated using an
> external script. However, the crl file once fetched seems to get
> cached inside the credential manager.

There are two caches, one is in-memory the other stores fetched CRLs in
ipsec.d/crls.  The latter, in particular, is mostly useful for http://
or ldap:// URIs but it is not enabled by default (`cachecrls` option in
ipsec.conf).  The in-memory cache, however, can't be disabled via
configuration but you may run `ipsec purgecrls` after you updated the
CRL to remove all CRLs from that cache.


More information about the Dev mailing list