[strongSwan-dev] crluri token and local files
tobias at strongswan.org
Thu Feb 12 09:22:10 CET 2015
> I have another question: this local crl file may be updated using an
> external script. However, the crl file once fetched seems to get
> cached inside the credential manager.
There are two caches, one is in-memory the other stores fetched CRLs in
ipsec.d/crls. The latter, in particular, is mostly useful for http://
or ldap:// URIs but it is not enabled by default (`cachecrls` option in
ipsec.conf). The in-memory cache, however, can't be disabled via
configuration but you may run `ipsec purgecrls` after you updated the
CRL to remove all CRLs from that cache.
More information about the Dev