[strongSwan] Loading CRLs from file
Martin Willi
martin at strongswan.org
Fri Feb 19 14:19:42 CET 2010
Hi,
> 1. If the CRL file is updated in the directory, how can strongswan be
> indicated to update it. Does crlCheckInterval timer work with
> strongswan IKEv2?
You can do this manually (or by a script) using "ipsec rereadcrls".
> 2. Is there an option to load CRL present in Cert directory at every
> IKE Autentication
Yes, this is possible by specifying a file:// based URI, but this will
reload the CRL only if the currently cached CRL is stale.
> 3. Also, If I try to specify a specific fileuri, I get the follwoing error:-
> unable to fetch from
> /home/vivek/vivek/linux_pc_90_1/crl.pem, no capable fetcher found
CRL fetching can use different backends (called fetchers). The curl
backend based on libcurl supports http/ftp and file URIs. But you'll
need to --enable-curl (or provide your own fetcher that reads file://
URIs from disk).
Regards
Martin
More information about the Users
mailing list