[strongSwan] Loading CRLs from file

Martin Willi martin at strongswan.org
Fri Feb 19 14:19:42 CET 2010


> 1. If the CRL file is updated in  the directory, how can strongswan be
> indicated to update it. Does crlCheckInterval timer work with
> strongswan IKEv2?

You can do this manually (or by a script) using "ipsec rereadcrls".

> 2. Is there an option to load CRL present in Cert directory at every
> IKE Autentication

Yes, this is possible by specifying a file:// based URI, but this will
reload the CRL only if the currently cached CRL is stale.

> 3. Also, If I try to specify a specific fileuri, I get the follwoing error:-
> unable to fetch from
> /home/vivek/vivek/linux_pc_90_1/crl.pem, no capable fetcher found

CRL fetching can use different backends (called fetchers). The curl
backend based on libcurl supports http/ftp and file URIs. But you'll
need to --enable-curl (or provide your own fetcher that reads file://
URIs from disk).


More information about the Users mailing list