[strongSwan] Problem in stack when crl updation is done

vivek bairathi bairathi.vivek at gmail.com
Fri Mar 26 13:44:55 CET 2010

Hi All,

I am getting a problem with the strongswan-4.2.8, whenever I revoke a peer
certificate and
update the latest crl at my end and then try to make an SA it gets created
as it should not.
When I debug the stack I found that in credential_manager.c there is a
"get_better_crl", in this there are two problems that I saw:

1. The crl list that is passed is having both the crls - the older one and
the latest one. (As I had provided only two crls, one at the starting of the
stack and the other after revoking the cert). But I think as the new crl is
added the older should deleted?
2. The comparison done between the certificate serial number and the serial
numbers present in the crl is done with only the old crl and not the new crl
in which the certificate is revoked. I think there is some problem in the
parsing of the crl list as the crl list is not completely parsed?

Thanks for your help in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100326/0c443ac9/attachment.html>

More information about the Users mailing list