[strongSwan] RFC 4325 support - Authority Information Access CRL Extension

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Wed Dec 14 15:24:31 CET 2011

Hello Martin,

>No, we currently don't support the Authority Information Access extension in CRLs.

Thank you for answer.

1. Which is the behavior of strongSwan when it receives a X.509 certificate with an AIA extension? The  extension is ignored or there is some specific processing?

2. We are looking for a way to validate CRLs signed with different keys (possibly by different CAs) as certificates referencing these CRLs. For this scenario the local system has, by some other means, the X.509 certificate of signing CA for CRL. How these X.509 certificates should be specified to strongSwan (via which options or/and using which directories) to validate the CRL ?


More information about the Users mailing list