[strongSwan] RFC 4325 support - Authority Information Access CRL Extension
ABULIUS, MUGUR (MUGUR)
mugur.abulius at alcatel-lucent.com
Thu Dec 15 09:12:38 CET 2011
Hello Andreas,
> the only alternative to extracting http CDPs from end entitcy certificates
> is to define additional CDPs in ipsec.conf in a special ca section
Thank you. Assuming that the retrieved CRL was signed by CA1, my question
is: Does strongSwan expects a X.509 certificate with a subject name CA1
in "/etc/ipsec.d/cacerts" to check/validate the signature of the CRL?
Best Regards
Mugur
More information about the Users
mailing list