[strongSwan] RFC 4325 support - Authority Information Access CRL Extension

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Thu Dec 15 09:12:38 CET 2011

Hello Andreas,

> the only alternative to extracting http CDPs from end entitcy certificates
> is to define additional CDPs in ipsec.conf in a special ca section

Thank you. Assuming that the retrieved CRL was signed by CA1, my question
is: Does strongSwan expects a X.509 certificate with a subject name CA1
in "/etc/ipsec.d/cacerts" to check/validate the signature of the CRL?

Best Regards

More information about the Users mailing list