[strongSwan] Different values for the option strictcrlpolicy

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Fri Nov 18 14:59:12 CET 2011


Hi Martin,
Is the introduction of this new option planned for the near future?
Best Regards
Mugur

-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org] 
Sent: vendredi 18 novembre 2011 14:55
To: ABULIUS, MUGUR (MUGUR)
Cc: 'users at lists.strongswan.org'; Pisano, Stephen G (Stephen)
Subject: Re: [strongSwan] Different values for the option strictcrlpolicy

Hi,
> 
> One of them wants for his connections the behavior as for 
> "strictcrlpolicy=no", another one as for  "strictcrlpolicy=ifuri" and 
> the third one as for "strictcrlpolicy=yes". There is any way to 
> satisfay all three cases from the same strongSwan instance?

Charon internally handles CRL policies per connection (or even per authentication round when using multiple rounds). But Pluto can't, and therefore there is a global option in ipsec.con only.

We'd have to introduce a new ipsec.conf connection keyword and pass this information to the daemon; no rocket science, but needs some work.

Regards
Martin






More information about the Users mailing list