[strongSwan] Different values for the option strictcrlpolicy

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Fri Nov 18 14:59:12 CET 2011

Hi Martin,
Is the introduction of this new option planned for the near future?
Best Regards

-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org] 
Sent: vendredi 18 novembre 2011 14:55
Cc: 'users at lists.strongswan.org'; Pisano, Stephen G (Stephen)
Subject: Re: [strongSwan] Different values for the option strictcrlpolicy

> One of them wants for his connections the behavior as for 
> "strictcrlpolicy=no", another one as for  "strictcrlpolicy=ifuri" and 
> the third one as for "strictcrlpolicy=yes". There is any way to 
> satisfay all three cases from the same strongSwan instance?

Charon internally handles CRL policies per connection (or even per authentication round when using multiple rounds). But Pluto can't, and therefore there is a global option in ipsec.con only.

We'd have to introduce a new ipsec.conf connection keyword and pass this information to the daemon; no rocket science, but needs some work.


More information about the Users mailing list