[strongSwan] Different values for the option strictcrlpolicy

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Tue Nov 22 17:36:40 CET 2011

Hi Martin,

Thank you for your help.

On our strongSwan systems we want to switch on/off the
CRL checks. If the check is switched off then even if received
certificate specifies a CDP extension toward an accessible
remote CRL we don't want that strongSwan rejects the IKE
connection even if the serial number of certificate is
specified by the CRL as no more valid. Do you think that we
can set-up strongSwan for this capability? If yes what should
be the value for strictcrlpolicy in this case?

Thank you

More information about the Users mailing list