[strongSwan] How to bypass CRL checks?

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Thu Nov 24 08:50:42 CET 2011

Our understanding in case of setting strictcrlpolicy to **no** for charon is
that strongSwan denies the authentication if the certificate appears in the fetched CRL. But,
if the certificate does not specify an uri or if the CRL can't be fetched the authentication is
not denied.
Can you please check our understanding?
In case our assumption is correct we are looking for a way to set-up strongSwan (for some
specific run scenarios) to bypass any CRL checks (even if strictcrlpolicy=no). We are looking
for this capability even if received certificates specify an uri and the corresponding
CRL can be fetched from CDP.

Thank you

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111124/137a9a41/attachment.html>

More information about the Users mailing list