[strongSwan] How to disable 'CRL' in strongswan.conf?

Yong Choo yhc at alcatel-lucent.com
Mon Jan 9 20:59:55 CET 2012

Searching in database, I came up on the following in 
So, the question is 'how not to load the revocation plugin when it is 
already enabled by default?'

-----Original Message-----
From: Andreas Steffen [mailto:andreas.stef... at strongswan.org]
Sent: jeudi 24 novembre 2011 12:51
Cc: users at lists.strongswan.org; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen
Subject: Re: [strongSwan] How to bypass CRL checks?

Hello Mugur,

with IKEv2 revocation checks can be easily disabled by not loading the
revocation plugin. What is not possible is to disable CRL checking on a per
connection definition basis.



On 1/9/2012 12:30 PM, Yong Choo wrote:
> Hi,
> Looking at http://wiki.strongswan.org/projects/1/wiki/441,
> OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, 
> enabled
> by default. Plase update manual load directives in strongswan.conf.
> How can I disable this plugin dynamically? We have a need of 
> dynamically controlling the loading of plugin at run-time.
> Thanks Much,
> -Yong Choo
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120109/5dbcf05b/attachment.html>

More information about the Users mailing list