[strongSwan] How to disable 'CRL' in strongswan.conf?
andreas.steffen at strongswan.org
Tue Jan 10 04:43:11 CET 2012
Hello Yong Choo,
you can do that with an explicit load statement in strongswan.conf.
Just prepare two versions of strongswan.conf - one with the
revocation plugin in the load statement and one without it.
Depending on the situation you either start strongSwan with
one strongswan.conf or the second one. Is this dynamical enough?
On 09.01.2012 20:59, Yong Choo wrote:
> Searching in database, I came up on the following in
> So, the question is 'how not to load the revocation plugin when it is
> already enabled by default?'
> -----Original Message-----
> From: Andreas Steffen [mailto:andreas.stef... at strongswan.org]
> Sent: jeudi 24 novembre 2011 12:51
> To: ABULIUS, MUGUR (MUGUR)
> Cc: users at lists.strongswan.org; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen
> G (Stephen); WASNIEWSKI, ALAIN (ALAIN)
> Subject: Re: [strongSwan] How to bypass CRL checks?
> Hello Mugur,
> with IKEv2 revocation checks can be easily disabled by not loading the
> revocation plugin. What is not possible is to disable CRL checking on a per
> connection definition basis.
> On 1/9/2012 12:30 PM, Yong Choo wrote:
>> Looking at http://wiki.strongswan.org/projects/1/wiki/441,
>> OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
>> by default. Plase update manual load directives in strongswan.conf.
>> How can I disable this plugin dynamically? We have a need of
>> dynamically controlling the loading of plugin at run-time.
>> Thanks Much,
>> -Yong Choo
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users