[strongSwan] How to disable 'CRL' in strongswan.conf?
yhc at alcatel-lucent.com
Tue Jan 10 13:47:35 CET 2012
Thanks Much! Yes it would be sufficient for 'dynamic purpose' in our
So to be sure:
load = revocation
} --> charon would load the 'revocation' plugin
} --> charon would NOT load the 'revocation' plugin
The statement in the release note was what got me confused, i.e. I
thought that without 'load', the statement led me to believe that the
revocation plugin is automatically loaded in :)
_"OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
enabled by default."_
On 1/9/2012 10:43 PM, Andreas Steffen wrote:
> Hello Yong Choo,
> you can do that with an explicit load statement in strongswan.conf.
> Just prepare two versions of strongswan.conf - one with the
> revocation plugin in the load statement and one without it.
> Depending on the situation you either start strongSwan with
> one strongswan.conf or the second one. Is this dynamical enough?
> On 09.01.2012 20:59, Yong Choo wrote:
>> Searching in database, I came up on the following in
>> So, the question is 'how not to load the revocation plugin when it is
>> already enabled by default?'
>> -----Original Message-----
>> From: Andreas Steffen [mailto:andreas.stef... at strongswan.org]
>> Sent: jeudi 24 novembre 2011 12:51
>> To: ABULIUS, MUGUR (MUGUR)
>> Cc: users at lists.strongswan.org; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen
>> G (Stephen); WASNIEWSKI, ALAIN (ALAIN)
>> Subject: Re: [strongSwan] How to bypass CRL checks?
>> Hello Mugur,
>> with IKEv2 revocation checks can be easily disabled by not loading the
>> revocation plugin. What is not possible is to disable CRL checking on a per
>> connection definition basis.
>> On 1/9/2012 12:30 PM, Yong Choo wrote:
>>> Looking at http://wiki.strongswan.org/projects/1/wiki/441,
>>> OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
>>> by default. Plase update manual load directives in strongswan.conf.
>>> How can I disable this plugin dynamically? We have a need of
>>> dynamically controlling the loading of plugin at run-time.
>>> Thanks Much,
>>> -Yong Choo
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users