[strongSwan] CRLs over IPsec tunnels
ABULIUS, MUGUR (MUGUR)
mugur.abulius at alcatel-lucent.com
Wed Nov 7 09:02:29 CET 2012
Hi Martin,
> Fetching a CRL inside the tunnel to check the certificate status
> for the same tunnel does not work: it is a hen-egg problem. With
> a strict CRL policy, you can't establish the tunnel, because you
> have no CRL. And you can't fetch a CRL, because you don't have a tunnel yet.
In case CRLs are retrieved outside this tunnel, can you please
confirm that:
1)Charon HTTP requests use the protocol and port from "/etc/services" (e.g. TCP/80)?
2)Charon supports the rfc3986 - Uniform Resource Identifier (URI): Generic Syntax?
Best Regards
Mugur
Regards
Mugur
More information about the Users
mailing list