[strongSwan] ipsec rereadcrls command effect
अनुज
anuj01 at gmail.com
Wed Jun 5 15:59:18 CEST 2013
Hi,
As per wiki :
*ipsec rereadcrls*
reads all Certificate Revocation Lists (CRLs) contained in the
/etc/ipsec.d/crls<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectoryCrls>directory
and adds them to the list of CRLs. Older CRLs are replaced by
newer ones. Implemented by calling the ipsec
whack<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecWhack>--rereadcrls
and/or ipsec
stroke <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStroke>rereadcrls
commands.
Does by executing this command, already established Ipsec SA would be
destroyed in case revoked certificates are used in establishing the tunnel?
If yes, then we are not observing this behavior on Strongswan 4.5.3. The
ipsec SAs remain established even the certificates are revoked.
Thanks & Regards,
Anuj Aggarwal
--
Anuj Aggarwal
.''`.
: :Ⓐ : # apt-get install hakuna-matata
`. `'`
`-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130605/0b4a4b61/attachment.html>
More information about the Users
mailing list