[strongSwan] ipsec rereadcrls command effect

अनुज anuj01 at gmail.com
Wed Jun 5 15:59:18 CEST 2013


Hi,

As per wiki :

*ipsec rereadcrls*

reads all Certificate Revocation Lists (CRLs) contained in the
/etc/ipsec.d/crls<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectoryCrls>directory
and adds them to the list of CRLs. Older CRLs are replaced by
newer ones. Implemented by calling the ipsec
whack<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecWhack>--rereadcrls
and/or ipsec
stroke <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStroke>rereadcrls
commands.


Does by executing this command, already established Ipsec SA  would be
destroyed in case revoked certificates are used in establishing the tunnel?

If yes, then we are not observing this behavior on Strongswan 4.5.3. The
ipsec SAs remain established even the certificates are revoked.



Thanks & Regards,
Anuj Aggarwal




-- 
Anuj Aggarwal

 .''`.
: :Ⓐ :   # apt-get install hakuna-matata
`. `'`
   `-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130605/0b4a4b61/attachment.html>


More information about the Users mailing list