[strongSwan] ocsp in ikev2

Martin Willi martin at strongswan.org
Fri Jan 17 10:22:30 CET 2014

Hi Sriram,

> When I tested this, I saw peers exchanging AuthorityInfoAccess as part of
> certificate data extensions. But I didnt any exchanges happening between
> ocsp server and peer to confirm the validity of certificates.

For OCSP support, you need both the revocation plugin and one of the
fetcher plugins enabled. The curl plugin depends on libcurl and is
usually the better choice, the soup plugin builds upon libsoup/glib.

If you still see no OCSP requests, please provide an excerpt of your


More information about the Users mailing list