[strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer or own Certificate is detected as revoked or expired at runtime.

Sajal Malhotra sajalmalhotra at gmail.com
Fri Nov 14 11:29:46 CET 2014


Hi,

Had a query regarding Certificate Expiration and revocation logic used in
strongswan.

If a IKEv2 tunnel is *already established with a peer, *then is this tunnel
brought down *automatically *by strongswan in case of any of the following
conditions become true:
1. If we provide updated CRL to the stack in which any cert of peer's trust
chain is revoked
or
2. Any certificate in our or peer's trust chain gets expired at runtime.

BR
Sajal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141114/8ba0cd09/attachment.html>


More information about the Users mailing list