[strongSwan] CRL check: how to fail over to local CRL if fetch fails

Tobias Brunner tobias at strongswan.org
Fri Apr 21 09:20:23 CEST 2017

Hi Zach,

> Alternatively, is there a way to just ignore embedded CRL distribution
> points, and always use the local CRL?

If the revocation plugin finds a cached CRL (either previously fetched
or loaded manually) that's still valid it will use that and not fetch
any remote CRLs.  Check the log for details on what's going on.


More information about the Users mailing list