[strongSwan] CRL check: how to fail over to local CRL if fetch fails

[Tobias Brunner]

Hi Zach,

> Alternatively, is there a way to just ignore embedded CRL distribution
> points, and always use the local CRL?

If the revocation plugin finds a cached CRL (either previously fetched
or loaded manually) that's still valid it will use that and not fetch
any remote CRLs.  Check the log for details on what's going on.

Regards,
Tobias