[strongSwan] CRL check: how to fail over to local CRL if fetch fails
Tobias Brunner
tobias at strongswan.org
Fri Apr 21 09:20:23 CEST 2017
Hi Zach,
> Alternatively, is there a way to just ignore embedded CRL distribution
> points, and always use the local CRL?
If the revocation plugin finds a cached CRL (either previously fetched
or loaded manually) that's still valid it will use that and not fetch
any remote CRLs. Check the log for details on what's going on.
Regards,
Tobias
More information about the Users
mailing list