[strongSwan] CRL check: how to fail over to local CRL if fetch fails

Zach Cutlip uid000 at gmail.com
Fri Apr 21 18:25:19 CEST 2017


Anything in particular I should be looking for in the logs? I
definitely see the CRL getting loaded from disk when I start the
service. I also see in the logs the remote CRL fetch failing. Nothing
is mentioned in the logs about the local CRL.


On Fri, Apr 21, 2017 at 12:20 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Zach,
>> Alternatively, is there a way to just ignore embedded CRL distribution
>> points, and always use the local CRL?
> If the revocation plugin finds a cached CRL (either previously fetched
> or loaded manually) that's still valid it will use that and not fetch
> any remote CRLs.  Check the log for details on what's going on.
> Regards,
> Tobias


More information about the Users mailing list