[strongSwan] CRL check: how to fail over to local CRL if fetch fails
Zach Cutlip
uid000 at gmail.com
Fri Apr 21 18:25:19 CEST 2017
Tobias,
Anything in particular I should be looking for in the logs? I
definitely see the CRL getting loaded from disk when I start the
service. I also see in the logs the remote CRL fetch failing. Nothing
is mentioned in the logs about the local CRL.
Thanks
On Fri, Apr 21, 2017 at 12:20 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Zach,
>
>> Alternatively, is there a way to just ignore embedded CRL distribution
>> points, and always use the local CRL?
>
> If the revocation plugin finds a cached CRL (either previously fetched
> or loaded manually) that's still valid it will use that and not fetch
> any remote CRLs. Check the log for details on what's going on.
>
> Regards,
> Tobias
>
--
:wq!
More information about the Users
mailing list