[strongSwan] charon and CRL loading
Modster, Anthony
Anthony.Modster at Teledyne.com
Thu May 9 16:58:11 CEST 2019
Tobias
Item 1, if a new CRL is copied to the x509crl directory, "authorities section" not configured, ? will charon automatically re-load the CRL
Item 2, if a new CRL is copied to the "assigned location", and "authorities section" "crl_uirs = fill:///xxx", ? will charon automatically re-load the CRL
-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org>
Sent: Thursday, May 09, 2019 12:59 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] charon and CRL loading
---External Email---
Hi Anthony,
> ? does charon reload the CRL during ( re-authentication and
> re-connection )
Not if a valid CRL is still stored in the in-memory cache (which can be cleared via `ipsec purgecrls` or `swanctl --flush-certs -t x509_crl`).
> If new CRL’s arrive, ? will charon use them during ( re-authentication
> and re-connection ).
Arrive how?
Regards,
Tobias
More information about the Users
mailing list