[strongSwan] charon and CRL loading
Modster, Anthony
Anthony.Modster at Teledyne.com
Thu May 9 17:19:24 CEST 2019
Tobias
Sorry one other question.
? for the CRL cases below, does the host need to "drop the connection" for the CRL updates
-----Original Message-----
From: Users <users-bounces at lists.strongswan.org> On Behalf Of Tobias Brunner
Sent: Thursday, May 09, 2019 8:09 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Cc: Amare, Mesfin <Mesfin.Amare at Teledyne.com>
Subject: Re: [strongSwan] charon and CRL loading
---External Email---
Hi Anthony,
> Item 1, if a new CRL is copied to the x509crl directory, "authorities
> section" not configured, ? will charon automatically re-load the CRL
No, swanctl --load-creds has to be called explicitly.
> Item 2, if a new CRL is copied to the "assigned location", and
> "authorities section" "crl_uirs = fill:///xxx", ? will charon
> automatically re-load the CRL
Only if a previously fetched and cached version expired, or the cache has been flushed manually.
Regards,
Tobias
More information about the Users
mailing list