[strongSwan] charon and CRL loading

Tobias Brunner tobias at strongswan.org
Thu May 9 17:32:06 CEST 2019

Hi Anthony,

> ? for the CRL cases below, does the host need to "drop the connection" for the CRL updates

The new CRL will currently only have an effect on new connections.  So
if the certificate of a peer who currently is connected is revoked, this
will not have an effect until that peer re-authenticates (i.e. until it
creates a new IKE_SA).


More information about the Users mailing list