[strongSwan] charon and CRL loading

Modster, Anthony Anthony.Modster at Teledyne.com
Thu May 9 17:54:43 CEST 2019


-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org> 
Sent: Thursday, May 09, 2019 8:32 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Cc: Amare, Mesfin <Mesfin.Amare at Teledyne.com>
Subject: Re: [strongSwan] charon and CRL loading

---External Email---

Hi Anthony,

> ? for the CRL cases below, does the host need to "drop the connection" 
> for the CRL updates

The new CRL will currently only have an effect on new connections.  So if the certificate of a peer who currently is connected is revoked, this will not have an effect until that peer re-authenticates (i.e. until it creates a new IKE_SA).


More information about the Users mailing list