[strongSwan] charon and CRL loading
Modster, Anthony
Anthony.Modster at Teledyne.com
Thu May 9 18:10:50 CEST 2019
Tobias
Sorry (round 2)
Item 2, using "authorities section" "crl_uirs = fill:///xxx"
If the host does not have a CRL, then the "authorities section" will not be loaded by our host.
If a CRL comes in, then I think we would need to do the following:
1. create "authorities section" "crl_uirs = fill:///xxx" in swanctl.conf
2. --load-authorities
3. --load-creds
-----Original Message-----
From: Users <users-bounces at lists.strongswan.org> On Behalf Of Tobias Brunner
Sent: Thursday, May 09, 2019 8:09 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Cc: Amare, Mesfin <Mesfin.Amare at Teledyne.com>
Subject: Re: [strongSwan] charon and CRL loading
---External Email---
Hi Anthony,
> Item 1, if a new CRL is copied to the x509crl directory, "authorities
> section" not configured, ? will charon automatically re-load the CRL
No, swanctl --load-creds has to be called explicitly.
> Item 2, if a new CRL is copied to the "assigned location", and
> "authorities section" "crl_uirs = fill:///xxx", ? will charon
> automatically re-load the CRL
Only if a previously fetched and cached version expired, or the cache has been flushed manually.
Regards,
Tobias
More information about the Users
mailing list