[strongSwan] charon and CRL loading
Tobias Brunner
tobias at strongswan.org
Thu May 9 18:26:03 CEST 2019
Hi Anthony,
> If a CRL comes in, then I think we would need to do the following:
> 1. create "authorities section" "crl_uirs = fill:///xxx" in swanctl.conf
> 2. --load-authorities
> 3. --load-creds
You don't need step 3 if you use file URIs, the CRL is fetched
dynamically during authentication (if you update the CRL, while the old
one is still valid for a while, you need to flush the cache, as pointed
out before). And if you, alternatively, store the CRL in x509crl then
you only need step 3 (and, again, perhaps flush the cache).
Regards,
Tobias
More information about the Users
mailing list