[strongSwan] charon and CRL loading

Tobias Brunner tobias at strongswan.org
Thu May 9 18:26:03 CEST 2019

Hi Anthony,
> If a CRL comes in, then I think we would need to do the following:
> 1. create "authorities section" "crl_uirs = fill:///xxx" in swanctl.conf
> 2. --load-authorities 
> 3. --load-creds

You don't need step 3 if you use file URIs, the CRL is fetched
dynamically during authentication (if you update the CRL, while the old
one is still valid for a while, you need to flush the cache, as pointed
out before).  And if you, alternatively, store the CRL in x509crl then
you only need step 3 (and, again, perhaps flush the cache).


More information about the Users mailing list