[strongSwan] charon and CRL loading
Modster, Anthony
Anthony.Modster at Teledyne.com
Thu May 9 19:48:06 CEST 2019
Thanks
-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org>
Sent: Thursday, May 09, 2019 9:26 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Cc: Amare, Mesfin <Mesfin.Amare at Teledyne.com>
Subject: Re: [strongSwan] charon and CRL loading
---External Email---
Hi Anthony,
> If a CRL comes in, then I think we would need to do the following:
> 1. create "authorities section" "crl_uirs = fill:///xxx" in
> swanctl.conf 2. --load-authorities 3. --load-creds
You don't need step 3 if you use file URIs, the CRL is fetched dynamically during authentication (if you update the CRL, while the old one is still valid for a while, you need to flush the cache, as pointed out before). And if you, alternatively, store the CRL in x509crl then you only need step 3 (and, again, perhaps flush the cache).
Regards,
Tobias
More information about the Users
mailing list