[strongSwan] "ipsec purgecrls" vs VICI clear-creds

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Aug 4 16:50:21 CEST 2021

Hi Philip,

CRLs are Certificate Revocation Lists.
They're not secrets.

Kind regards

Am 04.08.21 um 14:29 schrieb Taylor, Philip (Space & Defence):
> I am looking at some old application code that executes the command “ipsec purgecrls” and then sends the VICI command clear-creds.
> Man ipsec purgecrls reveals
>                  Purgecrls – purges all cached CRLS
> VICI protocola web page describes clear-creds as
> Clear all loaded certificates, private key and shared key credentials.
> This affects only credentials loaded over vici, but additionally flushes the credential store.
> If a CRL is a credential, does clear-creds duplicate the “ipsec purgcrls” command, making the separate command redundant?
> Does the code need to send both commands?
> *Philip Taylor*
> Public

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210804/3dca5cb6/attachment.sig>

More information about the Users mailing list