[strongSwan] "ipsec purgecrls" vs VICI clear-creds
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Aug 4 16:50:21 CEST 2021
Hi Philip,
CRLs are Certificate Revocation Lists.
They're not secrets.
Kind regards
Noel
Am 04.08.21 um 14:29 schrieb Taylor, Philip (Space & Defence):
> I am looking at some old application code that executes the command “ipsec purgecrls” and then sends the VICI command clear-creds.
>
> Man ipsec purgecrls reveals
>
> Purgecrls – purges all cached CRLS
>
> VICI protocola web page describes clear-creds as
>
> Clear all loaded certificates, private key and shared key credentials.
>
> This affects only credentials loaded over vici, but additionally flushes the credential store.
>
> If a CRL is a credential, does clear-creds duplicate the “ipsec purgcrls” command, making the separate command redundant?
>
> Does the code need to send both commands?
>
> *Philip Taylor*
>
>
> Public
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210804/3dca5cb6/attachment.sig>
More information about the Users
mailing list