[strongSwan] "ipsec purgecrls" vs VICI clear-creds

Taylor, Philip (Space & Defence) ph.taylor at cgi.com
Wed Aug 4 19:27:49 CEST 2021

Thanks for responding.

Your response does not answer my question, so I modify my question. Everything is loaded via VICI , nothing is loaded with ipsec commands or with configuration files.

Does the application need both commands when all certificates and CRLs are installed via VICI?



-----Original Message-----
From: Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> 
Sent: 04 August 2021 15:50
To: Taylor, Philip (Space & Defence) <ph.taylor at cgi.com>; Users at lists.strongswan.org
Subject: Re: [strongSwan] "ipsec purgecrls" vs VICI clear-creds

Hi Philip,

CRLs are Certificate Revocation Lists.
They're not secrets.

Kind regards

Am 04.08.21 um 14:29 schrieb Taylor, Philip (Space & Defence):
> I am looking at some old application code that executes the command "ipsec purgecrls" and then sends the VICI command clear-creds.
> Man ipsec purgecrls reveals
>                  Purgecrls - purges all cached CRLS
> VICI protocola web page describes clear-creds as
> Clear all loaded certificates, private key and shared key credentials.
> This affects only credentials loaded over vici, but additionally flushes the credential store.
> If a CRL is a credential, does clear-creds duplicate the "ipsec purgcrls" command, making the separate command redundant?
> Does the code need to send both commands?
> *Philip Taylor*
> Public

More information about the Users mailing list