[strongSwan] "ipsec purgecrls" vs VICI clear-creds
Taylor, Philip (Space & Defence)
ph.taylor at cgi.com
Wed Aug 4 19:27:49 CEST 2021
Noel,
Thanks for responding.
Your response does not answer my question, so I modify my question. Everything is loaded via VICI , nothing is loaded with ipsec commands or with configuration files.
Does the application need both commands when all certificates and CRLs are installed via VICI?
PhilT
Public
-----Original Message-----
From: Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting>
Sent: 04 August 2021 15:50
To: Taylor, Philip (Space & Defence) <ph.taylor at cgi.com>; Users at lists.strongswan.org
Subject: Re: [strongSwan] "ipsec purgecrls" vs VICI clear-creds
Hi Philip,
CRLs are Certificate Revocation Lists.
They're not secrets.
Kind regards
Noel
Am 04.08.21 um 14:29 schrieb Taylor, Philip (Space & Defence):
> I am looking at some old application code that executes the command "ipsec purgecrls" and then sends the VICI command clear-creds.
>
> Man ipsec purgecrls reveals
>
> Purgecrls - purges all cached CRLS
>
> VICI protocola web page describes clear-creds as
>
> Clear all loaded certificates, private key and shared key credentials.
>
> This affects only credentials loaded over vici, but additionally flushes the credential store.
>
> If a CRL is a credential, does clear-creds duplicate the "ipsec purgcrls" command, making the separate command redundant?
>
> Does the code need to send both commands?
>
> *Philip Taylor*
>
>
> Public
>
More information about the Users
mailing list