[strongSwan] Strongswan caching CRL's when setting is set to "no"
Eric Germann
ekgermann at semperen.com
Wed Jun 1 16:05:40 CEST 2022
crluri = "https://ipsec-crl.s3.us-east-2.amazonaws.com/Semperen%2BIPSec%2BSigning%2BAuthority%2BCRL.crl"
16[IKE] received end entity cert "CN=pfsense.semperen.net, C=US, ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] using certificate "CN=pfsense.semperen.net, C=US, ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] using trusted ca certificate "CN=semperen-ipsec-ca, C=US, ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] checking certificate status of "CN=pfsense.semperen.net, C=US, ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
>>>>> 16[CFG] fetching crl from 'https://ipsec-crl.s3.us-east-2.amazonaws.com/Semperen%2BIPSec%2BSigning%2BAuthority%2BCRL.crl' … <<<<
16[CFG] using trusted certificate "CN=semperen-ipsec-ca, C=US, ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] crl correctly signed by "CN=semperen-ipsec-ca, C=US, ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] crl is valid: until Oct 13 19:33:11 2049
16[CFG] certificate status is good
16[CFG] reached self-signed root ca with a path length of 0
16
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann <https://www.linkedin.com/in/ericgermann>
Medium: https://ekgermann.medium.com <https://ekgermann.medium.com/>
Twitter: @ekgermann
Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
> On Jun 1, 2022, at 3:39 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Eric,
>
>> What's the point of SS having an option to auto fetch a CRL at startup
>
> There is no such option.
>
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220601/26594153/attachment.html>
More information about the Users
mailing list