[strongSwan] Strongswan caching CRL's when setting is set to "no"
Tobias Brunner
tobias at strongswan.org
Mon May 30 12:02:53 CEST 2022
Hi Eric,
> When IKE reauthenticates the log says it is loading crl from the
> directory (which has nothing in it).
What exactly are you referring to here? Logs?
> Also forcing “rereadcrls” doesn’t
> cause a new fetch. “files” and “curl” plugins are loaded.
If there is a cached CRL (note that `cachecrls` refers to caching CRLs
persistently in /etc/ipsec.d/crls, not the in-memory cache) that's still
valid, there won't be a new fetch. And the `rereadcrls` command has no
effect on this as it only triggers a reload of CRLs from
/etc/ipsec.d/crls, it does not purge any in-memory caches (try
`purgecrls` for that). Also see this thread [1].
Regards,
Tobias
[1] https://lists.strongswan.org/pipermail/users/2022-April/015291.html
More information about the Users
mailing list