Hi Tobias That is excellent, it sounds like exactly what we would like.
I'll patch a build and try it. Many thanks Mike -----Original Message----- From: Tobias Brunner [mailto:[email protected]] Sent: 10 November 2015 14:27 To: Cole, Michael; [email protected] Subject: Re: [strongSwan-dev] Handling of CRL updates different between Vici and ipsec rereadcrls Hi Michael, > This works fine usually as strongswan appears to use the last loaded > CRL as the one to check when a new IKE connection is requested. Yes, the code in vici_cred.c is definitely not ideal. It adds a loaded CRL just like a regular certificate to the credential set, which means it just gets added to the front of the list of trusted certificates. Instead, we should call add_crl(), which actually compares the CRL to already loaded ones (in the same credential set) and drops it if it was superseded. I pushed a fix for this to the vici-load-cert-crl branch [1]. Let me know if that works for you. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/vici-load-cert-crl _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
