On 2012-01-20 21:02, Matthew Grant wrote:
This is something set up by upstream, and in big governments deployments
it could be seen as considered necessary/mandatory. IE - The ability to
turn it off may be considered an anti-feature and security hole... CRLs
actually have their weaknesses due
This is something set up by upstream, and in big governments deployments it
could be seen as considered necessary/mandatory. IE - The ability to turn
it off may be considered an anti-feature and security hole... CRLs actually
have their weaknesses due to update issues when the network does not
Package: ipsec-tools
Version: 1:0.7.3-12
Severity: wishlist
Tags: upstream
Currently when configured to verify peer x509 certificates (verify_cert on)
this includes the
verification of certificate revocation lists (CRL).
Racoon sets the following OpenSSL flags:
X509_V_FLAG_CRL_CHECK
3 matches
Mail list logo