Hello Mugur,
with IKEv2 revocation checks can be easily disabled by not loading
the revocation plugin. What is not possible is to disable CRL
checking on a per connection definition basis.
Regards
Andreas
On 11/24/2011 08:50 AM, ABULIUS, MUGUR (MUGUR) wrote:
Hello,
Our understanding in case
To: ABULIUS, MUGUR (MUGUR)
Cc: users@lists.strongswan.org; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen
G (Stephen); WASNIEWSKI, ALAIN (ALAIN)
Subject: Re: [strongSwan] How to bypass CRL checks?
Hello Mugur,
with IKEv2 revocation checks can be easily disabled by not loading the
revocation plugin
Hello,
Our understanding in case of setting strictcrlpolicy to **no** for charon is
that strongSwan denies the authentication if the certificate appears in the
fetched CRL. But,
if the certificate does not specify an uri or if the CRL can't be fetched the
authentication is
not denied.
Can you