Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2012-01-08 Thread Andreas Steffen
On 05.01.2012 08:19, ABULIUS, MUGUR (MUGUR) wrote: Hi Andreas, Happy New Year to all at the strongSwan team! Sorry to ask again. I am confused about the sentence: the only alternative to extracting http CDPs from end entity certificates is to define additional CDPs in ipsec.conf in a

Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2012-01-04 Thread ABULIUS, MUGUR (MUGUR)
] Sent: mercredi 14 décembre 2011 21:07 To: ABULIUS, MUGUR (MUGUR) Cc: Martin Willi; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen G (Stephen); users@lists.strongswan.org; WASNIEWSKI, ALAIN (ALAIN) Subject: Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension Hello Mugur

Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2011-12-15 Thread ABULIUS, MUGUR (MUGUR)
Hello Andreas, the only alternative to extracting http CDPs from end entitcy certificates is to define additional CDPs in ipsec.conf in a special ca section Thank you. Assuming that the retrieved CRL was signed by CA1, my question is: Does strongSwan expects a X.509 certificate with a subject

[strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2011-12-14 Thread ABULIUS, MUGUR (MUGUR)
Hello, Does Charon support the Authority Information Access CRL Extension as specified by the RFC 4325? If this extensions is supported, can be specified please in few words how is retrieved, where is stored, when and how is used by strongSwan the certificate of the CRL issuer from this

Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2011-12-14 Thread Martin Willi
Hello Mugur, Does Charon support the Authority Information Access CRL Extension as specified by the RFC 4325? No, we currently don't support the Authority Information Access extension in CRLs. Regards Martin ___ Users mailing list

Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2011-12-14 Thread ABULIUS, MUGUR (MUGUR)
Hello Martin, No, we currently don't support the Authority Information Access extension in CRLs. Regards Mugur ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2011-12-14 Thread ABULIUS, MUGUR (MUGUR)
Hello Martin, No, we currently don't support the Authority Information Access extension in CRLs. Thank you for answer. 1. Which is the behavior of strongSwan when it receives a X.509 certificate with an AIA extension? The extension is ignored or there is some specific processing? 2. We are

Re: [strongSwan] RFC 4325 support - Authority Information Access CRL Extension

2011-12-14 Thread Andreas Steffen
Hello Mugur, have a look at my inline comment. Regards Andreas On 14.12.2011 15:24, ABULIUS, MUGUR (MUGUR) wrote: Hello Martin, No, we currently don't support the Authority Information Access extension in CRLs. Thank you for answer. 1. Which is the behavior of strongSwan when it