Hi! First timer on the list so, first of all, thanks for libreswan! You guys are doing a wonderful job.
I'm currently in the process of moving from openswan to libreswan and wanted to share three notes from my log book. 1) whack rereadall doesn't reload nss certificates. This has been brought up before: https://lists.libreswan.org/pipermail/swan/2014/000707.html As the previous author this is something I'm also interested in. 2) crl verification needs curl. I have my crls in the crls folder. I compiled without curl and noticed that crl verification didn't happen. >From what I remember, things looked good from the logs. No sign that verification was off. But in verify_x509cert there is an ifdef around verify_by_crl. #if defined(LIBCURL) || defined(LDAP_VER) 3) missing git tag v3.10. Can there be one for 3.11? Regards, -- fisher
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
