On Wed, 25 May 2016, jonetsu wrote:
Is libreswan's OCSP periodically doing checks to see of the certificate in use is still valid ? If so, at which frequency ?
Yes, but this was very recently fixed. So you might want to try 3.18rc2. It used to not re-check when the OCSP was still valid I believe. In the latest code, I think it uses the refresh time specified in the OCSP request. Tuomo should know the gory details, Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
