Hi, > > One of them wants for his connections the behavior as for > “strictcrlpolicy=no”, another one as for “strictcrlpolicy=ifuri” and > the third one as for “strictcrlpolicy=yes”. There is any way to > satisfay all three cases from the same strongSwan instance?
Charon internally handles CRL policies per connection (or even per authentication round when using multiple rounds). But Pluto can't, and therefore there is a global option in ipsec.con only. We'd have to introduce a new ipsec.conf connection keyword and pass this information to the daemon; no rocket science, but needs some work. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
