Hi Martin, Thank you for your help.
On our strongSwan systems we want to switch on/off the CRL checks. If the check is switched off then even if received certificate specifies a CDP extension toward an accessible remote CRL we don't want that strongSwan rejects the IKE connection even if the serial number of certificate is specified by the CRL as no more valid. Do you think that we can set-up strongSwan for this capability? If yes what should be the value for strictcrlpolicy in this case? Thank you Mugur _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
