Hello, Our understanding in case of setting strictcrlpolicy to **no** for charon is that strongSwan denies the authentication if the certificate appears in the fetched CRL. But, if the certificate does not specify an uri or if the CRL can't be fetched the authentication is not denied. Can you please check our understanding? In case our assumption is correct we are looking for a way to set-up strongSwan (for some specific run scenarios) to bypass any CRL checks (even if strictcrlpolicy=no). We are looking for this capability even if received certificates specify an uri and the corresponding CRL can be fetched from CDP.
Thank you Mugur
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users