Hello Mugur, with IKEv2 revocation checks can be easily disabled by not loading the revocation plugin. What is not possible is to disable CRL checking on a per connection definition basis.
Regards Andreas On 11/24/2011 08:50 AM, ABULIUS, MUGUR (MUGUR) wrote: > Hello, > Our understanding in case of setting strictcrlpolicy to **no** for charon is > that strongSwan denies the authentication if the certificate appears in > the fetched CRL. But, > if the certificate does not specify an uri or if the CRL can’t be > fetched the authentication is > not denied. > Can you please check our understanding? > In case our assumption is correct we are looking for a way to set-up > strongSwan (for some > specific run scenarios) to bypass any CRL checks (even if > strictcrlpolicy=no). We are looking > for this capability even if received certificates specify an uri and the > corresponding > CRL can be fetched from CDP. > Thank you > Mugur > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
