Thanks Much! Yes it would be sufficient for 'dynamic purpose' in our
situation!
So to be sure:
charon {
...
load = revocation
} --> charon would load the 'revocation' plugin
charon {
...
} --> charon would NOT load the 'revocation' plugin
Correct?
ps.
The statement in the release note was what got me confused, i.e. I
thought that without 'load', the statement led me to believe that the
revocation plugin is automatically loaded in :)
_"OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
enabled by default."_
-Yong Choo
On 1/9/2012 10:43 PM, Andreas Steffen wrote:
Hello Yong Choo,
you can do that with an explicit load statement in strongswan.conf.
Just prepare two versions of strongswan.conf - one with the
revocation plugin in the load statement and one without it.
Depending on the situation you either start strongSwan with
one strongswan.conf or the second one. Is this dynamical enough?
Regards
Andreas
On 09.01.2012 20:59, Yong Choo wrote:
Searching in database, I came up on the following in
http://www.mail-archive.com/[email protected]/msg03918.html
So, the question is 'how not to load the revocation plugin when it is
already enabled by default?'
-----Original Message-----
From: Andreas Steffen [mailto:[email protected]]
Sent: jeudi 24 novembre 2011 12:51
To: ABULIUS, MUGUR (MUGUR)
Cc: [email protected]; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen
G (Stephen); WASNIEWSKI, ALAIN (ALAIN)
Subject: Re: [strongSwan] How to bypass CRL checks?
Hello Mugur,
with IKEv2 revocation checks can be easily disabled by not loading the
revocation plugin. What is not possible is to disable CRL checking on a per
connection definition basis.
Regards
Andreas
On 1/9/2012 12:30 PM, Yong Choo wrote:
Hi,
Looking at http://wiki.strongswan.org/projects/1/wiki/441,
OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
enabled
by default. Plase update manual load directives in strongswan.conf.
How can I disable this plugin dynamically? We have a need of
dynamically controlling the loading of plugin at run-time.
Thanks Much,
-Yong Choo
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
