Yes, we are using/controlling the strictcrlpolicy when we are enabling
'revocation'.
Our systems' engineer wanted to have the plugin not even loaded when the
'revocation' is to be disabled.
On 6/1/2012 6:59 AM, Martin Willi wrote:
Hi,
So, it would be ideal to have some sort of 'dynamic control at run
time' in strongswan.conf to indicate which plugin is to be
'enabled/disabled'.
Beside the load statement, there is currently no option to
enable/disable the revocation plugin globally. Have you seen the
ipsec.conf strictcrlpolicy that allows you to accept/reject certificates
whose certificate status can not be obtained?
Regards
Martin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
