Hi Martin, > Fetching a CRL inside the tunnel to check the certificate status > for the same tunnel does not work: it is a hen-egg problem. With > a strict CRL policy, you can't establish the tunnel, because you > have no CRL. And you can't fetch a CRL, because you don't have a tunnel yet.
In case CRLs are retrieved outside this tunnel, can you please confirm that: 1)Charon HTTP requests use the protocol and port from "/etc/services" (e.g. TCP/80)? 2)Charon supports the rfc3986 - Uniform Resource Identifier (URI): Generic Syntax? Best Regards Mugur Regards Mugur _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
