Yes, revocation plugin works fine on 14.04, but crashes are sometimes
once a day and othertimes several times a minute.
It seems to be at strongswan start (not each time) and at IKE_SA
reauthentication (not each time).
ikelifetime is the default value.

I have a very big log file for a week (6.2GB).

I don't know if it is important, but the certificate status checking is
a mix of OCSP and CRL.
So for each server certificate, there are 2 OSCP checking before trying
CRL checking.

Le 20/09/2016 à 13:44, Tobias Brunner a écrit :
> Hi Fabrice
>> When revocation plugin is disabled, it's OK.
> This didn't seem to be a problem previously, where you complained about
> CRLs not getting saved on 16.04 - which I can't reproduce, by the way -
> but the revocation plugin seemed to have worked fine on both 14.04 and
> 16.04.  So what changed?
> Regards,
> Tobias

Fabrice Barconnière
Pôle logiciels libres - EOLE

Attachment: signature.asc
Description: OpenPGP digital signature

Users mailing list

Reply via email to