Yes, revocation plugin works fine on 14.04, but crashes are sometimes once a day and othertimes several times a minute. It seems to be at strongswan start (not each time) and at IKE_SA reauthentication (not each time). ikelifetime is the default value.
I have a very big log file for a week (6.2GB). I don't know if it is important, but the certificate status checking is a mix of OCSP and CRL. So for each server certificate, there are 2 OSCP checking before trying CRL checking. Le 20/09/2016 à 13:44, Tobias Brunner a écrit : > Hi Fabrice > >> When revocation plugin is disabled, it's OK. > This didn't seem to be a problem previously, where you complained about > CRLs not getting saved on 16.04 - which I can't reproduce, by the way - > but the revocation plugin seemed to have worked fine on both 14.04 and > 16.04. So what changed? > > Regards, > Tobias > -- regards, Fabrice Barconnière Pôle logiciels libres - EOLE
Description: OpenPGP digital signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users