Is there a way to make CRL verification fail over to a local CRL if fetching fails?
My client certificates are configured with an embedded CRL URL. I'm finding that if charon is unable to fetch the CRL from the url provided by the cert for some reason, CRL checking fails and authentication continues. I've provided a local copy of the CRL in /etc/ipsec.d, but it seems to never get checked. I've verified the local CRL has been loaded; both from syslog entries when the strongswan service is is started, and from 'ipsec listcrls'. Thanks, Zach _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
