Hello,
I'm working on an embedded system which has an invalid date after startup. The systime-fix plugin helps that I can nevertheless connect successfully.
But I see that the systime rechecking has no time limit. E.g. I just want to allow Strongswan to ignore the Cert-Lifetimes for about 10min. After that I want to recheck the certificat and close the connection if the system clock is still invalid. Is it possible to offer this?
BTW. Do I understand this correctly:
The certificate lifetime is checked against local time at startup once, and the remote peer checks my cert also with his local time every time a connection is associated or a reauth is done? ....So trying to connect with an outdated certificate (client or server side) is not possible even if the systime-fix plugin is activated? (maybe only if both sides have systime-fix activated? - I couldn't try yet).
My second point is to allow to deactivate the lifetime check generally. Is this possible?
Thank you!
br Peter
