Thanks -----Original Message----- From: Tobias Brunner <[email protected]> Sent: Thursday, May 09, 2019 9:26 AM To: Modster, Anthony <[email protected]>; [email protected] Cc: Amare, Mesfin <[email protected]> Subject: Re: [strongSwan] charon and CRL loading
---External Email--- Hi Anthony, > If a CRL comes in, then I think we would need to do the following: > 1. create "authorities section" "crl_uirs = fill:///xxx" in > swanctl.conf 2. --load-authorities 3. --load-creds You don't need step 3 if you use file URIs, the CRL is fetched dynamically during authentication (if you update the CRL, while the old one is still valid for a while, you need to flush the cache, as pointed out before). And if you, alternatively, store the CRL in x509crl then you only need step 3 (and, again, perhaps flush the cache). Regards, Tobias
