[Openswan Users] Dynamic CRL fetching
Paul Wouters
paul at xelerance.com
Thu Aug 19 18:12:39 CEST 2004
On Thu, 19 Aug 2004, Gregor Bethlen wrote:
> I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).
>
> I putted
>
> crlcheckinterval=600
>
> in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install
Did you change Makefile.inc?
HAVE_THREADS=true
USE_LDAP=true
USE_LIBCURL=true
I see USE_LIBCURL is missing from Makefile.inc. I've just added this in CVS.
> Is there another thing I must do to activate dynamic crl-fetching?
You also need to have proper certificates. This normally means putting
something in the /usr/share/ssl/openssl.cnf like:
crlDistributionPoints=URI:http://crl.xelerance.net/crl.pem
before generating any certificates.
Let me know if this still doesn't trigger the fetching for you.
Paul
More information about the Users
mailing list