[Openswan Users] Dynamic CRL fetching

Paul Wouters paul at xelerance.com
Thu Aug 19 18:12:39 CEST 2004


On Thu, 19 Aug 2004, Gregor Bethlen wrote:

> I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).
> 
> I putted
> 
> crlcheckinterval=600
> 
> in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install

Did you change Makefile.inc?

HAVE_THREADS=true
USE_LDAP=true
USE_LIBCURL=true

I see USE_LIBCURL is missing from Makefile.inc. I've just added this in CVS.

> Is there another thing I must do to activate dynamic crl-fetching?

You also need to have proper certificates. This normally means putting
something in the /usr/share/ssl/openssl.cnf like:

crlDistributionPoints=URI:http://crl.xelerance.net/crl.pem

before generating any certificates.

Let me know if this still doesn't trigger the fetching for you.

Paul 



More information about the Users mailing list