[Openswan Users] Dynamic CRL fetching

Paul Wouters paul at xelerance.com
Thu Aug 19 18:12:39 CEST 2004

On Thu, 19 Aug 2004, Gregor Bethlen wrote:

> I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).
> I putted
> crlcheckinterval=600
> in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install

Did you change Makefile.inc?


I see USE_LIBCURL is missing from Makefile.inc. I've just added this in CVS.

> Is there another thing I must do to activate dynamic crl-fetching?

You also need to have proper certificates. This normally means putting
something in the /usr/share/ssl/openssl.cnf like:


before generating any certificates.

Let me know if this still doesn't trigger the fetching for you.


More information about the Users mailing list