[Openswan Users] Dynamic CRL fetching
Gregor Bethlen
saphira at bethlen.de
Thu Aug 19 18:32:22 CEST 2004
Hello Paul,
Paul Wouters schrieb am 19.08.04 17:13:18:
>
> On Thu, 19 Aug 2004, Gregor Bethlen wrote:
>
> > I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).
> >
> > I putted
> >
> > crlcheckinterval=600
> >
> > in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install
>
> Did you change Makefile.inc?
>
> HAVE_THREADS=true
> USE_LDAP=true
> USE_LIBCURL=true
>
Dumdidumdidum, nope, I didn't have that ... OK, that explains a lot ... Maybe it's a VERY good idea to put this in the documentation (maybe README.x509).
> I see USE_LIBCURL is missing from Makefile.inc. I've just added this in CVS.
>
> > Is there another thing I must do to activate dynamic crl-fetching?
>
> You also need to have proper certificates. This normally means putting
> something in the /usr/share/ssl/openssl.cnf like:
>
> crlDistributionPoints=URI:http://crl.xelerance.net/crl.pem
>
> before generating any certificates.
>
Jepp, have this.
> Let me know if this still doesn't trigger the fetching for you.
>
OK, I'll try it tomorrow.
One last question: I think I need some ldap-credentials to connect to the ldap-server. May I ask where to set this?
Thank you for your answer,
Gregor
>
> Paul
>
_______________________________________________________
WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern
Informationen unter: http://freemail.web.de/?mc=021199
More information about the Users
mailing list