[Openswan Users] Dynamic CRL fetching
Gregor Bethlen
saphira at bethlen.de
Fri Aug 20 11:17:35 CEST 2004
Hello,
Paul Wouters <paul at xelerance.com> schrieb am 19.08.04 17:13:18:
>
> On Thu, 19 Aug 2004, Gregor Bethlen wrote:
>
> > I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).
> >
> > I putted
> >
> > crlcheckinterval=600
> >
> > in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install
>
> Did you change Makefile.inc?
>
> HAVE_THREADS=true
> USE_LDAP=true
> USE_LIBCURL=true
>
> I see USE_LIBCURL is missing from Makefile.inc. I've just added this in CVS.
>
OK, included HAVE_THREADS?=true, USE_LDAP?=true and USE_LIBCURL?=true.
Removed the old installation via make uninstall.
make programs && make install.
Stilll got the same result - openswan fetches no crls. pluto-debug tells me that he can read the CDP-entries in the certificate. But he doesn't fetch the crls.
Since the windows-roadwarrior fetches the crl via http, the crl can be accessed via http.
Any hints?
Thanks,
Gregor
> > Is there another thing I must do to activate dynamic crl-fetching?
>
> You also need to have proper certificates. This normally means putting
> something in the /usr/share/ssl/openssl.cnf like:
>
> crlDistributionPoints=URI:http://crl.xelerance.net/crl.pem
>
> before generating any certificates.
>
> Let me know if this still doesn't trigger the fetching for you.
>
> Paul
>
________________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193
More information about the Users
mailing list