[Openswan Users] Dynamic CRL fetching
saphira at bethlen.de
Fri Aug 20 11:17:35 CEST 2004
Paul Wouters <paul at xelerance.com> schrieb am 19.08.04 17:13:18:
> On Thu, 19 Aug 2004, Gregor Bethlen wrote:
> > I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).
> > I putted
> > crlcheckinterval=600
> > in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install
> Did you change Makefile.inc?
> I see USE_LIBCURL is missing from Makefile.inc. I've just added this in CVS.
OK, included HAVE_THREADS?=true, USE_LDAP?=true and USE_LIBCURL?=true.
Removed the old installation via make uninstall.
make programs && make install.
Stilll got the same result - openswan fetches no crls. pluto-debug tells me that he can read the CDP-entries in the certificate. But he doesn't fetch the crls.
Since the windows-roadwarrior fetches the crl via http, the crl can be accessed via http.
> > Is there another thing I must do to activate dynamic crl-fetching?
> You also need to have proper certificates. This normally means putting
> something in the /usr/share/ssl/openssl.cnf like:
> before generating any certificates.
> Let me know if this still doesn't trigger the fetching for you.
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193
More information about the Users