[Openswan Users] Dynamic CRL fetching
Paul Wouters
paul at xelerance.com
Fri Aug 20 12:15:01 CEST 2004
On Fri, 20 Aug 2004, Gregor Bethlen wrote:
> > > crlcheckinterval=600
> Stilll got the same result - openswan fetches no crls. pluto-debug tells me that he can read the CDP-entries in the certificate. But he doesn't fetch the crls.
>
> Since the windows-roadwarrior fetches the crl via http, the crl can be accessed via http.
>
> Any hints?
Set the crlcheckinterval to 10 and see what happens? It all also depend on
how long things are valid for. If you signed with a very long crl validity,
it won't be checking for a very long time. You can also add strictcrlpolicy=yes
to trigger immediate fetching at startup.
If that fails, I'll have to things out myself again. I haven't used this in
a long time, and unfortunately I didn't write a testcase for this, so we
don't have this feature in our nightly regression testing yet.
Paul
More information about the Users
mailing list