[Openswan Users] Dynamic CRL fetching

Paul Wouters paul at xelerance.com
Fri Aug 20 12:15:01 CEST 2004

On Fri, 20 Aug 2004, Gregor Bethlen wrote:

> > > crlcheckinterval=600

> Stilll got the same result - openswan fetches no crls. pluto-debug tells me that he can read the CDP-entries in the certificate. But he doesn't fetch the crls.
> Since the windows-roadwarrior fetches the crl via http, the crl can be accessed via http.
> Any hints?

Set the crlcheckinterval to 10 and see what happens? It all also depend on
how long things are valid for. If you signed with a very long crl validity,
it won't be checking for a very long time. You can also add strictcrlpolicy=yes
to trigger immediate fetching at startup.

If that fails, I'll have to things out myself again. I haven't used this in
a long time, and unfortunately I didn't write a testcase for this, so we
don't have this feature in our nightly regression testing yet. 


More information about the Users mailing list