[Openswan Users] crlDistributionPoints

Paul Wouters paul at xelerance.com
Wed Jun 1 17:31:28 CEST 2005


On Wed, 1 Jun 2005, david wrote:

> When a host download a CRL from my Apache server, I cannot see any copy on the /etc/ipsec.d/crls directory . But if I make a  ipsec auto --listall, I can see the downloaded CRL !!
>
> So on the host, where is stored the downloaded copy of the CRL ?
> Is It normal that I have no copy on the /etc/ipsec.d/crls directory ?

That is normal. Pluto loads teh data in memory. The CRLs are not persistent
over restarts/reboots. The ipsec.d/crls direcotry is just another method for
loading crls into pluto. Since you use http, you do not need files in the
crls directory.

Though perhaps it is an idea to savethem there, to gain some sort of
persistency over reboots.

Paul


More information about the Users mailing list