[Openswan Users] ocsp & openswan

Andreas Steffen andreas.steffen at strongsec.net
Tue Jun 14 18:12:21 CEST 2005


Hi David,

have you started the OCSP fetching thread by setting

config setup
      crlcheckinterval=600  # check every 10 minutes

in ipsec.conf ?

Regards

Andreas

david wrote:
> hi all,
> 
> I am trying to use the OCSP protocol to check the validity of my certificates.
> So I have downloaded the libcurl-devel package providing curl headers,
> I have set USE_LIBCURL to true and HAVE_THREAD to true.
> 
> And when my CA sign a certificate it adds the following extension on
> the certificates:
> Authority Information Access :
> OCSP - URI:http://195.212.109.202
> 
> this is the address where my OCSP server is running.
> 
> So when I manually ask for the validity of a certificate to the OCSP
> server , it responds correctly.
> 
> But, when I try manually to establish A VPN with the certificates the
> ocsp server is not asked.
> 
> is it normal?
> is there an ocsp client in pluto or not ?
> does this check can only be done by a web browser ?
> 
> david
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users


-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


More information about the Users mailing list