[Openswan Users] crlDistributionPoints
david
ngc1976.m42 at caramail.com
Tue May 31 09:43:42 CEST 2005
Hi Andreas,
I am using openswan 2.3.1 (klips) and when I open the file /openswan/programs/pluto/Makefile,
I find no line to uncomment to allow the complilation of libcurl and pthreads.
It seems to me that libcurl and pthreads are already compiled...(?)
I have nothing for pthreads.
I have this for libcurl :
--------------------------------------------------------------------
ifeq ($ (USE_LIBCURL), true)
# This compile option activates dynamic URL fetching
# With LIBCURL in the source code
CURL_DEFS=-DLIBCURL
CURL_LIBS=-lcurl
endif
--------------------------------------------------------------------
I put crlcheckinterval=600 in the config setup of ipsec.conf and I let empty the ipsec.d/crls directory but the host never tries to reach my CRL on my Apache server.
what's wrong ?
thx
david
> Hi David,
>
> the following steps are required to enable crl fetching:
>
> - libcurl and pthreads support must be compiled into
> pluto by enabling the corresponding compile options.
>
> - the asynchronous crl fetching thread must be started
> by setting
>
> crlcheckinterval=600 # e.g. every 600 seconds
>
> in the config setup section of ipsec.conf
>
> - if there is no valid copy of the crl in /etc/ipsec.d/crls
> a fetching request to the http site is automatically started
> when the first certificate containing a CDP is received.
>
> Regards
>
> Andreas
Protek-on: CaraMail met en oeuvre un nouveau Concept de Sécurité Globale - www.caramail.com
More information about the Users
mailing list