[Openswan Users] Question about CRL

Chen, Xuli (James) chenja at avaya.com
Tue Apr 12 17:01:26 EDT 2011


Thanks Paul. I'll do further evaluation before submit the report.

Best Regards,
James

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Tuesday, April 12, 2011 4:59 PM
To: Chen, Xuli (James)
Cc: users at openswan.org
Subject: RE: Question about CRL

On Tue, 12 Apr 2011, Chen, Xuli (James) wrote:

> Base on my tests, openswan will not bring the connections up and keeps complain the revoked certificate. Would this be a bug?

If so, yes. I would expect revoking a revocation to work without a restart.

Please file a bug report on bugs.openswan.org

Paul

> Thanks,
> James
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Tuesday, April 12, 2011 3:02 PM
> To: Chen, Xuli (James)
> Cc: users at openswan.org
> Subject: Re: Question about CRL
>
> On Tue, 12 Apr 2011, Chen, Xuli (James) wrote:
>
>> If ipsec certificate is revoked in CRL, as expected openswan tears down connection. After this, will openswan bring the connection up if the CRL is updated to not revoke the certificate again?
>
> It should. It has no "memory" of what is revoked other then what's in the loaded CRL.
>
> Paul
>


More information about the Users mailing list