Tobias Sorry (round 2) Item 2, using "authorities section" "crl_uirs = fill:///xxx" If the host does not have a CRL, then the "authorities section" will not be loaded by our host.
If a CRL comes in, then I think we would need to do the following: 1. create "authorities section" "crl_uirs = fill:///xxx" in swanctl.conf 2. --load-authorities 3. --load-creds -----Original Message----- From: Users <users-boun...@lists.strongswan.org> On Behalf Of Tobias Brunner Sent: Thursday, May 09, 2019 8:09 AM To: Modster, Anthony <anthony.mods...@teledyne.com>; users@lists.strongswan.org Cc: Amare, Mesfin <mesfin.am...@teledyne.com> Subject: Re: [strongSwan] charon and CRL loading ---External Email--- Hi Anthony, > Item 1, if a new CRL is copied to the x509crl directory, "authorities > section" not configured, ? will charon automatically re-load the CRL No, swanctl --load-creds has to be called explicitly. > Item 2, if a new CRL is copied to the "assigned location", and > "authorities section" "crl_uirs = fill:///xxx", ? will charon > automatically re-load the CRL Only if a previously fetched and cached version expired, or the cache has been flushed manually. Regards, Tobias