1 By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
2 both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
3 the connection and no current CRL is available, the Main Mode negotiation fails
4 and a http fetch to get the CRL from the web server <b>winnetou</b> is triggered.
5 When the second Main Mode trial comes around the fetched CRL will be available
6 but because the certificate presented by carol has been revoked,
7 the IKE negotatiation will fail.
projects / thirdparty / strongswan.git / blob